Patrole project is not active anymore and its gate is broken.
We waited for couple of cycle to see if there is any interest
in this project and anyone can maintain it. But we did not get any
new maintainers and current QA team does not have bandwidth/interest
to continue maintaining it.
This project was for RBAc testing which is moving towards unit/functional
tests on service side as well as tempest plugins tests.
In QA 2023.2 PTG, we decided to retire this project
- https://etherpad.opendev.org/p/qa-bobcat-ptg
Change-Id: I7721cf06104e5871ec27cdd87d4608dace60a8b7
This PS updates Tempest to 30.0.0. Due to
55414580c2
some refactoring was required around wait_for_interface_detach.
Additionally, the variables:
min_microversion
max_microversion
needed to be renamed to:
volume_min_microversion
volume_max_microversion
for volume related tests. See:
https://review.opendev.org/c/openstack/tempest/+/813676
Change-Id: Ie2183fdd2812d5d2fdfdc0815bf96e5c47a9f1e8
There are few requirement which are not needed to be part
of test_requirements.txt and requirements.txt
Change-Id: Iaa182b3c2c5dfa12e5e9302527fff9cc695de481
Update test-requirements.txt to use latest version of:
* hacking
Enable the following off-by-default checks:
* [H203] Use assertIs(Not)None to check for None.
* [H204] Use assert(Not)Equal to check for equality.
* [H205] Use assert(Greater|Less)(Equal) for comparison.
* [H210] Require ‘autospec’, ‘spec’, or ‘spec_set’ in
mock.patch/mock.patch.object calls
* [H904] Delay string interpolations at logging calls.
Made necessary unit test changes to work with these checks.
Change-Id: I9db3445caa2883563fd7271d6bf0b24800e06c01
This patch removes urrlib3 and requests from the requirements.txt
file so that the CentOS Ceph gate will pass.
At the moment, yum tries to install python-urllib3 and throws errors
when it finds that urrlib3 files already exist (since they were
installed via pip).
This also breaks our periodic builds which, in turn, makes infra
quite displeased.
Change-Id: I85148daff49360980a58ff7b6a3e135214eb36fd
This patch:
- Adds hacking check to Patrole (executed via tox -e pep8)
- Corrects a few hacking errors
- Adds hacking documentation to Patrole
Change-Id: Id43e24060a5290df91c594df6a38ba0cb239bbaf
Currently, the rbac policy parser file tries to:
1) Read the custom policy file if it exists
2) Otherwise check if the default policy file exists in code
The problem with this approach is:
- What if the custom policy file does not specify all policy actions?
This is problematic when it comes to validating the policy action:
is it defined or not?
- This also holds true for default policy files which may not define
all the policy actions enforced by the service explicitly.
This patch partially fixes this issue by 1) using all the
default policy actions defined in code, if they exist and 2)
overwriting any default policy actions with the custom
policy actions provided by the user in a custom policy file.
The end result is that the Patrole framework uses as many policy actions
as possible for reference, while using as many custom-defined policy
actions as possible. This patch, therefore, makes it more feasible to
throw an exception if a policy action is invalid.
Change-Id: Idb6b8a99170fd32097940d5b23182f5e43956548
Depends-On: I7feb522b2ea5f56e48982169c7ebbb2ec2ef2cb3
Includes:
rbac_util - Utility for switching between roles for tests.
rbac_auth - Determines if a given role is valid for a given api call.
rbac_rule_validation - Determines if a allowed proper access and denied improper access (403 error)
rbac_role_converter - Converts policy.json files into a list of api's and the roles that can access them.
One example rbac_base in tests/api/rbac_base
One example test in tests/api/images/test_images_rbac.py
New config settings for rbac_flag, rbac_test_role, and rbac_roles
Implements bp: initial-framework
Co-Authored-By: Sangeet Gupta <sg774j@att.com>
Co-Authored-By: Rick Bartra <rb560u@att.com>
Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com>
Co-Authored-By: Anthony Bellino <ab2434@att.com>
Co-Authored-By: Avishek Dutta <ad620p@att.com>
Change-Id: Ic97b2558ba33ab47ac8174ae37629d36ceb1c9de