patrole_tempest_plugin.policy_authority module

class patrole_tempest_plugin.policy_authority.PolicyAuthority(project_id, user_id, service, extra_target_data=None)[source]

Bases: patrole_tempest_plugin.rbac_authority.RbacAuthority

A class that uses oslo.policy for validating RBAC.

allowed(rule_name, roles)[source]

Checks if a given rule in a policy is allowed with given role.

Parameters
  • rule_name (string) – Policy name to pass to``oslo.policy``.

  • roles (List[string]) – List of roles to validate for authorization.

Raises

RbacParsingException – If rule_name does not exist in the cloud (in policy file or among registered in-code policy defaults).

classmethod discover_policy_files()[source]

Dynamically discover the policy file for each service in cls.available_services. Pick all candidate paths found out of the potential paths in [patrole] custom_policy_files.

get_rules()[source]
os_admin = None
classmethod validate_service(service)[source]

Validate whether the service passed to __init__ exists.