Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / f9ace2b0a5fa61ae84a562e5afa04c02b0ddbd5a^! / . / doc / source / testing.rst
commitf9ace2b0a5fa61ae84a562e5afa04c02b0ddbd5a[log] [tgz]
authorFelipe Monteiro <felipe.monteiro@att.com>Tue Feb 27 09:43:51 2018 -0500
committerFelipe Monteiro <felipe.monteiro@att.com>Tue Mar 13 15:06:20 2018 +0000
tree0520d4ddcbbd511a63c754ad5c2a0a3e61564eef
parent938471ba9e0d1a0de617aa0068b6242eb677ebcf [diff] [blame]
[docs] Add information about supported & stable tests

This is to add documentation about the stability and correctness
of current RBAC tests in Patrole and briefly lay out a roadmap
for test stability.

Change-Id: I9e519d199b30c43e6e75d49aadc0c700a63c087c

diff --git a/doc/source/testing.rst b/doc/source/testing.rst
new file mode 100644
index 0000000..d61c78d
--- /dev/null
+++ b/doc/source/testing.rst

@@ -0,0 +1,51 @@
+.. _patrole-testing:
+
+===============
+Patrole Testing
+===============
+
+Testing Scope
+=============
+
+Patrole testing scope is strictly confined to Role-Based Access Control
+(RBAC). In OpenStack, ``oslo.policy`` is the RBAC library used by all
+major services. Thus, Patrole is concerned with validating that public API
+endpoints are correctly using ``oslo.policy`` for authorization.
+
+In other words, all tests in Patrole are RBAC tests.
+
+Stable Tests
+============
+
+In the discussion below, "correct" means that a test is consistent with
+a service's API-to-policy mapping and "stable" means that a test should
+require minimal maintenance for the supported releases.
+
+Present
+-------
+
+During the Queens release, a `governance spec`_ was pushed to support policy
+in code, which documents the mapping between APIs and each of their policies.
+
+This documentation is an important prerequisite for ensuring that Patrole
+tests for a given service are correct. This mapping can be referenced to
+confirm that Patrole's assumed mapping for a test is correct. For
+example, Nova has implemented policy in code which can be used to verify
+that Patrole's Nova RBAC tests use the same mapping.
+
+If a given service does not have policy in code, this implies that it is
+*more likely* that the RBAC tests for that service are inconsistent with the
+*intended* policy mapping. Until that service implements policy in code, it
+is difficult for Patrole maintainers to verify that tests for that service
+are correct.
+
+Future
+------
+
+Once all services that Patrole tests have implemented policy in code --
+and once Patrole has updated all its tests in accordance with the policy in
+code documentation -- then Patrole tests can guaranteed to be stable.
+
+This stability will be denoted with a 1.0 version release.
+
+.. _governance spec: https://governance.openstack.org/tc/goals/queens/policy-in-code.html