| --- |
| features: |
| - | |
| Patrole now offers support for multiple policies. The ``rules`` argument |
| has been added to the ``rbac_rule_validation.action`` decorator, which |
| takes a list of policy names which Patrole will use to determine the |
| expected test result. This allows Patrole to more accurately determine |
| whether RBAC is configured correctly, since some API endpoints enforce |
| multiple policies. |
| |
| Multiple policy support includes the capability to specify multiple |
| expected error codes, as some components may return different error codes |
| for different roles due to checking multiple policy rules. The |
| ``expected_error_codes`` argument has been added to the |
| ``rbac_rule_validation.action`` decorator, which is a list of error codes |
| expected when the corresponding rule in the ``rules`` list is disallowed |
| to perform the API action. For this reason, the error codes in the |
| ``expected_error_codes`` list must appear in the same order as their |
| corresponding rules in the ``rules`` list. For example: |
| |
| expected_error_codes[0] is the error code for the rules[0] rule. |
| expected_error_codes[1] is the error code for the rules[1] rule. |
| ... |
| |
| deprecations: |
| - | |
| The ``rule`` argument in the ``rbac_rule_validation.action`` decorator has |
| been deprecated in favor of ``rules``. |
| |
| The ``expected_error_code`` argument in the ``rbac_rule_validation.action`` |
| decorator has been deprecated in favor of ``expected_error_codes``. |