Update policy authority documentation
Also cleans up a few nits for rbac_rule_validation documentation
Change-Id: Id1fcab5b6e9e426f30c8902363baacd7c0a50910
diff --git a/doc/source/rbac_validation.rst b/doc/source/rbac_validation.rst
index ccaf3c8..a3cd7e6 100644
--- a/doc/source/rbac_validation.rst
+++ b/doc/source/rbac_validation.rst
@@ -7,7 +7,7 @@
Overview
--------
-RBAC Testing Validation is broken up into 3 stages:
+RBAC testing validation is broken up into 3 stages:
1. "Expected" stage. Determine whether the test should be able to succeed
or fail based on the test role defined by ``[patrole] rbac_test_role``)
@@ -41,11 +41,20 @@
.. automodule:: patrole_tempest_plugin.rbac_rule_validation
:members:
+ :private-members:
---------------------------
The Policy Authority Module
---------------------------
+Module called by the "RBAC Rule Validation Module" to verify whether the test
+role is allowed to execute a policy action by querying ``oslo.policy`` with
+required test data. The result is used by the "RBAC Rule Validation Module" as
+the `expected` result.
+
+This module is only called for calculating the `expected` result if
+``[patrole] test_custom_requirements`` is ``False``.
+
Using the Policy Authority Module, policy verification is performed by:
1. Pooling together the default `in-code` policy rules.