| DavidPurcell | 029d8c3 | 2017-01-06 15:27:41 -0500 | [diff] [blame^] | 1 | # Copyright 2017 AT&T Corp |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| 16 | from oslo_log import log as logging |
| 17 | from tempest.lib import exceptions |
| 18 | |
| 19 | from patrole_tempest_plugin import rbac_role_converter |
| 20 | |
| 21 | LOG = logging.getLogger(__name__) |
| 22 | |
| 23 | |
| 24 | class RbacAuthority(object): |
| 25 | def __init__(self, component=None, service=None): |
| 26 | self.converter = rbac_role_converter.RbacPolicyConverter(service) |
| 27 | self.roles_dict = self.converter.rules |
| 28 | |
| 29 | def get_permission(self, api, role): |
| 30 | if self.roles_dict is None: |
| 31 | raise exceptions.InvalidConfiguration("Roles dictionary is empty!") |
| 32 | try: |
| 33 | _api = self.roles_dict[api] |
| 34 | if role in _api: |
| 35 | LOG.debug("[API]: %s, [Role]: %s is allowed!", api, role) |
| 36 | return True |
| 37 | else: |
| 38 | LOG.debug("[API]: %s, [Role]: %s is NOT allowed!", api, role) |
| 39 | return False |
| 40 | except KeyError: |
| 41 | raise KeyError("'%s' API is not defined in the policy.json" |
| 42 | % api) |
| 43 | return False |