patrole_tempest_plugin.rbac_exceptions module

exception patrole_tempest_plugin.rbac_exceptions.BasePatroleException(*args, **kwargs)[source]

Bases: tempest.lib.exceptions.TempestException

message = 'An unknown RBAC exception occurred'
exception patrole_tempest_plugin.rbac_exceptions.BasePatroleResponseBodyException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

message = 'Response body incomplete due to RBAC authorization failure'
exception patrole_tempest_plugin.rbac_exceptions.RbacEmptyResponseBody(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleResponseBodyException

Raised when a list or show action is empty following RBAC authorization failure.

message = 'The response body is empty due to policy enforcement failure.'
exception patrole_tempest_plugin.rbac_exceptions.RbacExpectedWrongException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when the expected exception does not match the actual exception raised, when both are instances of Forbidden or NotFound, indicating the test provides a wrong argument to expected_error_codes.

message = 'Expected %(expected)s to be raised but %(actual)s was raised instead. Actual exception: %(exception)s'
exception patrole_tempest_plugin.rbac_exceptions.RbacInvalidErrorCode(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

message = 'Unsupported error code passed in test'
exception patrole_tempest_plugin.rbac_exceptions.RbacInvalidServiceException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when an invalid service is passed to rbac_rule_validation decorator.

message = 'Attempted to test an invalid service'
exception patrole_tempest_plugin.rbac_exceptions.RbacMissingAttributeResponseBody(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleResponseBodyException

Raised when a list or show action is missing an attribute following RBAC authorization failure.

message = 'The response body is missing the expected %(attribute)s due to policy enforcement failure'
exception patrole_tempest_plugin.rbac_exceptions.RbacOverPermissionException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when the expected result is failure but the actual result is pass.

message = 'Unauthorized action was allowed to be performed'
exception patrole_tempest_plugin.rbac_exceptions.RbacOverrideRoleException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when override_role is used incorrectly or fails somehow.

Used for safeguarding against false positives that might occur when the expected exception isn’t raised inside the override_role context. Specifically, when:

  • override_role isn’t called

  • an exception is raised before override_role context

  • an exception is raised after override_role context

message = 'Override role failure or incorrect usage'
exception patrole_tempest_plugin.rbac_exceptions.RbacParsingException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

message = 'Attempted to test an invalid policy file or action'
exception patrole_tempest_plugin.rbac_exceptions.RbacPartialResponseBody(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleResponseBodyException

Raised when a list action only returns a subset of the available resources.

For example, admin can return more resources than member for a list action.

message = 'The response body only lists a subset of the available resources due to partial policy enforcement failure. Response body: %(body)s'
exception patrole_tempest_plugin.rbac_exceptions.RbacResourceSetupFailed(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

message = 'RBAC resource setup failed'
exception patrole_tempest_plugin.rbac_exceptions.RbacUnderPermissionException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when the expected result is pass but the actual result is failure.

message = 'Authorized action was not allowed to be performed'
exception patrole_tempest_plugin.rbac_exceptions.RbacValidateListException(*args, **kwargs)[source]

Bases: patrole_tempest_plugin.rbac_exceptions.BasePatroleException

Raised when override_role_and_validate_list is used incorrectly.

Specifically, when:

  • Neither resource_id nor resources is initialized

  • Both resource_id and resources are initialized

  • The ctx.resources variable wasn’t set in

    override_role_and_validate_list context.

message = 'Incorrect usage of override_role_and_validate_list: %(reason)s'