Duplicate testing for system scoped ACL testing

In order for us to understand if we're starting to break compatability with scope changes, we need to at least have some testing, someway, some place to provide insight. Hopefully, this should provide that insight by running the same API testing we run with by default. Once we have fully defined the scoped authenticaiton use requirements, we can begin to build the new test matrix, but this gives us a start. Change-Id: Ie12e2665c97326142b564b23603647ec9d97052c
2021-01-08 14:03:15 -08:00 · 2021-01-08 14:03:15 -08:00 · d4ddc213e9
commit d4ddc213e9
parent 606549c1c9
1 changed files with 16 additions and 0 deletions
--- a/ironic/tests/unit/api/test_acl.py
+++ b/ironic/tests/unit/api/test_acl.py
@ -246,3 +246,19 @@ class TestRBACModelBeforeScopes(TestACLBase):
    def test_rbac_legacy(self, **kwargs):
        self._check_skip(**kwargs)
        self._test_request(**kwargs)
+
+
+@ddt.ddt
+class TestRBACScoped(TestRBACModelBeforeScopes):
+    """Test Scoped ACL access using our existing access policy."""
+
+    def setUp(self):
+        super(TestRBACScoped, self).setUp()
+
+        cfg.CONF.set_override('enforce_scope', True, group='oslo_policy')
+        cfg.CONF.set_override('enforce_new_defaults', True,
+                              group='oslo_policy')
+        # NOTE(TheJulia): The purpose of this class is to execute the legacy
+        # RBAC tests with the new configuration, which forces us to
+        # explicity mark each test as a deprecated test later on. That
+        # funcationality will be added in a later patch when needed,