Module authorization 

Authorization helpers: validate user access to HSM groups and their members.

Statics

PA_ADMIN

Keycloak role name that grants full admin access (bypasses HSM-group scoping checks).

Functions

validate_ansible_limit_membership_access

Validate every xname in a comma-separated ansible_limit-style string against the caller’s accessible groups.

validate_group_members_access

Like validate_user_group_members_access but with the caller-accessible group list supplied explicitly.

validate_group_vec_access

Pure check that every label in group_target_vec appears in group_available_vec.

validate_user_group_access

Validate that group_name is in the set this token can access.

validate_user_group_members_access

Validate that every xname in group_members_target_vec is a member of at least one group the token can access.

validate_user_group_vec_access

Validate that every label in group_vec is in the set the token can access.