|  | .. _patrole-sampleconf: | 
|  |  | 
|  | Sample Configuration File | 
|  | ========================== | 
|  |  | 
|  | The following is a sample Patrole configuration for adaptation and use. | 
|  |  | 
|  | .. code-block:: ini | 
|  |  | 
|  | [patrole] | 
|  |  | 
|  | # The role that you want the RBAC tests to use for RBAC testing | 
|  | # This needs to be edited to run the test as a different role. | 
|  | rbac_test_role = Member | 
|  |  | 
|  | # Enables RBAC Tempest tests if set to True. Otherwise, they are | 
|  | # skipped. | 
|  | enable_rbac = True | 
|  |  | 
|  | # If set to True, tests throw a RbacParsingException for policies | 
|  | # not found in the policy file. Otherwise, they throw a skipException. | 
|  | strict_policy_check = False | 
|  |  | 
|  | # List of the paths to search for policy files. Each policy path assumes that | 
|  | # the service name is included in the path once. Also assumes Patrole is on the | 
|  | # same host as the policy files. The paths should be ordered by precedence, | 
|  | # with high-priority paths before low-priority paths. The first path that is | 
|  | # found to contain the service's policy file will be used. | 
|  | custom_policy_files = /etc/nova/policy.json,/etc/neutron/policy.json | 
|  |  | 
|  | # This option determines whether Patrole should run against a | 
|  | # `custom_requirements_file` which defines RBAC requirements. The | 
|  | # purpose of setting this flag to True is to verify that RBAC policy | 
|  | # is in accordance to requirements. The idea is that the | 
|  | # `custom_requirements_file` perfectly defines what the RBAC requirements | 
|  | # are. | 
|  | test_custom_requirements = False | 
|  |  | 
|  | # File path of the yaml file that defines your RBAC requirements. This | 
|  | # file must be located on the same host that Patrole runs on. The yaml | 
|  | # file should be written as follows: | 
|  | custom_requirements_file = patrole/requirements.txt | 
|  |  | 
|  | # DEPRECATED: The following config options set the location of the service's | 
|  | # policy file. For services that have their policy in code (e.g., Nova), | 
|  | # this would be the location of a custom policy.json, if one exists. | 
|  | cinder_policy_file = /etc/cinder/policy.json | 
|  | glance_policy_file = /etc/glance/policy.json | 
|  | keystone_policy_file = /etc/keystone/policy.json | 
|  | neutron_policy_file = /etc/neutron/policy.json | 
|  | nova_policy_file = /etc/nova/policy.json |