| Felipe Monteiro | 7bc35dc | 2017-04-19 21:11:46 +0100 | [diff] [blame] | 1 | Patrole Style Commandments |
| 2 | ========================== |
| DavidPurcell | 663aedf | 2017-01-03 10:01:14 -0500 | [diff] [blame] | 3 | |
| gaozx | 6f663e0 | 2017-08-10 10:24:16 +0800 | [diff] [blame] | 4 | - Step 1: Read the OpenStack Style Commandments: `<https://docs.openstack.org/hacking/latest/>`__ |
| 5 | - Step 2: Review Tempest's Style Commandments: `<https://docs.openstack.org/tempest/latest/HACKING.html>`__ |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 6 | - Step 3: Read on |
| Felipe Monteiro | 7bc35dc | 2017-04-19 21:11:46 +0100 | [diff] [blame] | 7 | |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 8 | Patrole Specific Commandments |
| 9 | ------------------------------ |
| 10 | |
| 11 | Patrole borrows the following commandments from Tempest; refer to |
| gaozx | 6f663e0 | 2017-08-10 10:24:16 +0800 | [diff] [blame] | 12 | `Tempest's Commandments <https://docs.openstack.org/tempest/latest/HACKING.html>`__ |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 13 | for more information: |
| 14 | |
| 15 | .. note:: |
| 16 | |
| 17 | The original Tempest Commandments do not include Patrole-specific paths. |
| 18 | Patrole-specific paths replace the Tempest-specific paths within Patrole's |
| 19 | hacking checks. |
| 20 | .. |
| 21 | |
| 22 | - [T102] Cannot import OpenStack python clients in patrole_tempest_plugin/tests/api |
| 23 | - [T105] Tests cannot use setUpClass/tearDownClass |
| 24 | - [T106] vim configuration should not be kept in source files. |
| 25 | - [T107] Check that a service tag isn't in the module path |
| 26 | - [T108] Check no hyphen at the end of rand_name() argument |
| 27 | - [T109] Cannot use testtools.skip decorator; instead use |
| 28 | decorators.skip_because from tempest.lib |
| 29 | - [T113] Check that tests use data_utils.rand_uuid() instead of uuid.uuid4() |
| 30 | - [N322] Method's default argument shouldn't be mutable |
| 31 | |
| 32 | The following are Patrole's specific Commandments: |
| 33 | |
| 34 | - [P100] The ``rbac_rule_validation.action`` decorator must be applied to |
| Samantha Blanco | b6a9c21 | 2017-08-09 17:43:08 -0400 | [diff] [blame] | 35 | an RBAC test |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 36 | - [P101] RBAC test filenames must end with "_rbac.py"; for example, |
| 37 | test_servers_rbac.py, not test_servers.py |
| 38 | - [P102] RBAC test class names must end in 'RbacTest' |
| Samantha Blanco | cd87077 | 2017-05-22 14:23:17 -0400 | [diff] [blame] | 39 | - [P103] ``self.client`` must not be used as a client alias; this allows for |
| 40 | code that is more maintainable and easier to read |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 41 | |
| Felipe Monteiro | 1c8620a | 2018-02-25 18:52:22 +0000 | [diff] [blame^] | 42 | Role Overriding |
| 43 | --------------- |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 44 | |
| Felipe Monteiro | 1c8620a | 2018-02-25 18:52:22 +0000 | [diff] [blame^] | 45 | Correct role overriding is vital to correct RBAC testing within Patrole. If a |
| 46 | test does not call ``rbac_utils.override_role`` within the RBAC test, followed |
| 47 | by the API endpoint that enforces the expected policy action, then the test is |
| 48 | **not** a valid Patrole test: The API endpoint under test will be performed |
| 49 | with admin role, which is always wrong unless ``CONF.patrole.rbac_test_role`` |
| 50 | is also admin. |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 51 | |
| Felipe Monteiro | 1c8620a | 2018-02-25 18:52:22 +0000 | [diff] [blame^] | 52 | .. todo:: |
| Felipe Monteiro | 0854ded | 2017-05-05 16:30:55 +0100 | [diff] [blame] | 53 | |
| Felipe Monteiro | 1c8620a | 2018-02-25 18:52:22 +0000 | [diff] [blame^] | 54 | Patrole does not have a hacking check for role overriding, but one may be |
| 55 | added in the future. |