Add switch role validation to Patrole framework
Currently, no role validation is performed when calling switch_role. This
is problematic for the following reasons:
- The only "validation" right now checks whether switchToRbacRole is None.
If so, None is returned. The validation used is nowhere near as robust
as it should be -- what if a string or int is passed in? -- and an error
should be thrown instead of silently returning None.
- If switch_role is called with the same boolean value twice, then the
rbac_role under test is never switched to: this should be detected
and flagged as an error.
- If switch_role is not called in a test, then an error should definitely
be thrown as well, because then the test may pass as a false positive.
Thus, it is essential that some kind of validation be added to the framework
so that switchToRbacRole is being used consistently correctly, especially
given that if it is used incorrectly, tests unrelated to the bug might be
impacted. This is because if switch_role is not executed consistently,
the rbac user performing the next action might have too many or too
few permissions.
Blueprint information
- Status:
- Complete
- Approver:
- Samantha Blanco
- Priority:
- Medium
- Drafter:
- Felipe Monteiro
- Direction:
- Needs approval
- Assignee:
- Felipe Monteiro
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Implemented
- Milestone target:
- None
- Started by
- Felipe Monteiro
- Completed by
- Felipe Monteiro
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add role-switching validation to Patrole framework.
