Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / 8c04bd87800ff8c428b58f0d8b990689916eff9e^! / . / patrole_tempest_plugin / rbac_rule_validation.py
commit8c04bd87800ff8c428b58f0d8b990689916eff9e[log] [tgz]
authorChi Lo <cl566n@att.com>Fri Jun 01 16:21:50 2018 -0500
committerChi Lo <cl566n@att.com>Sun Sep 16 06:31:39 2018 -0500
tree3eee77c1e29d35190b8229976864915ba874a523
parent787fbd72542c233a66309c1700fad9645d01a394 [diff] [blame]
Add granularity for volume_extension:volume_type_encryption

Use granular rules:
volume_extension:volume_type_encryption:create
volume_extension:volume_type_encryption:delete
volume_extension:volume_type_encryption:update
volume_extension:volume_type_encryption:get

for the corresponding create, delete, update, and
get volume_type_encryption test cases.

Depends-On: Iba58e785df934d1c4175c0877d266193ac0167b7

Change-Id: Ie5159166505d9bee3e99ca0d51949f6391c569b9

diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index a7927fc..d3b057c 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py

@@ -38,8 +38,11 @@
 RBACLOG = logging.getLogger('rbac_reporting')
 
 
-def action(service, rule='', rules=None,
-           expected_error_code=_DEFAULT_ERROR_CODE, expected_error_codes=None,
+def action(service,
+           rule='',
+           rules=None,
+           expected_error_code=_DEFAULT_ERROR_CODE,
+           expected_error_codes=None,
            extra_target_data=None):
     """A decorator for verifying OpenStack policy enforcement.
 
@@ -72,16 +75,18 @@
     As such, negative and positive testing can be applied using this decorator.
 
     :param str service: An OpenStack service. Examples: "nova" or "neutron".
-    :param str rule: (DEPRECATED) A policy action defined in a policy.json file
-        or in code.
-    :param list rules: A list of policy actions defined in a policy.json file
+    :param rule: (DEPRECATED) A policy action defined in a policy.json file
+        or in code. Also accepts a callable that returns a policy action.
+    :type rule: str or callable
+    :param rules: A list of policy actions defined in a policy.json file
         or in code. The rules are logical-ANDed together to derive the expected
-        result.
+        result. Also accepts list of callables that return a policy action.
 
         .. note::
 
             Patrole currently only supports custom JSON policy files.
 
+    :type rules: list[str] or list[callable]
     :param int expected_error_code: (DEPRECATED) Overrides default value of 403
         (Forbidden) with endpoint-specific error code. Currently only supports
         403 and 404. Support for 404 is needed because some services, like
@@ -316,7 +321,11 @@
         for i in range(num_rules - num_ecs):
             exp_error_codes.append(_DEFAULT_ERROR_CODE)
 
-    return rules, exp_error_codes
+    evaluated_rules = [
+        r() if callable(r) else r for r in rules
+    ]
+
+    return evaluated_rules, exp_error_codes
 
 
 def _is_authorized(test_obj, service, rule, extra_target_data):