From f6ce4df181fdd0c42b3d680f779be7806f637589 Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Thu, 19 Oct 2017 16:10:52 +0700 Subject: [PATCH] Implement policy in code - reno and doc (end) This commit migrate all policies into code [1]. [1] https://governance.openstack.org/tc/goals/queens/policy-in-code.html Change-Id: Ibdc8611dbb665595b4b3bca493b8bdb241db3fae Co-authored-By: Hieu LE --- .gitignore | 1 + doc/source/conf.py | 7 +++++++ doc/source/configuration/index.rst | 5 ++--- doc/source/configuration/policy.rst | 9 +++++++++ doc/source/configuration/sample-policy-yaml.rst | 8 ++++++++ .../notes/policy-in-code-79edd9282f1e4603.yaml | 14 ++++++++++++++ 6 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 doc/source/configuration/policy.rst create mode 100644 doc/source/configuration/sample-policy-yaml.rst create mode 100644 releasenotes/notes/policy-in-code-79edd9282f1e4603.yaml diff --git a/.gitignore b/.gitignore index 8f7c95b1b..6611592d6 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ subunit.log # Files created by releasenotes build releasenotes/build /doc/source/contributor/api/ +doc/source/_static/aodh.policy.yaml.sample diff --git a/doc/source/conf.py b/doc/source/conf.py index 4644b4851..38607b7bf 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -49,6 +49,8 @@ extensions = [ 'stevedore.sphinxext', 'oslo_config.sphinxconfiggen', 'oslo_config.sphinxext', + 'oslo_policy.sphinxpolicygen', + 'oslo_policy.sphinxext', 'sphinxcontrib.httpdomain', ] @@ -56,6 +58,11 @@ config_generator_config_file = os.path.join(ROOT, 'aodh/cmd/aodh-config-generator.conf') sample_config_basename = '_static/aodh' +policy_generator_config_file = ( + '../../aodh/cmd/aodh-policy-generator.conf' +) +sample_policy_basename = '_static/aodh' + wsme_protocols = ['restjson', 'restxml'] todo_include_todos = True diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst index bd7bad316..4b1f4a2ee 100644 --- a/doc/source/configuration/index.rst +++ b/doc/source/configuration/index.rst @@ -7,6 +7,5 @@ Configuration Guide .. toctree:: aodh-config-file.rst aodh-config-options.rst - - - + policy + sample-policy-yaml diff --git a/doc/source/configuration/policy.rst b/doc/source/configuration/policy.rst new file mode 100644 index 000000000..1593f24cc --- /dev/null +++ b/doc/source/configuration/policy.rst @@ -0,0 +1,9 @@ +===================================== +Aodh Sample Policy Configuration File +===================================== + +The following is an overview of all available policies in Aodh. +For a sample configuration file, refer to :doc:`sample-policy-yaml`. + +.. show-policy:: + :config-file: ../../aodh/cmd/aodh-policy-generator.conf diff --git a/doc/source/configuration/sample-policy-yaml.rst b/doc/source/configuration/sample-policy-yaml.rst new file mode 100644 index 000000000..90e1e1183 --- /dev/null +++ b/doc/source/configuration/sample-policy-yaml.rst @@ -0,0 +1,8 @@ +=========== +policy.yaml +=========== + +Use the ``policy.yaml`` file to define additional access controls that will be +applied to Aodh: + +.. literalinclude:: ../_static/aodh.policy.yaml.sample diff --git a/releasenotes/notes/policy-in-code-79edd9282f1e4603.yaml b/releasenotes/notes/policy-in-code-79edd9282f1e4603.yaml new file mode 100644 index 000000000..114f69259 --- /dev/null +++ b/releasenotes/notes/policy-in-code-79edd9282f1e4603.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Aodh now support policy in code, which means if users didn't modify + any of policy rules, they can leave policy file (in `json` or `yaml` + format) empty or not deploy it at all. Because from now, Aodh keeps + all default policies under `aodh/api/policies` module. + Users can still modify/generate `policy.yaml` file which will override + policy rules in code if those rules show in `policy.yaml` file. +other: + - | + Default `policy.json` file is now removed as Aodh now generate the + default policies from code. Please be aware that when using that file in + your environment.