Move RbacAuthority class into separate module

This patchset simply moves the RbacAuthority abstract base class into its own module for better code organization. Change-Id: I89bee142671645f304d622b9e6c25fbab745a7e2
2018-05-22 12:05:10 -07:00 · 2018-05-22 12:05:10 -07:00 · 31e308ecab
parent 9ae705db16
commit 31e308ecab
4 changed files with 40 additions and 24 deletions
--- a/patrole_tempest_plugin/policy_authority.py
+++ b/patrole_tempest_plugin/policy_authority.py
@ -24,8 +24,8 @@ from tempest import clients
 from tempest.common import credentials_factory as credentials
 from tempest import config

+from patrole_tempest_plugin.rbac_authority import RbacAuthority
 from patrole_tempest_plugin import rbac_exceptions
-from patrole_tempest_plugin.rbac_utils import RbacAuthority

 CONF = config.CONF
 LOG = logging.getLogger(__name__)
--- a/patrole_tempest_plugin/rbac_authority.py
+++ b/patrole_tempest_plugin/rbac_authority.py
@ -0,0 +1,38 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import abc
+
+import six
+
+
+@six.add_metaclass(abc.ABCMeta)
+class RbacAuthority(object):
+    """Class for validating whether a given role can perform a policy action.
+
+    Any class that extends ``RbacAuthority`` provides the logic for determining
+    whether a role has permissions to execute a policy action.
+    """
+
+    @abc.abstractmethod
+    def allowed(self, rule, role):
+        """Determine whether the role should be able to perform the API.
+
+        :param rule: The name of the policy enforced by the API.
+        :param role: The role used to determine whether ``rule`` can be
+            executed.
+        :returns: True if the ``role`` has permissions to execute
+            ``rule``, else False.
+        """
--- a/patrole_tempest_plugin/rbac_utils.py
+++ b/patrole_tempest_plugin/rbac_utils.py
@ -13,9 +13,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-import abc
 from contextlib import contextmanager
-import six
 import time

 from oslo_log import log as logging
@ -229,23 +227,3 @@ def is_admin():
    :returns: True if ``rbac_test_role`` is the admin role.
    """
    return CONF.patrole.rbac_test_role == CONF.identity.admin_role
-
-
-@six.add_metaclass(abc.ABCMeta)
-class RbacAuthority(object):
-    """Class for validating whether a given role can perform a policy action.
-
-    Any class that extends ``RbacAuthority`` provides the logic for determining
-    whether a role has permissions to execute a policy action.
-    """
-
-    @abc.abstractmethod
-    def allowed(self, rule, role):
-        """Determine whether the role should be able to perform the API.
-
-        :param rule: The name of the policy enforced by the API.
-        :param role: The role used to determine whether ``rule`` can be
-            executed.
-        :returns: True if the ``role`` has permissions to execute
-            ``rule``, else False.
-        """
--- a/patrole_tempest_plugin/requirements_authority.py
+++ b/patrole_tempest_plugin/requirements_authority.py
@ -18,7 +18,7 @@ from oslo_log import log as logging

 from tempest.lib import exceptions

-from patrole_tempest_plugin.rbac_utils import RbacAuthority
+from patrole_tempest_plugin.rbac_authority import RbacAuthority

 LOG = logging.getLogger(__name__)