commit ed95005ac3a3b237284dfddb98826bcb762205eb
author Rick Bartra <rb560u@att.com> Thu Jun 29 17:20:33 2017 -0400
committer Rick Bartra <rb560u@att.com> Fri Jul 07 11:16:31 2017 -0400
tree 687bc0eaa64d429be14d4051844a1db7b8af3f6a
parent 4781dc9067c4c21e425cd4c283e929cf99bdc4f0

Add support for testing custom RBAC requirements

Add support of running Patrole against a custom requirements YAML that
defines RBAC requirements. The YAML file lists all the APIs and the roles
that should have access to the APIs. The purpose of running Patrole against
a requirements YAML is to verify that the RBAC policy is in accordance to
deployment specific requirements. Running Patrole against a requirements
YAML is completely optional and can be enabled through the rbac section of
the tempest.conf.

Change-Id: I8ba89ab5e134b15e97ac20a7aacbfd70896e192f
Implements: blueprint support-custom-yaml
Co-Authored-By: Sangeet Gupta <sg774j@att.com>
Co-Authored-By: David Purcell <d.purcell222@gmail.com>

releasenotes/notes/support_requirements_yaml-a90e0188a19421ba.yaml

diff --git a/releasenotes/notes/support_requirements_yaml-a90e0188a19421ba.yaml b/releasenotes/notes/support_requirements_yaml-a90e0188a19421ba.yaml
new file mode 100644
index 0000000..d2f5519
--- /dev/null
+++ b/releasenotes/notes/support_requirements_yaml-a90e0188a19421ba.yaml
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    Add support of running Patrole against a custom requirements YAML that
+    defines RBAC requirements. The YAML file lists all the APIs and the roles
+    that should have access to the APIs. The purpose of running Patrole against
+    a requirements YAML is to verify that the RBAC policy is in accordance to
+    deployment specific requirements. Running Patrole against a requirements
+    YAML is completely optional and can be enabled by setting the
+    ``[rbac] test_custom_requirements`` option to True in Tempest's
+    configuration file. The requirements YAML must be located on the same host
+    that Patrole runs on.