Merge "Address some rbac review feedback in merged patches"
This commit is contained in:
Zuul
Gerrit Code Review
commit
a2cc1baa86
@ -1,6 +1,6 @@
|
|||||||
==================================
|
===================================
|
||||||
Role Based Acces Control - Testing
|
Role Based Access Control - Testing
|
||||||
==================================
|
===================================
|
||||||
|
|
||||||
.. todo: This entire file is being added in to provide context for
|
.. todo: This entire file is being added in to provide context for
|
||||||
reviewers so we can keep in-line comments to the necessary points
|
reviewers so we can keep in-line comments to the necessary points
|
||||||
@ -8,7 +8,7 @@ Role Based Acces Control - Testing
|
|||||||
later patches, but it is also broad in nature attempting to provide
|
later patches, but it is also broad in nature attempting to provide
|
||||||
context to aid in review.
|
context to aid in review.
|
||||||
|
|
||||||
The Role Based Access control testing is a minor departure from the ironic
|
The Role Based Access control testing is a minor departure from the Ironic
|
||||||
standard pattern of entirely python based unit testing. In part this was done
|
standard pattern of entirely python based unit testing. In part this was done
|
||||||
for purposes of speed and to keep the declaration of the test context.
|
for purposes of speed and to keep the declaration of the test context.
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ one of the following error codes.
|
|||||||
* 403 - Forbidden - This tells us the policy worked as expected where
|
* 403 - Forbidden - This tells us the policy worked as expected where
|
||||||
access was denied.
|
access was denied.
|
||||||
* 404 - NotFound - This is typically when objects were not found. Before
|
* 404 - NotFound - This is typically when objects were not found. Before
|
||||||
ironic becomes scope aware, these are generally only in the drivers
|
Ironic becomes scope aware, these are generally only in the drivers
|
||||||
API endpoint's behavior. In System scope aware Project scoped
|
API endpoint's behavior. In System scope aware Project scoped
|
||||||
configuration, i.e. later RBAC tests, this will become the dominant
|
configuration, i.e. later RBAC tests, this will become the dominant
|
||||||
response for project scoped users as responding with a 403 if they
|
response for project scoped users as responding with a 403 if they
|
||||||
@ -74,7 +74,8 @@ and ``lessee`` having slightly different views of the universe.
|
|||||||
|
|
||||||
Some general rules apply
|
Some general rules apply
|
||||||
|
|
||||||
* Admins can do things
|
* Admins can do things, at least as far as their scope or rights apply.
|
||||||
|
Remember: owner and lessee admins are closer to System scoped Admin Members.
|
||||||
* Members can do some things, but not everything
|
* Members can do some things, but not everything
|
||||||
* Readers can always read, but as we get into sensitive data later on
|
* Readers can always read, but as we get into sensitive data later on
|
||||||
such as fields containing infrastucture internal addresses, these values
|
such as fields containing infrastucture internal addresses, these values
|
||||||
|
|||||||
@ -261,4 +261,4 @@ class TestRBACScoped(TestRBACModelBeforeScopes):
|
|||||||
# NOTE(TheJulia): The purpose of this class is to execute the legacy
|
# NOTE(TheJulia): The purpose of this class is to execute the legacy
|
||||||
# RBAC tests with the new configuration, which forces us to
|
# RBAC tests with the new configuration, which forces us to
|
||||||
# explicity mark each test as a deprecated test later on. That
|
# explicity mark each test as a deprecated test later on. That
|
||||||
# funcationality will be added in a later patch when needed,
|
# functionality will be added in a later patch when needed,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user