patrole_tempest_plugin.requirements_authority module¶

class patrole_tempest_plugin.requirements_authority.RequirementsAuthority(filepath=None, component=None)[source]¶

Bases: patrole_tempest_plugin.rbac_authority.RbacAuthority

A class that uses a custom requirements file to validate RBAC.

allowed(rule_name, roles)[source]¶

Checks if a given rule in a policy is allowed with given role.

Parameters:	rule_name (string) – Rule to be checked using provided requirements file specified by [patrole].custom_requirements_file. Must be a key present in this file, under the appropriate component. roles (List[string]) – Roles to validate against custom requirements file.
Returns:	True if role is allowed to perform rule_name, else False.
Return type:	bool
Raises:	RbacParsingException – If rule_name does not exist among the keyed policy names in the custom requirements file.

class patrole_tempest_plugin.requirements_authority.RequirementsParser(filepath)[source]¶

Bases: object

A class that parses a custom requirements file.

class Inner(filepath)[source]¶

Bases: object

static parse(component)[source]¶

Parses a requirements file with the following format:

<service_foo>:
  <api_action_a>:
    - <allowed_role_1>
    - <allowed_role_2>,<allowed_role_3>
    - <allowed_role_3>
  <api_action_b>:
    - <allowed_role_2>
    - <allowed_role_4>
<service_bar>:
  <api_action_c>:
    - <allowed_role_3>

Parameters:	component (str) – Name of the OpenStack service to be validated.
Returns:	The dictionary that maps each policy action to the list of allowed roles, for the given component.
Return type:	dict