Patrole

Switch role using contextmanager for automatic role re-switch

Registered by Felipe Monteiro

By using a ``@contextmanager`` above ``switch_role`` role-switching can be streamlined. This approach offers the following
advantages:

  1) Role switching is performed in 1 class only. There is no
  need to call ``test_obj.switch_role(test_obj, toggle_rbac_role=False)``
  from ``rbac_rule_validation``. This de-coupling between both modules
  leads to cleaner, more readable code.
  2) Improves test code readability.
  3) Improve policy granularity.
  4) Simplifies interface.

Rather than doing:

    # setup code here
    rand_name = data_utils.rand_name(...)
    # ...
    # more setup code here
    self.rbac_utils.switch_role(self, toggle_rbac_role=True)
    # execute the test here

(Without newlines, this code is very hard to read.)

It can instead be possible to do:

    # setup code here
    rand_name = data_utils.rand_name(...)
    # ...
    # more setup code here
    with self.rbac_utils.override_role(self):
        # execute the test here
        # notice the indentation... visually it is easy to see
        # that this block here is where the role is switched
    # now we are back to admin credentials in case we still
    # need it in the test... this was not possible before w/o
    # calling ``switch_role`` yet again...
    waiters.wait_for_volume_status(self.volumes_client, ...)

Blueprint information

Status:
Complete
Approver:
Felipe Monteiro
Priority:
High
Drafter:
Felipe Monteiro
Direction:
Approved
Assignee:
Felipe Monteiro
Definition:
Approved
Series goal:
Accepted for 0.3.0
Implementation:
Implemented
Milestone target:
None
Started by
Ghanshyam Mann
Completed by
Ghanshyam Mann

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:rbac-utils-contextmanager,n,z

Addressed by: https://review.openstack.org/492335
    Role switch using contextmanager for automatic role re-switch

Gerrit topic: https://review.openstack.org/#q,topic:bp/rbac-utils-contextmanager,n,z

Addressed by: https://review.openstack.org/521703
    Base implementation of override_role for automatic role re-switch

Gerrit topic: https://review.openstack.org/#q,topic:override-role-migration,n,z

Addressed by: https://review.openstack.org/526953
    Migrate to override_role for compute module (part 1)

Addressed by: https://review.openstack.org/526962
    Migrate to override_role for compute module (part 2)

Addressed by: https://review.openstack.org/527214
    [TrivialFix] Use _override_role in rbac_rule_validation

Addressed by: https://review.openstack.org/529903
    Migrate to override_role for compute module (part 3)

Addressed by: https://review.openstack.org/530136
    [docs] Update rbac_utils.rst documentation

Addressed by: https://review.openstack.org/531464
    Migrate to override_role for identity module (part 1)

Addressed by: https://review.openstack.org/531471
    Migrate to override_role for identity module (part 2)

Addressed by: https://review.openstack.org/532413
    Migrate to override_role for image module (part 1)

Addressed by: https://review.openstack.org/532512
    Migrate to override_role for network tests

Addressed by: https://review.openstack.org/532536
    Migrate to override_role for network tests-2

Addressed by: https://review.openstack.org/532566
    Migrate to override_role for compute module (part 3)

Addressed by: https://review.openstack.org/532588
    Migrate to override_role for compute module (part 3)

Addressed by: https://review.openstack.org/532620
    Migrate to override_role for volume module (part 1)

Addressed by: https://review.openstack.org/532630
    Migrate to override_role for volume module (part 2)

Addressed by: https://review.openstack.org/532636
    Migrate to override_role for volume module (part 3)

Addressed by: https://review.openstack.org/532640
    Migrate to override_role for volume module (part 4)

Addressed by: https://review.openstack.org/532700
    Migrate to override_role for volume module (last)

Gerrit topic: https://review.openstack.org/#q,topic:damini_test_networks_multiprovider_rbac.py,n,z

Addressed by: https://review.openstack.org/532730
    Migrate to override_role for network multiprovider tests

Gerrit topic: https://review.openstack.org/#q,topic:my_local,n,z

Addressed by: https://review.openstack.org/532729
    Migrate to override_role for network port tests

Addressed by: https://review.openstack.org/532732
    Migrate to override_role for network metering tests

Addressed by: https://review.openstack.org/532737
    Migrate to override_role for volume module (part 3)

Addressed by: https://review.openstack.org/532745
    Migrate to override_role for network test_networks_rbac

Gerrit topic: https://review.openstack.org/#q,topic:bp/rbac-utils-contextmanage,n,z

Addressed by: https://review.openstack.org/532433
    Migrate to override_role for image module (part 2)

Addressed by: https://review.openstack.org/533515
    Migrate to override_role for network security group tests

Addressed by: https://review.openstack.org/534299
    Migrate to override_role for identity v2 module

Addressed by: https://review.openstack.org/535837
    override_role cleanup: Remove superfluous call in rbac_rule_validation

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.