Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / patrole / bab9e9467ce8bba3ce001414221e72cae8267d9d
commitbab9e9467ce8bba3ce001414221e72cae8267d9d[log] [tgz]
authorSergey Vilgelm <sergey@vilgelm.info>Thu Oct 11 14:04:48 2018 -0500
committerSergey Vilgelm <sergey@vilgelm.info>Wed Nov 14 12:58:52 2018 -0600
tree87eb21da37b3e9ac14b382bc1de4d6175d2416cf
parent0464e81c98b1d71d0bd42ce520013cd0ac1c8bac [diff]
Helper for validating RBAC list actions

List RBAC actions typically perform soft authorization checks meaning
that the response bodies omit resources that the user isn't authorized
to see.
For example, if an admin user creates a user, member role might not be
able to see that user when listing all the users in a tenant,
depending on the RBAC rule.
This patch set adds override_role_and_validate_list function to
RbacUtils to validate RBAC flows for API list actions.

Change-Id: I5f39efc8aa0004d4ad435cbd6b8fb037c33832d6
4 files changed
tree: 87eb21da37b3e9ac14b382bc1de4d6175d2416cf
  1. devstack/
  2. doc/
  3. etc/
  4. patrole_tempest_plugin/
  5. releasenotes/
  6. .coveragerc
  7. .gitignore
  8. .gitreview
  9. .mailmap
  10. .stestr.conf
  11. .zuul.yaml
  12. babel.cfg
  13. HACKING.rst
  14. LICENSE
  15. lower-constraints.txt
  16. README.rst
  17. requirements.txt
  18. REVIEWING.rst
  19. setup.cfg
  20. setup.py
  21. test-requirements.txt
  22. tox.ini