Browse Source

Fix gate for handling of deprecated rules and image client

oslo.policy has made the changes to not modify the
rule check
- https://review.opendev.org/c/openstack/oslo.policy/+/774112

Patrole code for handling the deprecated code needs to make
changes to work with latest oslo policy.

Also fix the image namespace clients to be admin which were
recently changed in Tempest side
- https://review.opendev.org/c/openstack/tempest/+/780108

Change-Id: I93d74d71a3e085ab4f08053db83354e86f3f2d14
changes/22/780622/6
Ghanshyam Mann 1 month ago
committed by Ghanshyam
parent
commit
f64b81ed69
2 changed files with 27 additions and 7 deletions
  1. +17
    -6
      patrole_tempest_plugin/policy_authority.py
  2. +10
    -1
      patrole_tempest_plugin/tests/api/image/rbac_base.py

+ 17
- 6
patrole_tempest_plugin/policy_authority.py View File

@ -20,6 +20,7 @@ import os
from oslo_log import log as logging
from oslo_policy import policy
import pkg_resources
import stevedore
from tempest import config
@ -183,10 +184,19 @@ class PolicyAuthority(RbacAuthority):
}
)
LOG.warn(deprecated_msg)
default.check = policy.OrCheck(
[policy._parser.parse_rule(cs) for cs in
[default.check_str,
deprecated_rule.check_str]])
oslo_policy_version = pkg_resources.parse_version(
pkg_resources.get_distribution("oslo.policy").version)
# NOTE(gmann): oslo policy 3.7.0 onwards does not allow to modify
# the Rule object check attribute.
required_version = pkg_resources.parse_version('3.7.0')
if oslo_policy_version >= required_version:
return policy.OrCheck([default.check, deprecated_rule.check])
else:
default.check = policy.OrCheck(
[policy._parser.parse_rule(cs) for cs in
[default.check_str,
deprecated_rule.check_str]])
return default.check
def get_rules(self):
rules = policy.Rules()
@ -226,9 +236,10 @@ class PolicyAuthority(RbacAuthority):
# NOTE (sergey.vilgelm):
# The `DocumentedRuleDefault` object has no
# `deprecated_rule` attribute in Pike
check = rule.check
if getattr(rule, 'deprecated_rule', False):
self._handle_deprecated_rule(rule)
rules[rule.name] = rule.check
check = self._handle_deprecated_rule(rule)
rules[rule.name] = check
elif str(rule.check) != str(rules[rule.name]):
msg = ("The same policy name: %s was found in the "
"policies files and in the code for service "


+ 10
- 1
patrole_tempest_plugin/tests/api/image/rbac_base.py View File

@ -18,4 +18,13 @@ from patrole_tempest_plugin import rbac_utils
class BaseV2ImageRbacTest(rbac_utils.RbacUtilsMixin,
image_base.BaseV2ImageTest):
pass
@classmethod
def setup_clients(cls):
super(BaseV2ImageRbacTest, cls).setup_clients()
cls.namespaces_client = cls.os_primary.namespaces_client
cls.resource_types_client = cls.os_primary.resource_types_client
cls.namespace_properties_client =\
cls.os_primary.namespace_properties_client
cls.namespace_objects_client = cls.os_primary.namespace_objects_client
cls.namespace_tags_client = cls.os_primary.namespace_tags_client

Loading…
Cancel
Save