Merge "Remove invalid exception RbacConflictingPolicies"

2018-10-12 12:22:12 +00:00 · 2018-10-12 12:22:12 +00:00 · 7fa1f735fa
parent 517183edd3 8dd5f19901
commit 7fa1f735fa
4 changed files with 4 additions and 60 deletions
--- a/patrole_tempest_plugin/rbac_exceptions.py
+++ b/patrole_tempest_plugin/rbac_exceptions.py
@ -20,11 +20,6 @@ class BasePatroleException(exceptions.TempestException):
    message = "An unknown RBAC exception occurred"


-class RbacConflictingPolicies(BasePatroleException):
-    message = ("Conflicting policies preventing this action from being "
-               "performed.")
-
-
 class RbacMalformedResponse(BasePatroleException):
    message = ("The response body is missing the expected %(attribute)s due "
               "to policy enforcement failure.")
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@ -189,7 +189,6 @@ def action(service,
                    test_status = ('Error, %s' % (msg))
                    LOG.error(msg)
            except (expected_exception,
-                    rbac_exceptions.RbacConflictingPolicies,
                    rbac_exceptions.RbacMalformedResponse) as actual_exception:
                caught_exception = actual_exception
                test_status = 'Denied'
--- a/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
+++ b/patrole_tempest_plugin/tests/api/compute/test_server_rbac.py
@ -21,9 +21,7 @@ from tempest import config
 from tempest.lib.common.utils import data_utils
 from tempest.lib.common.utils import test_utils
 from tempest.lib import decorators
-from tempest.lib import exceptions

-from patrole_tempest_plugin import rbac_exceptions
 from patrole_tempest_plugin import rbac_rule_validation
 from patrole_tempest_plugin.tests.api.compute import rbac_base as base

@ -182,13 +180,7 @@ class ComputeServersRbacTest(base.BaseV2ComputeRbacTest):
    def test_update_server(self):
        new_name = data_utils.rand_name(self.__class__.__name__ + '-server')
        with self.rbac_utils.override_role(self):
-            try:
-                self.servers_client.update_server(self.server['id'],
-                                                  name=new_name)
-                waiters.wait_for_server_status(self.servers_client,
-                                               self.server['id'], 'ACTIVE')
-            except exceptions.ServerFault as e:
-                # Some other policy may have blocked it.
-                LOG.info("ServerFault exception caught. Some other policy "
-                         "blocked updating of server")
-                raise rbac_exceptions.RbacConflictingPolicies(e)
+            self.servers_client.update_server(self.server['id'],
+                                              name=new_name)
+        waiters.wait_for_server_status(self.servers_client,
+                                       self.server['id'], 'ACTIVE')
--- a/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
+++ b/patrole_tempest_plugin/tests/unit/test_rbac_rule_validation.py
@ -166,48 +166,6 @@ class RBACRuleValidationTest(BaseRBACRuleValidationTest):
            self.mock_test_args)
        self.assertRegex(mock_log.error.mock_calls[0][1][0], test_re)

-    @mock.patch.object(rbac_rv, 'LOG', autospec=True)
-    @mock.patch.object(rbac_rv, 'policy_authority', autospec=True)
-    def test_rule_validation_rbac_conflicting_policies_positive(
-            self, mock_authority, mock_log):
-        """Test RbacConflictingPolicies error is thrown without permission
-        passes.
-
-        Positive test case: if RbacConflictingPolicies is thrown and the user
-        is not allowed to perform the action, then this is a success.
-        """
-        mock_authority.PolicyAuthority.return_value.allowed.return_value =\
-            False
-
-        @rbac_rv.action(mock.sentinel.service, rules=[mock.sentinel.action])
-        def test_policy(*args):
-            raise rbac_exceptions.RbacConflictingPolicies()
-
-        mock_log.error.assert_not_called()
-
-    @mock.patch.object(rbac_rv, 'LOG', autospec=True)
-    @mock.patch.object(rbac_rv, 'policy_authority', autospec=True)
-    def test_rule_validation_rbac_conflicting_policies_negative(self,
-                                                                mock_authority,
-                                                                mock_log):
-        """Test RbacConflictingPolicies error is thrown with permission fails.
-
-        Negative test case: if RbacConflictingPolicies is thrown and the user
-        is allowed to perform the action, then this is an expected failure.
-        """
-        mock_authority.PolicyAuthority.return_value.allowed.return_value = True
-
-        @rbac_rv.action(mock.sentinel.service, rules=[mock.sentinel.action])
-        def test_policy(*args):
-            raise rbac_exceptions.RbacConflictingPolicies()
-
-        test_re = ("Role Member was not allowed to perform the following "
-                   "actions: \[%s\].*" % (mock.sentinel.action))
-        self.assertRaisesRegex(
-            rbac_exceptions.RbacUnderPermissionException, test_re, test_policy,
-            self.mock_test_args)
-        self.assertRegex(mock_log.error.mock_calls[0][1][0], test_re)
-
    @mock.patch.object(rbac_rv, 'LOG', autospec=True)
    @mock.patch.object(rbac_rv, 'policy_authority', autospec=True)
    def test_expect_not_found_but_raises_forbidden(self, mock_authority,