blob: 4ee847f72fcfc9b24153b5b828f5592771458210 [file] [log] [blame]
Felipe Monteiroeb197db2018-06-10 12:21:49 -04001Reviewing Patrole Code
2======================
3To start read the `OpenStack Common Review Checklist
4<https://docs.openstack.org/infra/manual/developers.html#peer-review>`_
5
6
7Ensuring code is executed
8-------------------------
9Any new test or change to an existing test has to be verified in the gate. This
10means that the first thing to check with any change is that a gate job actually
11runs it. Tests which aren't executed either because of configuration or skips
12should not be accepted.
13
14
15Execution time
16--------------
17Along with checking that the jobs log that a new test is actually executed,
18also pay attention to the execution time of that test. Patrole already runs
19hundreds of tests per job in its check and gate pipelines and it is important
20that the overall runtime of the jobs be constrained as much as possible.
21Consider applying the ``@decorators.attr(type='slow')``
22`test attribute decorator`_ to a test if its runtime is longer than 30 seconds.
23
24.. _test attribute decorator: https://docs.openstack.org/tempest/latest/HACKING.html#test-attributes
25
26
27Unit Tests
28----------
29For any change that adds new functionality to common functionality unit tests
30are required. This is to ensure we don't introduce future regressions and to
31test conditions which we may not hit in the gate runs.
32
33
34API Stability
35-------------
36Tests should only be added for published stable APIs. If a patch contains
37tests for an API which hasn't been marked as stable or for an API which
38doesn't conform to the `API stability guidelines
39<https://wiki.openstack.org/wiki/Governance/Approved/APIStability>`_ then it
40should not be approved.
41
42Similarly, tests should only be added for policies that are covered by
43`policy in code documentation
44<https://specs.openstack.org/openstack/keystone-specs/specs/keystone/pike/policy-in-code.html>`_.
45Any existing tests that test policies not covered by such documentation
46are either:
47
48* part of a service that has not yet migrated to policy in code; or
49* legacy in the sense that they were created prior to policy in code
50
51For the first bullet, the tests should not be considered stable, but should be
52kept around to maintain coverage. These tests are a best-effort attempt at
53offering RBAC test coverage for the service that has not yet migrated to
54policy in code.
55
56For the second bullet, the tests should be updated to conform to policy in
57code documentation, if applicable.
58
59
60Reject Copy and Paste Test Code
61-------------------------------
62When creating new tests that are similar to existing tests it is tempting to
63simply copy the code and make a few modifications. This increases code size and
64the maintenance burden. Such changes should not be approved if it is easy to
65abstract the duplicated code into a function or method.
66
67
68Tests overlap
69-------------
70When a new test is being proposed, question whether this feature is not already
71tested with Patrole. Patrole has more than 600 tests, spread amongst many
72directories, so it's easy to introduce test duplication.
73
74Test Duplication
75^^^^^^^^^^^^^^^^
76
77Test duplication means:
78
79* testing an API endpoint in more than one test
80* testing the same policy in more than one test
81
82For the first bullet, try to avoid calling the same API inside the
83``self.rbac_utils.override_role`` call.
84
85.. note::
86
87 If the same API is tested against different policies, consider combining
88 the different tests into only 1 test, that tests the API against all
89 the policies it enforces.
90
91For the second bullet, try to avoid testing the same policies across multiple
92tests.
93
94.. note::
95
96 This is not always possible since policy granularity doesn't exist for all
97 APIs. In cases where policy granularity doesn't exist, make sure that the
98 policy overlap only exists for the non-granular APIs that enforce the same
99 policy.
100
101
102Being explicit
103--------------
104When tests are being added that depend on a configurable feature or extension,
105polling the API to discover that it is enabled should not be done. This will
106just result in bugs being masked because the test can be skipped automatically.
107Instead the config file should be used to determine whether a test should be
108skipped or not. Do not approve changes that depend on an API call to determine
109whether to skip or not.
110
111
Felipe Monteiro42f7e1c2018-06-10 20:09:26 -0400112Multi-Policy Guidelines
113-----------------------
114
115Care should be taken when using multiple policies in an RBAC test. The
116following guidelines should be followed before deciding to add multiple
117policies to a Patrole test.
118
119.. _general-multi-policy-guidelines:
120
121General Multi-policy API Code Guidelines
122^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
123
124The list below enumerates guidelines beginning with those with the highest
125priority and ending with those with the lowest priority. A higher priority
126item takes precedence over lower priority items.
127
128#. Order the policies in the ``rules`` parameter chronologically with respect
129 to the order they're called by the API endpoint under test.
130#. Only use policies that map to the API by referencing the appropriate policy
131 in code documentation.
132#. Only include the minimum number of policies needed to test the API
133 correctly: don't add extraneous policies.
134#. If possible, only use policies that directly relate to the API. If the
135 policies are used across multiple APIs, try to omit it. If a "generic"
136 policy needs to be added to get the test to pass, then this is fair game.
137#. Limit the number of policies to a reasonable number, such as 3.
138
139Neutron Multi-policy API Code Guidelines
140^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
141
142Because Neutron can raise a 403 or 404 following failed authorization, Patrole
143uses the ``expected_error_codes`` parameter to accommodate this behavior.
144Each policy action enumerated in ``rules`` must have a corresponding entry
145in ``expected_error_codes``. Each expected error code must be either a 403 or a
146404, which indicates that, when policy enforcement fails for the corresponding
147policy action, that error code is expected by Patrole. For more information
148about these parameters, see :ref:`rbac-validation`.
149
150The list below enumerates additional multi-policy guidelines that apply in
151particular to Neutron. A higher priority item takes precedence over lower
152priority items.
153
154#. Order the expected error codes in the ``expected_error_codes`` parameter
155 chronologically with respect to the order each corresponding policy in
156 ``rules`` is authorized by the API under test.
157#. Ensure the :ref:`neutron-multi-policy-validation` is followed when
158 determining the expected error code for each corresponding policy.
159
160The same guidelines under :ref:`general-multi-policy-guidelines` should be
161applied afterward.
162
163
Felipe Monteiroeb197db2018-06-10 12:21:49 -0400164Release Notes
165-------------
166Release notes are how we indicate to users and other consumers of Patrole what
167has changed in a given release. There are certain types of changes that
168require release notes and we should not approve them without including a release
169note. These include but aren't limited to, any addition, deprecation or removal
170from the framework code, any change to configuration options (including
171deprecation), major feature additions, and anything backwards incompatible or
172would require a user to take note or do something extra.
173
174
175Deprecated Code
176---------------
177Sometimes we have some bugs in deprecated code. Basically, we leave it. Because
178we don't need to maintain it. However, if the bug is critical, we might need to
179fix it. When it will happen, we will deal with it on a case-by-case basis.
180
181
182When to approve
183---------------
184* Every patch needs two +2's before being approved.
185* It's OK to hold off on an approval until a subject matter expert reviews it.
186* If a patch has already been approved but requires a trivial rebase to merge,
187 you do not have to wait for a second +2, since the patch has already had
188 two +2's.