Usage¶
RBAC (API) Tests¶
If Patrole is installed correctly, then the RBAC tests can be executed from inside the tempest root directory as follows:
$ tox -eall-plugin -- patrole_tempest_plugin.tests.api
To execute patrole tests for a specific module, run:
$ tox -eall-plugin -- patrole_tempest_plugin.tests.api.compute
Note
It is possible to run Patrole via tox -eall in order to run Patrole
isolated from other plugins. This can be accomplished by including the
installation of services that currently use policy in code – for example,
Nova and Keystone. For example:
$ tox -evenv-tempest -- pip install /opt/stack/patrole /opt/stack/keystone /opt/stack/nova
$ tox -eall -- patrole_tempest_plugin.tests.api
To change the role that the patrole tests are being run as, edit
rbac_test_role in the rbac section of tempest.conf:
[rbac]
rbac_test_role = Member
...
Note
The rbac_test_role is service-specific. Member, for example,
is an arbitrary role, but by convention is used to designate the default
non-admin role in the system. Most patrole tests should be run with
admin and Member roles. However, some services, like Heat, take
advantage of a role called heat_stack_user, as it appears frequently
in Heat’s policy.json.
For more information about the Member role, please see: https://ask.openstack.org/en/question/4759/member-vs-_member_/.
Unit Tests¶
Patrole includes unit tests for its RBAC framework. They can be run by executing:
$ tox -e py27
or:
$ tox -e py35
against the Python 3.5 interpreter.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.