releasenotes/notes/implied-roles-96a307a2b9fa2a40.yaml - packaging/sources/patrole - Gitiles

 ---
 features:
   - |
     Supporting the role inference rules API gives Patrole an ability of testing
     role chains, when one role implies the second which can also imply the
     third:

       ``admin`` implies ``member`` implies ``reader``

     Now in a case of testing against an ``admin`` role (``[patole]
     rbac_test_roles`` = ``admin``) the ``rbac_rule_validation.action`` calls
     the ``rbac_utils.get_all_needed_roles`` function to extend the roles
     and validates a policy rule against the full list of possible roles:

       ["admin", "member", "reader"]

     Here is few examples:
         ["admin"] >> ["admin", "member", "reader"]
         ["member"] >> ["member", "reader"]
         ["reader"] >> ["reader"]
         ["custom_role"] >> ["custom_role"]
         ["custom_role", "member"] >> ["custom_role", "member", "reader"]
	---
	features:
	- \|
	Supporting the role inference rules API gives Patrole an ability of testing
	role chains, when one role implies the second which can also imply the
	third:

	``admin`` implies ``member`` implies ``reader``

	Now in a case of testing against an ``admin`` role (``[patole]
	rbac_test_roles`` = ``admin``) the ``rbac_rule_validation.action`` calls
	the ``rbac_utils.get_all_needed_roles`` function to extend the roles
	and validates a policy rule against the full list of possible roles:

	["admin", "member", "reader"]

	Here is few examples:
	["admin"] >> ["admin", "member", "reader"]
	["member"] >> ["member", "reader"]
	["reader"] >> ["reader"]
	["custom_role"] >> ["custom_role"]
	["custom_role", "member"] >> ["custom_role", "member", "reader"]