Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 029d8c31267758d60c7f28f81ddb27d25f2fdd65^! / . / patrole_tempest_plugin / rbac_exceptions.py
commit029d8c31267758d60c7f28f81ddb27d25f2fdd65[log] [tgz]
authorDavidPurcell <david.purcell@att.com>Fri Jan 06 15:27:41 2017 -0500
committerDavidPurcell <david.purcell@att.com>Fri Jan 13 11:37:30 2017 -0500
tree5a2daee0144ca4a7fb4d3d0db53ccd6e1f7b2854
parent663aedfe4619a278a3abd224bd4f0909e5d9dea7 [diff] [blame]
Initial functionality framework.
Includes:
rbac_util - Utility for switching between roles for tests.
rbac_auth - Determines if a given role is valid for a given api call.
rbac_rule_validation - Determines if a allowed proper access and denied improper access (403 error)
rbac_role_converter - Converts policy.json files into a list of api's and the roles that can access them.

One example rbac_base in tests/api/rbac_base
One example test in tests/api/images/test_images_rbac.py

New config settings for rbac_flag, rbac_test_role, and rbac_roles

Implements bp: initial-framework
Co-Authored-By: Sangeet Gupta <sg774j@att.com>
Co-Authored-By: Rick Bartra <rb560u@att.com>
Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com>
Co-Authored-By: Anthony Bellino <ab2434@att.com>
Co-Authored-By: Avishek Dutta <ad620p@att.com>

Change-Id: Ic97b2558ba33ab47ac8174ae37629d36ceb1c9de

diff --git a/patrole_tempest_plugin/rbac_exceptions.py b/patrole_tempest_plugin/rbac_exceptions.py
new file mode 100644
index 0000000..94e6bdd
--- /dev/null
+++ b/patrole_tempest_plugin/rbac_exceptions.py

@@ -0,0 +1,28 @@
+# Copyright 2017 AT&T Corp
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from tempest.lib import exceptions
+
+
+class RbacActionFailed (exceptions.ClientRestClientException):
+    message = "Rbac action failed"
+
+
+class RbacResourceSetupFailed (exceptions.TempestException):
+    message = "Rbac resource setup failed"
+
+
+class RbacOverPermission (exceptions.TempestException):
+    message = "Action performed that should not be permitted"