patrole_tempest_plugin.requirements_authority module¶

class patrole_tempest_plugin.requirements_authority.RequirementsAuthority(filepath=None, component=None)[source]¶

Bases: patrole_tempest_plugin.rbac_authority.RbacAuthority

A class that uses a custom requirements file to validate RBAC.

allowed(rule_name, roles)[source]¶

Checks if a given rule in a policy is allowed with given role.

Parameters

rule_name (string) – Rule to be checked using provided requirements file specified by [patrole].custom_requirements_file. Must be a key present in this file, under the appropriate component.
roles (List[string]) – Roles to validate against custom requirements file.

Returns

True if role is allowed to perform rule_name, else False.

Return type

bool

Raises

RbacParsingException – If rule_name does not exist among the keyed policy names in the custom requirements file.

class patrole_tempest_plugin.requirements_authority.RequirementsParser(filepath)[source]¶

Bases: object

A class that parses a custom requirements file.

class Inner(filepath)[source]¶: Bases: object

static parse(component)[source]¶

Parses a requirements file with the following format:

<service_foo>:
  <api_action_a>:
    - <allowed_role_1>
    - <allowed_role_2>,<allowed_role_3>
    - <allowed_role_3>
  <api_action_b>:
    - <allowed_role_2>
    - <allowed_role_4>
<service_bar>:
  <api_action_c>:
    - <allowed_role_3>

Parameters: component (str) – Name of the OpenStack service to be validated.
Returns: The dictionary that maps each policy action to the list of allowed roles, for the given component.
Return type: dict

patrole_tempest_plugin.requirements_authority module

patrole_tempest_plugin.requirements_authority module¶

patrole 0.14.1.dev2