2.6 KiB
Patrole Style Commandments
- Step 1: Read the OpenStack Style Commandments: http://docs.openstack.org/developer/hacking/
- Step 2: Review Tempest's Style Commandments: https://docs.openstack.org/developer/tempest/HACKING.html
- Step 3: Read on
Patrole Specific Commandments
Patrole borrows the following commandments from Tempest; refer to Tempest's Commandments for more information:
Note
The original Tempest Commandments do not include Patrole-specific paths. Patrole-specific paths replace the Tempest-specific paths within Patrole's hacking checks.
- [T102] Cannot import OpenStack python clients in patrole_tempest_plugin/tests/api
- [T105] Tests cannot use setUpClass/tearDownClass
- [T106] vim configuration should not be kept in source files.
- [T107] Check that a service tag isn't in the module path
- [T108] Check no hyphen at the end of rand_name() argument
- [T109] Cannot use testtools.skip decorator; instead use
-
decorators.skip_because from tempest.lib
- [T113] Check that tests use data_utils.rand_uuid() instead of uuid.uuid4()
- [N322] Method's default argument shouldn't be mutable
The following are Patrole's specific Commandments:
- [P100] The
rbac_rule_validation.action
decorator must be applied to -
an RBAC test (the check fails if the decorator is not one of the two decorators directly above the function declaration)
- [P100] The
- [P101] RBAC test filenames must end with "_rbac.py"; for example,
-
test_servers_rbac.py, not test_servers.py
- [P102] RBAC test class names must end in 'RbacTest'
Role Switching
Correct role switching is vital to correct RBAC testing within
Patrole. If a test does not call rbac_utils.switch_role
with toggle_rbac_role=True
within the RBAC test, then the
test is not a valid RBAC test: The API endpoint under test will
be performed with admin credentials, which is always wrong unless
CONF.rbac_test_role
is admin.
Note
Switching back to the admin role for setup and clean up is
automatically performed. Toggling switch_role
with
toggle_rbac_role=False
within the context of a test should
never be performed and doing so will likely result in an error
being thrown.
Patrole does not have a hacking check for role switching, but does
use a built-in mechanism for verifying that role switching is being
correctly executed across tests. If a test does not call
switch_role
with toggle_rbac_role=True
, then
an RbacResourceSetupFailed
exception will be raised.