Update Patrole documentation
Updated Patrole documentation to reflect refactored base classes and framework. Change-Id: I418a98692dbe29824398c7589037ca547a61aca2
This commit is contained in:
parent
dafcee4b03
commit
94c9a474d4
13
README.rst
13
README.rst
@ -69,7 +69,7 @@ specific rule and OpenStack service. This is done before test execution inside
|
|||||||
the ``rbac_rule_validation.action`` decorator. Then, inside the test, the API
|
the ``rbac_rule_validation.action`` decorator. Then, inside the test, the API
|
||||||
that does policy enforcement for the same rule is called. The outcome is
|
that does policy enforcement for the same rule is called. The outcome is
|
||||||
compared against the result from oslo_policy and a pass or fail is determined
|
compared against the result from oslo_policy and a pass or fail is determined
|
||||||
as outlined above: :ref:`test-flows`.
|
as outlined above: `Test Flows`_.
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
@ -110,14 +110,15 @@ The workflow is as follows:
|
|||||||
#. After all of the logic above has executed inside the rbac decorator, the
|
#. After all of the logic above has executed inside the rbac decorator, the
|
||||||
test is executed. The test then sets up test-level resources, if necessary,
|
test is executed. The test then sets up test-level resources, if necessary,
|
||||||
with **admin** credentials implicitly. This is accomplished through
|
with **admin** credentials implicitly. This is accomplished through
|
||||||
``rbac_utils.switch_role(toggle_rbac_role=False)``: ::
|
``rbac_utils.switch_role(toggle_rbac_role=False)``, which is done as part of
|
||||||
|
client setup (inside the call to ``rbac_utils.RbacUtils``): ::
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def setup_clients(cls):
|
def setup_clients(cls):
|
||||||
super(BaseV2ComputeRbacTest, cls).setup_clients()
|
super(BaseV2ComputeRbacTest, cls).setup_clients()
|
||||||
cls.auth_provider = cls.os.auth_provider
|
cls.auth_provider = cls.os_primary.auth_provider
|
||||||
cls.rbac_utils = rbac_utils()
|
cls.rbac_utils = rbac_utils.RbacUtils(cls)
|
||||||
cls.rbac_utils.switch_role(cls, toggle_rbac_role=False)
|
...
|
||||||
|
|
||||||
This code has *already* executed when the test class is instantiated, because
|
This code has *already* executed when the test class is instantiated, because
|
||||||
it is located in the base rbac test class. Whenever ``cls.rbac_utils.switch_role``
|
it is located in the base rbac test class. Whenever ``cls.rbac_utils.switch_role``
|
||||||
@ -137,7 +138,7 @@ The workflow is as follows:
|
|||||||
|
|
||||||
Now the primary credential has the role specified by ``rbac_test_role``.
|
Now the primary credential has the role specified by ``rbac_test_role``.
|
||||||
|
|
||||||
#. The API endpoint in which policy enforcement of "os_compute_api:servers:stop"
|
#. The API endpoint in which policy enforcement of "os_compute_api:servers:stop"
|
||||||
is performed can now be called.
|
is performed can now be called.
|
||||||
|
|
||||||
.. note:
|
.. note:
|
||||||
|
Loading…
Reference in New Issue
Block a user