patrole_tempest_plugin.rbac_authority module

class patrole_tempest_plugin.rbac_authority.RbacAuthority[source]

Bases: object

Class for validating whether a given role can perform a policy action.

Any class that extends RbacAuthority provides the logic for determining whether a role has permissions to execute a policy action.

abstract allowed(rule, role)[source]

Determine whether the role should be able to perform the API.

Parameters

  • rule – The name of the policy enforced by the API.

  • role – The role used to determine whether rule can be executed.

Returns

True if the role has permissions to execute rule, else False.