)]}' { "log": [ { "commit": "7293f0ee81da16c9a950c53a927eddd585fac71a", "tree": "62c798e6c126e39bff9950042940041a06816afc", "parents": [ "0e4fc01c2fa42e66af6547e6bd396c754e6d3b48", "47c43cb6ca9d675ceec958a878dd38218efc17aa" ], "author": { "name": "Zuul", "email": "zuul@review.openstack.org", "time": "Thu Nov 22 02:21:47 2018 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Nov 22 02:21:47 2018 +0000" }, "message": "Merge \"docs: Use sphinx-apidoc library for autodoc generation\"" }, { "commit": "47c43cb6ca9d675ceec958a878dd38218efc17aa", "tree": "4d81b48e2ff00f850ad724f2e50b79b9e3bf4912", "parents": [ "d771e34d2432b914827bbf51340ec9b756b5d82b" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Mon Nov 05 17:15:30 2018 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Nov 14 09:02:11 2018 -0600" }, "message": "docs: Use sphinx-apidoc library for autodoc generation\n\nThis package is used for automatic generation of autodoc\ndocumentation which offers the following advantages:\n\n* the Patrole framework for all modules is always built\n and kept up to date\n* it is isolated in its own page layout\n* it can still be linked to by other documentation pages\n easily\n\nChange-Id: I101557efe47293f88ee65b99275fdc8424c02e35\n" }, { "commit": "d02a8d836c560a3571b0a2f17f102e25bc7c5301", "tree": "ea06f52eac491355b12bd1890020259f249b242b", "parents": [ "a5f5590e2997fb2fbbb135cd2c38a9ef5bd4a5d2" ], "author": { "name": "Mykola Yakovliev", "email": "VegasQ@gmail.com", "time": "Tue Oct 30 21:35:20 2018 -0500" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Nov 08 14:44:09 2018 +0000" }, "message": "RequirementsAuthority multi role support enhancement\n\nThis patchset eliminates different behaviour between\npolicy_authority and requirements_authority.\n\nProblem description:\n\n`rbac_test_roles \u003d [member,]`\n\nPolicy authority:\n\n`update_port: role:member and role:viewer`\n\nResults in 403/False (we are member but not viewer).\n\nRequirements authority:\n\n```\nreq_auth:\n update_port:\n - member\n - viewer\n```\n\nResults in 200/True (member in update_port list).\n\nProposed solution:\n\nChange requirements_authority file sytax to support\ncomma separated roles to be considered as logical and.\n\nDepends-On: https://review.openstack.org/#/c/606110/\nChange-Id: I2e2a4a2020f5e85af15f1836d69386bc91a2d2ec\nCo-Authored-By: Felipe Monteiro \u003cfelipe.monteiro@att.com\u003e\n" }, { "commit": "e0f35503c90bee01666ee252689738c7c2042ce8", "tree": "fc80d222332c6925886acec96e4192d30636569d", "parents": [ "c38aca7587f526dbea4b3337b0a4822ae837d4ea" ], "author": { "name": "Mykola Yakovliev", "email": "VegasQ@gmail.com", "time": "Wed Sep 26 18:26:57 2018 -0500" }, "committer": { "name": "Mykola Yakovliev", "email": "myakovliev@mirantis.com", "time": "Wed Oct 31 20:45:13 2018 +0000" }, "message": "Multi role RBAC validation\n\nThis patchset replaces ``CONF.patrole.rbac_test_role`` with\n``CONF.patrole.rbac_test_roles``, where instead of single role\nwe can specify list of roles to be assigned to test user.\n\nChange-Id: Ia68bcbdbb523dfe7c4abd6107fb4c426a566ae9d\n" }, { "commit": "0170c998278da82d02ee7b8b1be05326f40e5025", "tree": "92d5b095620b429c9c0819cc9949170b5b5efc24", "parents": [ "91e33c6ef17af701ed230802da6eee256bcc4884" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Jul 31 20:10:05 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Oct 04 20:57:49 2018 +0100" }, "message": "docs: Add sections about context_is_admin/custom policy checks\n\nThis documentation adds oslo.policy/policy related information\nto Patrole RBAC documentation so users understand some limitations\nrelated to current implementation of oslo.policy in OpenStack\nand some limitations around edge case policy testing w.r.t custom\noslo.policy rulechecks.\n\n* Currently admin context policy rule is used to skip over oslo.policy\n authorization checks in many services -- this is important to note\n as this means Patrole can\u0027t properly validate admin against\n oslo.policy [0].\n* Currently it is not possible to test policy rules that rely on\n generic checks/oslo.policy checks defined in services themselves\n like Neutron\u0027s FieldCheck [1] as Patrole has no way of importing such\n code in order to get these checks registered.\n\n[0] https://github.com/openstack/neutron/blob/b4b725ade9e11aff80c6193cb4acd49f2aba012d/neutron/policy.py#L374\n[1] https://docs.openstack.org/neutron/pike/contributor/internals/policy.html#fieldcheck-verify-resource-attributes\n\nChange-Id: I0e375a11eb323d83b1ece1537dbd008633126eb3\n" }, { "commit": "26b7e09fd856d3ac921f110a0996267943a1a640", "tree": "cfb769d4ed72d321ed658a3f5c5d50d1b49e2aab", "parents": [ "787fbd72542c233a66309c1700fad9645d01a394" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Jul 27 22:15:27 2018 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Sep 23 15:24:35 2018 -0400" }, "message": "Add developer test writing guide for Patrole tests\n\nThis patch set doesn\u0027t really add new documentation but instead\nmoves documentation regarding RBAC testing guidelines and\nexamples out of framework/rbac_utils.rst and moves it into a\nseparate test_writing_guide.rst file located in the\n\"Developers\u0027 Guide\" section.\n\nThis is because this information is directly relevant to developers\nand should be included somewhere obvious where they can find it.\nIncluding important testing examples and guidelines in the framework\ndocumentation isn\u0027t too helpful.\n\nChange-Id: I6e975cbf1b86d356e9f5d623f81fbf293efcc42c\n" }, { "commit": "9358f74d8c958a1ce672a13f7ecc0eaf6032e448", "tree": "f18a3617a87a17d3d55d2446d4817b5007630f06", "parents": [ "337a574ad88b9158a77d18548b6fe809e4c8f353" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Sep 12 14:49:43 2018 -0600" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Sep 12 14:49:43 2018 -0600" }, "message": "Add :special-members: directive to automodule in docs\n\nThis patch set adds :special-members: [0] directive to automodule\ncommand in Patrole docs, in order to correctly render documentation\nlike [1] which is quite important. It won\u0027t show up without\nthis directive [2].\n\n[0] http://www.sphinx-doc.org/en/master/usage/extensions/autodoc.html#directives\n[1] https://github.com/openstack/patrole/blob/337a574ad88b9158a77d18548b6fe809e4c8f353/patrole_tempest_plugin/policy_authority.py#L37\n[2] https://docs.openstack.org/patrole/latest/framework/policy_authority.html#module-patrole_tempest_plugin.policy_authority\n\nChange-Id: I2a69f52e903f57cced3f5ace3ec6aab3620a4e63\n" }, { "commit": "f16b6b3a1df654cfc98256ab1dd92ad4e719c369", "tree": "d757fcb089c63b21c7fffd8db1f8fc94c6f6e942", "parents": [ "556094d276d79b7f320e5557aee93d7f029a1363" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Jun 28 19:32:59 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Fri Jun 29 04:51:33 2018 +0000" }, "message": "Update overpermission/underpermission rbac exceptions\n\nThis patchset updates rbac_exceptions by bringing the concept\nof under-permission and over-permission together. An over-permission\noccurs when an unauthorized role is allowed to perform an action\nand an under-permission occurs when an authorized role is not\nallowed to perform an action. Both of these are important failure\nscenarios.\n\nCurrent Patrole has an RbacOverPermission Exception but uses\na \"Forbidden\" as a pseudonym for the under-permission version\nbut this is not ideal for the following reasons:\n\n* Patrole can expect a 404 Not Found due to Neutron policy enforcement [0]\n* The naming is inconsistent with RbacOverPermission\n* It should have a Patrole wrapper exception (NotFound is used directly\n from Tempest)\n\nSo, this patchset:\n\n* renames RbacOverPermission to RbacOverPermissionException\n* replaces Forbidden exception with RbacUnderPermissionException\n* updates documentation, docstrings and unit tests\n\nIn addition, this patchset introduces a new exception called\nRbacExpectedWrongException which is raised when the expected\nexception does not match the actual exception and both are instances\nof 403 and 404, which means that the RBAC test uses the wrong\nexpected_error_codes.\n\nChange-Id: I681610448cbe0269f02c34ea6afaaaf29c306121\n" }, { "commit": "543f7b9b8a2ac880c9e86b1e916311721a05d33c", "tree": "691569f059be7d3d258e1c9aa70e2a69f6c5ea1c", "parents": [ "f50f6f1384040ee4a1fa806bb9a39bfd6cf429e5" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sun Jun 10 13:38:31 2018 -0400" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Jun 19 16:05:36 2018 -0400" }, "message": "docs: Add Patrole overview documentation\n\nThis patchset adds a Patrole overview documentation\nsection which is sorely needed. It combines the previous\nusage documentation into it.\n\nChange-Id: Ia7412f2e99f33fbdfd2e60ba54ffdba757d1f886\n" }, { "commit": "66d54a926674c1c60a2c0f3586b3dd6e938e2b89", "tree": "10f62e507af036b8bdc8b968b981516d59bb133a", "parents": [ "9f42552b1aeb615cc7c705156fe0392184e581e8" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu May 31 20:08:35 2018 +0100" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Sat Jun 09 00:30:30 2018 -0400" }, "message": "Docs: Add requirements authority module to documentation\n\nThis patchset includes documentation on the rbac_authority\nand the requirements_authority modules. In addition,\nthe documentation for the policy_authority module is\nexpanded. All 3 modules are explained together, explaining\nthat the rbac_authority module contains an abstract\nclass consumed by the classes in the other two modules.\n\nThe use cases for each validation approach is also included\nin the documentation.\n\nFinally, some documentation syntax issues are corrected.\n\nChange-Id: I33bbe2da67683faafd0749b687b99237ac815009\n" }, { "commit": "80b9aab7699d439f3ddc88787e626967b64bde44", "tree": "91eb55264315dd6d49ee259a7e8b3ef4ca22aa6d", "parents": [ "c5f039645d3853bf5f1f56ce283db82565e5d17e" ], "author": { "name": "Masayuki Igawa", "email": "masayuki@igawa.io", "time": "Tue Jan 09 17:00:45 2018 +0900" }, "committer": { "name": "Masayuki Igawa", "email": "masayuki@igawa.io", "time": "Tue Jan 09 17:05:09 2018 +0900" }, "message": "[docs] Fix weird indentation in documentation\n\nThis commit fixes weird indentations in the documentation. And this\ncommit also adds auto generated file `patrole.conf.sample` to\n.gitignore because we don\u0027t need to manage it in a git repository.\n\nChange-Id: Ic6816ad04675917bf81c9d172b09feb5f40a2829\n" }, { "commit": "144ec1efb1151b4c6efff170e8a4d78a6a481dd0", "tree": "7be948f039da5bc9a6d5e8eeba97672f37aa36b7", "parents": [ "496958fed07d2b12d0b54d3aaf3c5031a8b9c0b8" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Dec 26 17:38:11 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Tue Jan 02 22:42:10 2018 +0000" }, "message": "[docs] Update rbac_utils.rst documentation\n\nThis PS updates the rbac_utils.rst documentation to replace\noccurrences of switch_role (which has been deprecated) with\noverride_role. The documentation has also been updated to\ninclude correct and incorrect examples for how to use\nthe override_role contextmanager.\n\nChange-Id: Ia68a58267cda2c31af0e296aba32b2f949788fd7\n" }, { "commit": "c8ec1f6497f77f3685bf5883ecfc67642c4d08c8", "tree": "4007cc16cdbcbf7f2f594cb3bec3f3138d1ca324", "parents": [ "43ec81a4c57c64a117332849e4a1966c3feb3f25" ], "author": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Wed Nov 15 08:32:56 2017 +0000" }, "committer": { "name": "Felipe Monteiro", "email": "felipe.monteiro@att.com", "time": "Thu Nov 30 22:35:13 2017 +0000" }, "message": "Update documentation with rbac_utils details\n\nThis PS re-organizes the Patrole documentation for the framework.\nIt also adds documentation for rbac_utils.\n\nChange-Id: I7a512694e8173129a290dbfc99c1ad983c4addd9\n" } ] }