Fix gate for handling of deprecated rules and image client
oslo.policy has made the changes to not modify the rule check - https://review.opendev.org/c/openstack/oslo.policy/+/774112 Patrole code for handling the deprecated code needs to make changes to work with latest oslo policy. Also fix the image namespace clients to be admin which were recently changed in Tempest side - https://review.opendev.org/c/openstack/tempest/+/780108 Change-Id: I93d74d71a3e085ab4f08053db83354e86f3f2d14
This commit is contained in:
Ghanshyam Mann
Ghanshyam
parent
9ec7c46562
commit
f64b81ed69
|
|
@ -20,6 +20,7 @@ import os
|
||||||
|
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from oslo_policy import policy
|
from oslo_policy import policy
|
||||||
|
import pkg_resources
|
||||||
import stevedore
|
import stevedore
|
||||||
from tempest import config
|
from tempest import config
|
||||||
|
|
||||||
|
|
@ -183,10 +184,19 @@ class PolicyAuthority(RbacAuthority):
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
LOG.warn(deprecated_msg)
|
LOG.warn(deprecated_msg)
|
||||||
default.check = policy.OrCheck(
|
oslo_policy_version = pkg_resources.parse_version(
|
||||||
[policy._parser.parse_rule(cs) for cs in
|
pkg_resources.get_distribution("oslo.policy").version)
|
||||||
[default.check_str,
|
# NOTE(gmann): oslo policy 3.7.0 onwards does not allow to modify
|
||||||
deprecated_rule.check_str]])
|
# the Rule object check attribute.
|
||||||
|
required_version = pkg_resources.parse_version('3.7.0')
|
||||||
|
if oslo_policy_version >= required_version:
|
||||||
|
return policy.OrCheck([default.check, deprecated_rule.check])
|
||||||
|
else:
|
||||||
|
default.check = policy.OrCheck(
|
||||||
|
[policy._parser.parse_rule(cs) for cs in
|
||||||
|
[default.check_str,
|
||||||
|
deprecated_rule.check_str]])
|
||||||
|
return default.check
|
||||||
|
|
||||||
def get_rules(self):
|
def get_rules(self):
|
||||||
rules = policy.Rules()
|
rules = policy.Rules()
|
||||||
|
|
@ -226,9 +236,10 @@ class PolicyAuthority(RbacAuthority):
|
||||||
# NOTE (sergey.vilgelm):
|
# NOTE (sergey.vilgelm):
|
||||||
# The `DocumentedRuleDefault` object has no
|
# The `DocumentedRuleDefault` object has no
|
||||||
# `deprecated_rule` attribute in Pike
|
# `deprecated_rule` attribute in Pike
|
||||||
|
check = rule.check
|
||||||
if getattr(rule, 'deprecated_rule', False):
|
if getattr(rule, 'deprecated_rule', False):
|
||||||
self._handle_deprecated_rule(rule)
|
check = self._handle_deprecated_rule(rule)
|
||||||
rules[rule.name] = rule.check
|
rules[rule.name] = check
|
||||||
elif str(rule.check) != str(rules[rule.name]):
|
elif str(rule.check) != str(rules[rule.name]):
|
||||||
msg = ("The same policy name: %s was found in the "
|
msg = ("The same policy name: %s was found in the "
|
||||||
"policies files and in the code for service "
|
"policies files and in the code for service "
|
||||||
|
|
|
||||||
|
|
@ -18,4 +18,13 @@ from patrole_tempest_plugin import rbac_utils
|
||||||
|
|
||||||
class BaseV2ImageRbacTest(rbac_utils.RbacUtilsMixin,
|
class BaseV2ImageRbacTest(rbac_utils.RbacUtilsMixin,
|
||||||
image_base.BaseV2ImageTest):
|
image_base.BaseV2ImageTest):
|
||||||
pass
|
|
||||||
|
@classmethod
|
||||||
|
def setup_clients(cls):
|
||||||
|
super(BaseV2ImageRbacTest, cls).setup_clients()
|
||||||
|
cls.namespaces_client = cls.os_primary.namespaces_client
|
||||||
|
cls.resource_types_client = cls.os_primary.resource_types_client
|
||||||
|
cls.namespace_properties_client =\
|
||||||
|
cls.os_primary.namespace_properties_client
|
||||||
|
cls.namespace_objects_client = cls.os_primary.namespace_objects_client
|
||||||
|
cls.namespace_tags_client = cls.os_primary.namespace_tags_client
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue