Merge "Add docstring for rbac_rule_validation is_authorized"
diff --git a/patrole_tempest_plugin/rbac_rule_validation.py b/patrole_tempest_plugin/rbac_rule_validation.py
index 53f84ff..0753a42 100644
--- a/patrole_tempest_plugin/rbac_rule_validation.py
+++ b/patrole_tempest_plugin/rbac_rule_validation.py
@@ -130,6 +130,20 @@
 
 
 def _is_authorized(test_obj, service, rule_name, extra_target_data):
+    """Validates whether current RBAC role has permission to do policy action.
+
+    :param test_obj: type BaseTestCase (tempest base test class)
+    :param service: the OpenStack service that enforces ``rule_name``
+    :param rule_name: the name of the policy action
+    :param extra_target_data: dictionary with unresolved string literals that
+        reference nested BaseTestCase attributes
+    :returns: True if the current RBAC role can perform the policy action else
+        False
+    :raises RbacParsingException: if ``CONF.rbac.strict_policy_check`` is
+        enabled and the ``rule_name`` does not exist in the system
+    :raises skipException: if ``CONF.rbac.strict_policy_check`` is
+        disabled and the ``rule_name`` does not exist in the system
+    """
     try:
         project_id = test_obj.auth_provider.credentials.project_id
         user_id = test_obj.auth_provider.credentials.user_id
@@ -215,7 +229,8 @@
     :param test_obj: type BaseTestCase (tempest base test class)
     :param extra_target_data: dictionary with unresolved string literals that
         reference nested BaseTestCase attributes
-    :returns: dictionary with resolved BaseTestCase attributes
+    :returns: dictionary containing additional object data needed by
+        oslo.policy to validate generic checks
     """
     attr_value = test_obj
     formatted_target_data = {}