Bases: patrole_tempest_plugin.rbac_authority.RbacAuthority
A class that uses a custom requirements file to validate RBAC.
Checks if a given rule in a policy is allowed with given role.
rule_name (string) – Rule to be checked using provided requirements
file specified by [patrole].custom_requirements_file
. Must be
a key present in this file, under the appropriate component.
roles (List[string]) – Roles to validate against custom requirements file.
True if role
is allowed to perform rule_name
, else
False.
bool
RbacParsingException – If rule_name
does not exist among the
keyed policy names in the custom requirements file.
Bases: object
A class that parses a custom requirements file.
Bases: object
Parses a requirements file with the following format:
<service_foo>:
<api_action_a>:
- <allowed_role_1>
- <allowed_role_2>,<allowed_role_3>
- <allowed_role_3>
<api_action_b>:
- <allowed_role_2>
- <allowed_role_4>
<service_bar>:
<api_action_c>:
- <allowed_role_3>
component (str) – Name of the OpenStack service to be validated.
The dictionary that maps each policy action to the list
of allowed roles, for the given component
.
dict
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.