Deprecate use of v2 roles client in rbac_utils.py

This patch set deprecates use of the v2 roles client for role overriding operations. This is because the Keystone v2 API is deprecated and slated for removal, so Patrole's use of the v2 Tempest roles client is also deprecated and will be removed in a future release. Patrole will only support the v3 Tempest roles client for role overriding operations in the future. Change-Id: I9b201677cf8244b25f3cc8ea3b48a95b2b83b95e
2018-10-03 09:03:35 -05:00 · 2018-10-03 09:03:35 -05:00 · bf524fbcf5
parent 28c9c3a2c7
commit bf524fbcf5
3 changed files with 12 additions and 3 deletions
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@ -23,6 +23,7 @@ from oslo_utils import excutils
 from tempest import clients
 from tempest.common import credentials_factory as credentials
 from tempest import config
+from tempest.lib import exceptions as lib_exc

 from patrole_tempest_plugin import rbac_exceptions

@ -50,10 +51,11 @@ class RbacUtils(object):
        # Intialize the admin roles_client to perform role switching.
        admin_mgr = clients.Manager(
            credentials.get_configured_admin_credentials())
-        if test_obj.get_identity_version() == 'v3':
+        if CONF.identity_feature_enabled.api_v3:
            admin_roles_client = admin_mgr.roles_v3_client
        else:
-            admin_roles_client = admin_mgr.roles_client
+            raise lib_exc.InvalidConfiguration(
+                "Patrole role overriding only supports v3 identity API.")

        self.admin_roles_client = admin_roles_client
        self._override_role(test_obj, False)
--- a/patrole_tempest_plugin/tests/unit/fixtures.py
+++ b/patrole_tempest_plugin/tests/unit/fixtures.py
@ -69,12 +69,13 @@ class RbacUtilsFixture(fixtures.Fixture):
        self.useFixture(ConfPatcher(rbac_test_role='member', group='patrole'))
        self.useFixture(ConfPatcher(
            admin_role='admin', auth_version='v3', group='identity'))
+        self.useFixture(ConfPatcher(
+            api_v3=True, group='identity-feature-enabled'))

        test_obj_kwargs = {
            'os_primary.credentials.user_id': self.USER_ID,
            'os_primary.credentials.tenant_id': self.PROJECT_ID,
            'os_primary.credentials.project_id': self.PROJECT_ID,
-            'get_identity_version.return_value': 'v3'
        }
        self.mock_test_obj = mock.Mock(
            __name__='patrole_unit_test', spec=test.BaseTestCase,
--- a/releasenotes/notes/deprecate-roles-client-in-rbac-utils-087eda0658d18fa9.yaml
+++ b/releasenotes/notes/deprecate-roles-client-in-rbac-utils-087eda0658d18fa9.yaml
@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    Patrole will only support the v3 Tempest roles client for role
+    overriding operations. Support for the v2 version has been dropped
+    because the Keystone v2 API is slated for removal.