patrole

History

Rick Bartra 97fffede9e fix: admin, member, and reader gates broken Recent changes in Keystone to move trust enforcement [0] to default policies is currently breaking several voting gates in Patrole. This commit updates the trusts_rbac tests to account for these changes. Additionally, 'test_list_trusts' is updated so that it does indeed test 'identity:list_trusts'. If a 'trustor_user_id' or 'trustee_user_id' is passed into list_trusts() then a different policy action will be enforced. A future commit will add tests for the actions added here [1]. Added new feature flag called ``keystone_policy_enforcement_train`` under the configuration group ``[policy-feature-enabled]`` to make ``test_list_trusts`` test backwards compatible, test the current release, and test the correct policy action. The Keystone Trust API is enforced differently depending on passed arguments. The new feature flag is needed so that all the voting gates pass, otherwise the 'test_list_trusts' is not backwards compatible and would not test the correct policy action in the current release. [0] https://review.opendev.org/#/q/topic:trust-policies+(status:open+OR+status:merged) [1] https://review.opendev.org/#/c/675807/10/keystone/common/policies/trust.py Change-Id: Ia5661e12977b26e1c16f09a074d1a805263c6c22	2019-09-12 23:57:40 -04:00
..
notes	fix: admin, member, and reader gates broken	2019-09-12 23:57:40 -04:00
source	Add release notes page for version 0.6.0	2019-08-01 13:00:49 +00:00

Rick Bartra 97fffede9e fix: admin, member, and reader gates broken

Recent changes in Keystone to move trust enforcement [0] to default
policies is currently breaking several voting gates in Patrole.
This commit updates the trusts_rbac tests to account for these changes.

Additionally, 'test_list_trusts' is updated so that it does indeed test
'identity:list_trusts'. If a 'trustor_user_id' or 'trustee_user_id' is passed
into list_trusts() then a different policy action will be enforced. A future
commit will add tests for the actions added here [1].

Added new feature flag called ``keystone_policy_enforcement_train`` under
the configuration group ``[policy-feature-enabled]`` to make ``test_list_trusts``
test backwards compatible, test the current release, and test the correct policy
action. The Keystone Trust API is enforced differently depending on passed arguments.

The new feature flag is needed so that all the voting gates pass, otherwise the
'test_list_trusts' is not backwards compatible and would not test the correct
policy action in the current release.

[0] https://review.opendev.org/#/q/topic:trust-policies+(status:open+OR+status:merged)
[1] https://review.opendev.org/#/c/675807/10/keystone/common/policies/trust.py

Change-Id: Ia5661e12977b26e1c16f09a074d1a805263c6c22

2019-09-12 23:57:40 -04:00

notes

fix: admin, member, and reader gates broken

2019-09-12 23:57:40 -04:00

source

Add release notes page for version 0.6.0

2019-08-01 13:00:49 +00:00