Document rationale for protection testing in tempest
Bug #1926344 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tempest |
Confirmed
|
Low
|
Unassigned |
Bug Description
During the Xena PTG, we discussed the efforts to test secure RBAC in tempest [0].
We've always questioned if tempest is the right place for this sort of testing since it's configurable. At the same time, we've taken steps to remove the need for operators to re-invent the wheel for policy, and we're continuing to work towards that goal by adopting default roles and scope types from keystone.
It might be worthwhile to add a short section to the Tempest field guide that describes this level of testing and why it lives in tempest so that people aren't confused by it in the future.
To post a comment you must log in.
sounds reasonable