Move RbacAuthority class into separate module
This patchset simply moves the RbacAuthority abstract base class into its own module for better code organization. Change-Id: I89bee142671645f304d622b9e6c25fbab745a7e2
This commit is contained in:
parent
9ae705db16
commit
31e308ecab
|
@ -24,8 +24,8 @@ from tempest import clients
|
|||
from tempest.common import credentials_factory as credentials
|
||||
from tempest import config
|
||||
|
||||
from patrole_tempest_plugin.rbac_authority import RbacAuthority
|
||||
from patrole_tempest_plugin import rbac_exceptions
|
||||
from patrole_tempest_plugin.rbac_utils import RbacAuthority
|
||||
|
||||
CONF = config.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2017 AT&T Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import abc
|
||||
|
||||
import six
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class RbacAuthority(object):
|
||||
"""Class for validating whether a given role can perform a policy action.
|
||||
|
||||
Any class that extends ``RbacAuthority`` provides the logic for determining
|
||||
whether a role has permissions to execute a policy action.
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def allowed(self, rule, role):
|
||||
"""Determine whether the role should be able to perform the API.
|
||||
|
||||
:param rule: The name of the policy enforced by the API.
|
||||
:param role: The role used to determine whether ``rule`` can be
|
||||
executed.
|
||||
:returns: True if the ``role`` has permissions to execute
|
||||
``rule``, else False.
|
||||
"""
|
|
@ -13,9 +13,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import abc
|
||||
from contextlib import contextmanager
|
||||
import six
|
||||
import time
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
@ -229,23 +227,3 @@ def is_admin():
|
|||
:returns: True if ``rbac_test_role`` is the admin role.
|
||||
"""
|
||||
return CONF.patrole.rbac_test_role == CONF.identity.admin_role
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class RbacAuthority(object):
|
||||
"""Class for validating whether a given role can perform a policy action.
|
||||
|
||||
Any class that extends ``RbacAuthority`` provides the logic for determining
|
||||
whether a role has permissions to execute a policy action.
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def allowed(self, rule, role):
|
||||
"""Determine whether the role should be able to perform the API.
|
||||
|
||||
:param rule: The name of the policy enforced by the API.
|
||||
:param role: The role used to determine whether ``rule`` can be
|
||||
executed.
|
||||
:returns: True if the ``role`` has permissions to execute
|
||||
``rule``, else False.
|
||||
"""
|
||||
|
|
|
@ -18,7 +18,7 @@ from oslo_log import log as logging
|
|||
|
||||
from tempest.lib import exceptions
|
||||
|
||||
from patrole_tempest_plugin.rbac_utils import RbacAuthority
|
||||
from patrole_tempest_plugin.rbac_authority import RbacAuthority
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
|
Loading…
Reference in New Issue