23 lines
839 B
YAML
23 lines
839 B
YAML
---
|
|
features:
|
|
- |
|
|
Supporting the role inference rules API gives Patrole an ability of testing
|
|
role chains, when one role implies the second which can also imply the
|
|
third:
|
|
|
|
``admin`` implies ``member`` implies ``reader``
|
|
|
|
Now in a case of testing against an ``admin`` role (``[patole]
|
|
rbac_test_roles`` = ``admin``) the ``rbac_rule_validation.action`` calls
|
|
the ``rbac_utils.get_all_needed_roles`` function to extend the roles
|
|
and validates a policy rule against the full list of possible roles:
|
|
|
|
["admin", "member", "reader"]
|
|
|
|
Here is few examples:
|
|
["admin"] >> ["admin", "member", "reader"]
|
|
["member"] >> ["member", "reader"]
|
|
["reader"] >> ["reader"]
|
|
["custom_role"] >> ["custom_role"]
|
|
["custom_role", "member"] >> ["custom_role", "member", "reader"]
|