Address some rbac review feedback in merged patches

Some of the early test changes for the RBAC work have merged which is awesome, but a couple minor follow-up items should be addressed. They are so minor it doesn't really make sense to merge in with one of the patches in the chain. Change-Id: I85de4d953237f240c3c220f6a57169c633fb295f
2021-02-12 06:56:31 -08:00 · 2021-02-12 06:56:31 -08:00 · e3ccb9ec22
commit e3ccb9ec22
parent e77d1b553a
2 changed files with 8 additions and 7 deletions
--- a/doc/source/contributor/rbac-testing.rst
+++ b/doc/source/contributor/rbac-testing.rst
@ -1,6 +1,6 @@
-==================================
-Role Based Acces Control - Testing
-==================================
+===================================
+Role Based Access Control - Testing
+===================================

 .. todo: This entire file is being added in to provide context for
   reviewers so we can keep in-line comments to the necessary points
@ -8,7 +8,7 @@ Role Based Acces Control - Testing
   later patches, but it is also broad in nature attempting to provide
   context to aid in review.

-The Role Based Access control testing is a minor departure from the ironic
+The Role Based Access control testing is a minor departure from the Ironic
 standard pattern of entirely python based unit testing. In part this was done
 for purposes of speed and to keep the declaration of the test context.

@ -46,7 +46,7 @@ one of the following error codes.
 * 403 - Forbidden - This tells us the policy worked as expected where
        access was denied.
 * 404 - NotFound - This is typically when objects were not found. Before
-        ironic becomes scope aware, these are generally only in the drivers
+        Ironic becomes scope aware, these are generally only in the drivers
        API endpoint's behavior. In System scope aware Project scoped
        configuration, i.e. later RBAC tests, this will become the dominant
        response for project scoped users as responding with a 403 if they
@ -74,7 +74,8 @@ and ``lessee`` having slightly different views of the universe.

 Some general rules apply

-* Admins can do things
+* Admins can do things, at least as far as their scope or rights apply.
+  Remember: owner and lessee admins are closer to System scoped Admin Members.
 * Members can do some things, but not everything
 * Readers can always read, but as we get into sensitive data later on
  such as fields containing infrastucture internal addresses, these values
--- a/ironic/tests/unit/api/test_acl.py
+++ b/ironic/tests/unit/api/test_acl.py
@ -261,4 +261,4 @@ class TestRBACScoped(TestRBACModelBeforeScopes):
        # NOTE(TheJulia): The purpose of this class is to execute the legacy
        # RBAC tests with the new configuration, which forces us to
        # explicity mark each test as a deprecated test later on. That
-        # funcationality will be added in a later patch when needed,
+        # functionality will be added in a later patch when needed,