Initial functionality framework.
Includes:
rbac_util - Utility for switching between roles for tests.
rbac_auth - Determines if a given role is valid for a given api call.
rbac_rule_validation - Determines if a allowed proper access and denied improper access (403 error)
rbac_role_converter - Converts policy.json files into a list of api's and the roles that can access them.
One example rbac_base in tests/api/rbac_base
One example test in tests/api/images/test_images_rbac.py
New config settings for rbac_flag, rbac_test_role, and rbac_roles
Implements bp: initial-framework
Co-Authored-By: Sangeet Gupta <sg774j@att.com>
Co-Authored-By: Rick Bartra <rb560u@att.com>
Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com>
Co-Authored-By: Anthony Bellino <ab2434@att.com>
Co-Authored-By: Avishek Dutta <ad620p@att.com>
Change-Id: Ic97b2558ba33ab47ac8174ae37629d36ceb1c9de
diff --git a/tests/custom_rbac_policy.json b/tests/custom_rbac_policy.json
new file mode 100644
index 0000000..0e7466a
--- /dev/null
+++ b/tests/custom_rbac_policy.json
@@ -0,0 +1,14 @@
+{
+ "even_rule": "role:two or role:four or role:six or role:eight",
+ "odd_rule": "role:one or role:three or role:five or role:seven or role:nine",
+ "zero_rule": "role:zero",
+ "prime_rule": "role:one or role:two or role:three or role:five or role:seven",
+ "all_rule": "",
+
+ "policy_action_1": "rule:even_rule",
+ "policy_action_2": "rule:odd_rule",
+ "policy_action_3": "rule:zero_rule",
+ "policy_action_4": "rule:prime_rule",
+ "policy_action_5": "rule:all_rule",
+ "policy_action_6": "role:eight",
+}