patrole/releasenotes/notes/check-expected-errors-only-...

20 lines
820 B
YAML

---
features:
- |
Add new exception called ``RbacOverrideRoleException``. Used for
safeguarding against false positives that might occur when the expected
exception isn't raised inside the ``override_role`` context. Specifically,
when:
* ``override_role`` isn't called
* an exception is raised before ``override_role`` context
* an exception is raised after ``override_role`` context
fixes:
- |
Previously, the ``rbac_rule_validation.action`` decorator could catch
expected exceptions with no regard to where the error happened. Such
behavior could cause false-positive results. To prevent this from
happening from now on, if an exception happens outside of the
``override_role`` context, it will cause
``rbac_exceptions.RbacOverrideRoleException`` to be raised.