97fffede9e
Recent changes in Keystone to move trust enforcement [0] to default policies is currently breaking several voting gates in Patrole. This commit updates the trusts_rbac tests to account for these changes. Additionally, 'test_list_trusts' is updated so that it does indeed test 'identity:list_trusts'. If a 'trustor_user_id' or 'trustee_user_id' is passed into list_trusts() then a different policy action will be enforced. A future commit will add tests for the actions added here [1]. Added new feature flag called ``keystone_policy_enforcement_train`` under the configuration group ``[policy-feature-enabled]`` to make ``test_list_trusts`` test backwards compatible, test the current release, and test the correct policy action. The Keystone Trust API is enforced differently depending on passed arguments. The new feature flag is needed so that all the voting gates pass, otherwise the 'test_list_trusts' is not backwards compatible and would not test the correct policy action in the current release. [0] https://review.opendev.org/#/q/topic:trust-policies+(status:open+OR+status:merged) [1] https://review.opendev.org/#/c/675807/10/keystone/common/policies/trust.py Change-Id: Ia5661e12977b26e1c16f09a074d1a805263c6c22 |
||
---|---|---|
.. | ||
notes | ||
source |