40a15b5945
For fine-grained access control based on user and VNF information for API resources, this patch does the following things: 1.Add three comparison attributes of area, vendor, and tenant for the enhanced Tacker policy. 2.Convert special roles to API attributes in context. 3.Modify the API process to support Tacker policy authorize. 4.Add the Tacker policy filter to the list API processes. Implements: blueprint enhance-api-policy Change-Id: I5b4c39387860133a3bcf4544f18a6353c80773f6
231 lines
6.6 KiB
INI
231 lines
6.6 KiB
INI
[tox]
|
|
envlist = py39,py38,py36,pep8,docs
|
|
minversion = 3.18.0
|
|
ignore_basepython_conflict = True
|
|
|
|
[testenv]
|
|
basepython = python3
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
OS_LOG_CAPTURE={env:OS_LOG_CAPTURE:true}
|
|
OS_STDOUT_CAPTURE={env:OS_STDOUT_CAPTURE:true}
|
|
OS_STDERR_CAPTURE={env:OS_STDERR_CAPTURE:true}
|
|
passenv = TOX_CONSTRAINTS_FILE
|
|
usedevelop = True
|
|
allowlist_externals = rm
|
|
deps =
|
|
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.1}
|
|
-r{toxinidir}/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
stestr run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:functional]
|
|
setenv = {[testenv]setenv}
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional run --slowest {posargs}
|
|
|
|
[testenv:dsvm-functional]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional run --slowest --concurrency 2 {posargs}
|
|
|
|
[testenv:dsvm-functional-legacy]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/legacy run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-separated-nfvo]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_separated_nfvo run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-separated-nfvo-v2]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_separated_nfvo_v2 run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-kubernetes]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_kubernetes run --slowest --concurrency 2 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-v2]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_v2 run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-v2-ubuntu-focal]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_v2 run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-kubernetes-v2]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_kubernetes_v2 run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol_kubernetes_oidc_auth]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_kubernetes_oidc_auth run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-multi-tenant]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_multi_tenant run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-kubernetes-multi-tenant]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_kubernetes_multi_tenant run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-v2-az-retry]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_v2_az_retry run --slowest --concurrency 1 {posargs}
|
|
[testenv:dsvm-functional-enhanced-policy-sol]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_enhanced_policy/sol run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-enhanced-policy-sol-kubernetes]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_enhanced_policy/sol_kubernetes run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-functional-sol-https-v2]
|
|
setenv = {[testenv]setenv}
|
|
|
|
commands =
|
|
stestr --test-path=./tacker/tests/functional/sol_https_v2 run --slowest --concurrency 1 {posargs}
|
|
|
|
[testenv:dsvm-compliance-sol-api]
|
|
passenv =
|
|
{[testenv]passenv}
|
|
*_PROXY
|
|
commands_pre =
|
|
git clone https://forge.etsi.org/rep/nfv/api-tests.git
|
|
git -C api-tests checkout 2.6.1-fix-plu
|
|
pip install -U -r{envdir}/api-tests/requirements.txt
|
|
commands =
|
|
stestr --test-path={toxinidir}/tacker/tests/compliance --top-dir={toxinidir} run --slowest --concurrency 1 {posargs}
|
|
commands_post =
|
|
rm -rf api-tests
|
|
allowlist_externals =
|
|
git
|
|
rm
|
|
|
|
changedir = {envdir}
|
|
|
|
[testenv:debug]
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:debug-py36]
|
|
basepython = python3.6
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:debug-py39]
|
|
basepython = python3.9
|
|
commands = oslo_debug_helper {posargs}
|
|
|
|
[testenv:pep8]
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
-r{toxinidir}/test-requirements.txt
|
|
commands =
|
|
flake8
|
|
doc8 -e .rst doc/source/ CONTRIBUTING.rst HACKING.rst README.rst TESTING.rst
|
|
tacker-db-manage check_migration
|
|
allowlist_externals = bash
|
|
|
|
[testenv:i18n]
|
|
commands = python ./tools/check_i18n.py ./tacker
|
|
|
|
[testenv:docs]
|
|
allowlist_externals =
|
|
sphinx-build
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
sphinx-build -W -b html doc/source doc/build/html
|
|
oslopolicy-sample-generator --config-file=etc/tacker-policy-generator.conf
|
|
|
|
[testenv:api-ref]
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf api-ref/build
|
|
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
|
allowlist_externals = rm
|
|
|
|
[testenv:releasenotes]
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
|
|
[testenv:cover]
|
|
setenv =
|
|
PYTHON=coverage run --source tacker --parallel-mode
|
|
commands =
|
|
stestr run {posargs}
|
|
coverage combine
|
|
coverage html -d cover
|
|
coverage xml -o cover/coverage.xml
|
|
|
|
[testenv:venv]
|
|
commands = {posargs}
|
|
|
|
[flake8]
|
|
# E128 continuation line under-indented for visual indent
|
|
# N320 log messages does not translate
|
|
# W503 line break before binary operator
|
|
# W504 line break after binary operator
|
|
ignore = E128,N320,W503,W504
|
|
show-source = true
|
|
builtins = _
|
|
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,tools,.ropeproject
|
|
|
|
[hacking]
|
|
import_exceptions = tacker._i18n
|
|
|
|
[flake8:local-plugins]
|
|
extension =
|
|
N320 = checks:validate_log_translations
|
|
T301 = checks:no_log_warn
|
|
paths = ./tacker/hacking
|
|
|
|
[testenv:config-gen]
|
|
commands =
|
|
oslo-config-generator --config-file=etc/config-generator.conf
|
|
|
|
[testenv:genpolicy]
|
|
commands =
|
|
oslopolicy-sample-generator --config-file=etc/tacker-policy-generator.conf
|
|
|
|
[testenv:bindep]
|
|
# Do not install any requirements. We want this to be fast and work even if
|
|
# system dependencies are missing, since it's used to tell you what system
|
|
# dependencies are missing! This also means that bindep must be installed
|
|
# separately, outside of the requirements files, and develop mode disabled
|
|
# explicitly to avoid unnecessarily installing the checked-out repo too (this
|
|
# further relies on "tox.skipsdist = True" above).
|
|
deps = bindep
|
|
commands = bindep test
|