78b192553a
'check-uuid' and 'check-uuid --fix' are not working because we do not set package name for them. This patch fixes that. Change-Id: I553c364e3fc0d640620a01046dd7f70bdb704be2 Closes-Bug: #1678407 |
||
---|---|---|
contrib | ||
doc/source | ||
patrole_tempest_plugin | ||
releasenotes | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.mailmap | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
README.rst | ||
babel.cfg | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
test-whitelist.txt | ||
tox.ini |
README.rst
patrole
Patrole is a tool for verifying that Role-Based Access Control is being enforced.
Patrole allows users to run API tests using specified RBAC roles. This allows deployments to verify that only intended roles have access to those APIs. This is critical to ensure security, especially in large deployments with custom roles.
- Free software: Apache license
- Documentation: http://docs.openstack.org/developer/patrole
- Source: http://git.openstack.org/cgit/openstack/patrole
- Bugs: http://bugs.launchpad.net/patrole
Features
Patrole offers RBAC testing for various OpenStack RBAC policies. It includes a decorator that wraps around tests which verifies that when the test calls the corresponding api endpoint, access is only granted for correct roles.
There are several possible test flows.
- If the rbac_test_role is allowed to access the endpoint
-
- The test passes if no 403 forbidden or RbacActionFailed exception is raised.
- If the rbac_test_role is not allowed to access the endpoint
-
- If the endpoint returns a 403 forbidden exception the test will pass
- If the endpoint returns something other than a 403 forbidden to indicate that the role is not allowed, the test will raise an RbacActionFailed exception.