Merge "Move RbacAuthority class into separate module"
diff --git a/patrole_tempest_plugin/policy_authority.py b/patrole_tempest_plugin/policy_authority.py
index 6794afe..9499bf6 100644
--- a/patrole_tempest_plugin/policy_authority.py
+++ b/patrole_tempest_plugin/policy_authority.py
@@ -24,8 +24,8 @@
from tempest.common import credentials_factory as credentials
from tempest import config
+from patrole_tempest_plugin.rbac_authority import RbacAuthority
from patrole_tempest_plugin import rbac_exceptions
-from patrole_tempest_plugin.rbac_utils import RbacAuthority
CONF = config.CONF
LOG = logging.getLogger(__name__)
diff --git a/patrole_tempest_plugin/rbac_authority.py b/patrole_tempest_plugin/rbac_authority.py
new file mode 100644
index 0000000..294ecc5
--- /dev/null
+++ b/patrole_tempest_plugin/rbac_authority.py
@@ -0,0 +1,38 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+
+import six
+
+
+@six.add_metaclass(abc.ABCMeta)
+class RbacAuthority(object):
+ """Class for validating whether a given role can perform a policy action.
+
+ Any class that extends ``RbacAuthority`` provides the logic for determining
+ whether a role has permissions to execute a policy action.
+ """
+
+ @abc.abstractmethod
+ def allowed(self, rule, role):
+ """Determine whether the role should be able to perform the API.
+
+ :param rule: The name of the policy enforced by the API.
+ :param role: The role used to determine whether ``rule`` can be
+ executed.
+ :returns: True if the ``role`` has permissions to execute
+ ``rule``, else False.
+ """
diff --git a/patrole_tempest_plugin/rbac_utils.py b/patrole_tempest_plugin/rbac_utils.py
index 347f77f..2ef88ca 100644
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@@ -13,9 +13,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-import abc
from contextlib import contextmanager
-import six
import time
from oslo_log import log as logging
@@ -229,23 +227,3 @@
:returns: True if ``rbac_test_role`` is the admin role.
"""
return CONF.patrole.rbac_test_role == CONF.identity.admin_role
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RbacAuthority(object):
- """Class for validating whether a given role can perform a policy action.
-
- Any class that extends ``RbacAuthority`` provides the logic for determining
- whether a role has permissions to execute a policy action.
- """
-
- @abc.abstractmethod
- def allowed(self, rule, role):
- """Determine whether the role should be able to perform the API.
-
- :param rule: The name of the policy enforced by the API.
- :param role: The role used to determine whether ``rule`` can be
- executed.
- :returns: True if the ``role`` has permissions to execute
- ``rule``, else False.
- """
diff --git a/patrole_tempest_plugin/requirements_authority.py b/patrole_tempest_plugin/requirements_authority.py
index 2db12db..683a7eb 100644
--- a/patrole_tempest_plugin/requirements_authority.py
+++ b/patrole_tempest_plugin/requirements_authority.py
@@ -18,7 +18,7 @@
from tempest.lib import exceptions
-from patrole_tempest_plugin.rbac_utils import RbacAuthority
+from patrole_tempest_plugin.rbac_authority import RbacAuthority
LOG = logging.getLogger(__name__)