1 files changed, 44 insertions, 1 deletions

diff --git a/keystone-moon/keystone/tests/unit/test_policy.py b/keystone-moon/keystone/tests/unit/test_policy.py
index 2c0c3995..30df0b2b 100644
--- a/keystone-moon/keystone/tests/unit/test_policy.py
+++ b/keystone-moon/keystone/tests/unit/test_policy.py
@@ -14,6 +14,7 @@
 #    under the License.
 
 import json
+import os
 
 import mock
 from oslo_policy import policy as common_policy
@@ -223,6 +224,48 @@ class PolicyJsonTestCase(tests.TestCase):
         cloud_policy_keys = self._load_entries(
             tests.dirs.etc('policy.v3cloudsample.json'))
 
-        diffs = set(policy_keys).difference(set(cloud_policy_keys))
+        policy_extra_keys = ['admin_or_token_subject',
+                             'service_admin_or_token_subject',
+                             'token_subject', ]
+        expected_policy_keys = list(cloud_policy_keys) + policy_extra_keys
+        diffs = set(policy_keys).difference(set(expected_policy_keys))
 
         self.assertThat(diffs, matchers.Equals(set()))
+
+    def test_all_targets_documented(self):
+        # All the targets in the sample policy file must be documented in
+        # doc/source/policy_mapping.rst.
+
+        policy_keys = self._load_entries(tests.dirs.etc('policy.json'))
+
+        # These keys are in the policy.json but aren't targets.
+        policy_rule_keys = [
+            'admin_or_owner', 'admin_or_token_subject', 'admin_required',
+            'default', 'owner', 'service_admin_or_token_subject',
+            'service_or_admin', 'service_role', 'token_subject', ]
+
+        def read_doc_targets():
+            # Parse the doc/source/policy_mapping.rst file and return the
+            # targets.
+
+            doc_path = os.path.join(
+                tests.ROOTDIR, 'doc', 'source', 'policy_mapping.rst')
+            with open(doc_path) as doc_file:
+                for line in doc_file:
+                    if line.startswith('Target'):
+                        break
+                for line in doc_file:
+                    # Skip === line
+                    if line.startswith('==='):
+                        break
+                for line in doc_file:
+                    line = line.rstrip()
+                    if not line or line.startswith(' '):
+                        continue
+                    if line.startswith('=='):
+                        break
+                    target, dummy, dummy = line.partition(' ')
+                    yield six.text_type(target)
+
+        doc_targets = list(read_doc_targets())
+        self.assertItemsEqual(policy_keys, doc_targets + policy_rule_keys)