Merge "Maintain policy in code"
This commit is contained in:
commit
58838ce6c2
3
.gitignore
vendored
3
.gitignore
vendored
@ -72,6 +72,9 @@ ChangeLog
|
||||
etc/barbican/barbican.conf
|
||||
etc/barbican/barbican.conf.sample
|
||||
|
||||
# File created by oslopolicy-sample-generator
|
||||
etc/barbican/policy.yaml.sample
|
||||
|
||||
# Files created by releasenotes build
|
||||
releasenotes/build
|
||||
|
||||
|
43
barbican/common/policies/__init__.py
Normal file
43
barbican/common/policies/__init__.py
Normal file
@ -0,0 +1,43 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import itertools
|
||||
|
||||
from barbican.common.policies import acls
|
||||
from barbican.common.policies import base
|
||||
from barbican.common.policies import cas
|
||||
from barbican.common.policies import consumers
|
||||
from barbican.common.policies import containers
|
||||
from barbican.common.policies import orders
|
||||
from barbican.common.policies import quotas
|
||||
from barbican.common.policies import secretmeta
|
||||
from barbican.common.policies import secrets
|
||||
from barbican.common.policies import secretstores
|
||||
from barbican.common.policies import transportkeys
|
||||
from barbican.common.policies import versions
|
||||
|
||||
|
||||
def list_rules():
|
||||
return itertools.chain(
|
||||
acls.list_rules(),
|
||||
base.list_rules(),
|
||||
cas.list_rules(),
|
||||
consumers.list_rules(),
|
||||
containers.list_rules(),
|
||||
orders.list_rules(),
|
||||
quotas.list_rules(),
|
||||
secretmeta.list_rules(),
|
||||
secrets.list_rules(),
|
||||
secretstores.list_rules(),
|
||||
transportkeys.list_rules(),
|
||||
versions.list_rules(),
|
||||
)
|
38
barbican/common/policies/acls.py
Normal file
38
barbican/common/policies/acls.py
Normal file
@ -0,0 +1,38 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('secret_acls:put_patch',
|
||||
'rule:secret_project_admin or '
|
||||
'rule:secret_project_creator'),
|
||||
policy.RuleDefault('secret_acls:delete',
|
||||
'rule:secret_project_admin or '
|
||||
'rule:secret_project_creator'),
|
||||
policy.RuleDefault('secret_acls:get',
|
||||
'rule:all_but_audit and '
|
||||
'rule:secret_project_match'),
|
||||
policy.RuleDefault('container_acls:put_patch',
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_project_creator'),
|
||||
policy.RuleDefault('container_acls:delete',
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_project_creator'),
|
||||
policy.RuleDefault('container_acls:get',
|
||||
'rule:all_but_audit and rule:container_project_match'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
77
barbican/common/policies/base.py
Normal file
77
barbican/common/policies/base.py
Normal file
@ -0,0 +1,77 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('admin',
|
||||
'role:admin'),
|
||||
policy.RuleDefault('observer',
|
||||
'role:observer'),
|
||||
policy.RuleDefault('creator',
|
||||
'role:creator'),
|
||||
policy.RuleDefault('audit',
|
||||
'role:audit'),
|
||||
policy.RuleDefault('service_admin',
|
||||
'role:key-manager:service-admin'),
|
||||
policy.RuleDefault('admin_or_user_does_not_work',
|
||||
'project_id:%(project_id)s'),
|
||||
policy.RuleDefault('admin_or_user',
|
||||
'rule:admin or project_id:%(project_id)s'),
|
||||
policy.RuleDefault('admin_or_creator',
|
||||
'rule:admin or rule:creator'),
|
||||
policy.RuleDefault('all_but_audit',
|
||||
'rule:admin or rule:observer or rule:creator'),
|
||||
policy.RuleDefault('all_users',
|
||||
'rule:admin or rule:observer or rule:creator or '
|
||||
'rule:audit or rule:service_admin'),
|
||||
policy.RuleDefault('secret_project_match',
|
||||
'project:%(target.secret.project_id)s'),
|
||||
policy.RuleDefault('secret_acl_read',
|
||||
"'read':%(target.secret.read)s"),
|
||||
policy.RuleDefault('secret_private_read',
|
||||
"'False':%(target.secret.read_project_access)s"),
|
||||
policy.RuleDefault('secret_creator_user',
|
||||
"user:%(target.secret.creator_id)s"),
|
||||
policy.RuleDefault('container_project_match',
|
||||
"project:%(target.container.project_id)s"),
|
||||
policy.RuleDefault('container_acl_read',
|
||||
"'read':%(target.container.read)s"),
|
||||
policy.RuleDefault('container_private_read',
|
||||
"'False':%(target.container.read_project_access)s"),
|
||||
policy.RuleDefault('container_creator_user',
|
||||
"user:%(target.container.creator_id)s"),
|
||||
policy.RuleDefault('secret_non_private_read',
|
||||
"rule:all_users and rule:secret_project_match and "
|
||||
"not rule:secret_private_read"),
|
||||
policy.RuleDefault('secret_decrypt_non_private_read',
|
||||
"rule:all_but_audit and rule:secret_project_match and "
|
||||
"not rule:secret_private_read"),
|
||||
policy.RuleDefault('container_non_private_read',
|
||||
"rule:all_users and rule:container_project_match and "
|
||||
"not rule:container_private_read"),
|
||||
policy.RuleDefault('secret_project_admin',
|
||||
"rule:admin and rule:secret_project_match"),
|
||||
policy.RuleDefault('secret_project_creator',
|
||||
"rule:creator and rule:secret_project_match and "
|
||||
"rule:secret_creator_user"),
|
||||
policy.RuleDefault('container_project_admin',
|
||||
"rule:admin and rule:container_project_match"),
|
||||
policy.RuleDefault('container_project_creator',
|
||||
"rule:creator and rule:container_project_match and "
|
||||
"rule:container_creator_user"),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
51
barbican/common/policies/cas.py
Normal file
51
barbican/common/policies/cas.py
Normal file
@ -0,0 +1,51 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('certificate_authorities:get_limited',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('certificate_authorities:get_all',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authorities:post',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authorities:get_preferred_ca',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('certificate_authorities:get_global_preferred_ca',
|
||||
'rule:service_admin'),
|
||||
policy.RuleDefault('certificate_authorities:unset_global_preferred',
|
||||
'rule:service_admin'),
|
||||
policy.RuleDefault('certificate_authority:delete',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authority:get',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('certificate_authority:get_cacert',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('certificate_authority:get_ca_cert_chain',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('certificate_authority:get_projects',
|
||||
'rule:service_admin'),
|
||||
policy.RuleDefault('certificate_authority:add_to_project',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authority:remove_from_project',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authority:set_preferred',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('certificate_authority:set_global_preferred',
|
||||
'rule:service_admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
43
barbican/common/policies/consumers.py
Normal file
43
barbican/common/policies/consumers.py
Normal file
@ -0,0 +1,43 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('consumer:get',
|
||||
'rule:admin or rule:observer or rule:creator or '
|
||||
'rule:audit or rule:container_non_private_read or '
|
||||
'rule:container_project_creator or '
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_acl_read'),
|
||||
policy.RuleDefault('consumers:get',
|
||||
'rule:admin or rule:observer or rule:creator or '
|
||||
'rule:audit or rule:container_non_private_read or '
|
||||
'rule:container_project_creator or '
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_acl_read'),
|
||||
policy.RuleDefault('consumers:post',
|
||||
'rule:admin or rule:container_non_private_read or '
|
||||
'rule:container_project_creator or '
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_acl_read'),
|
||||
policy.RuleDefault('consumers:delete',
|
||||
'rule:admin or rule:container_non_private_read or '
|
||||
'rule:container_project_creator or '
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_acl_read'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
37
barbican/common/policies/containers.py
Normal file
37
barbican/common/policies/containers.py
Normal file
@ -0,0 +1,37 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('containers:post',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('containers:get',
|
||||
'rule:all_but_audit'),
|
||||
policy.RuleDefault('container:get',
|
||||
'rule:container_non_private_read or '
|
||||
'rule:container_project_creator or '
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_acl_read'),
|
||||
policy.RuleDefault('container:delete',
|
||||
'rule:container_project_admin or '
|
||||
'rule:container_project_creator'),
|
||||
policy.RuleDefault('container_secret:post',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('container_secret:delete',
|
||||
'rule:admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
31
barbican/common/policies/orders.py
Normal file
31
barbican/common/policies/orders.py
Normal file
@ -0,0 +1,31 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('orders:post',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('orders:get',
|
||||
'rule:all_but_audit'),
|
||||
policy.RuleDefault('order:get',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('order:put',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('order:delete',
|
||||
'rule:admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
29
barbican/common/policies/quotas.py
Normal file
29
barbican/common/policies/quotas.py
Normal file
@ -0,0 +1,29 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('quotas:get',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('project_quotas:get',
|
||||
'rule:service_admin'),
|
||||
policy.RuleDefault('project_quotas:put',
|
||||
'rule:service_admin'),
|
||||
policy.RuleDefault('project_quotas:delete',
|
||||
'rule:service_admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
29
barbican/common/policies/secretmeta.py
Normal file
29
barbican/common/policies/secretmeta.py
Normal file
@ -0,0 +1,29 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('secret_meta:get',
|
||||
'rule:all_but_audit'),
|
||||
policy.RuleDefault('secret_meta:post',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('secret_meta:put',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('secret_meta:delete',
|
||||
'rule:admin_or_creator'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
41
barbican/common/policies/secrets.py
Normal file
41
barbican/common/policies/secrets.py
Normal file
@ -0,0 +1,41 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('secret:decrypt',
|
||||
'rule:secret_decrypt_non_private_read or '
|
||||
'rule:secret_project_creator or '
|
||||
'rule:secret_project_admin or '
|
||||
'rule:secret_acl_read'),
|
||||
policy.RuleDefault('secret:get',
|
||||
'rule:secret_non_private_read or '
|
||||
'rule:secret_project_creator or '
|
||||
'rule:secret_project_admin or '
|
||||
'rule:secret_acl_read'),
|
||||
policy.RuleDefault('secret:put',
|
||||
'rule:admin_or_creator and '
|
||||
'rule:secret_project_match'),
|
||||
policy.RuleDefault('secret:delete',
|
||||
'rule:secret_project_admin or '
|
||||
'rule:secret_project_creator'),
|
||||
policy.RuleDefault('secrets:post',
|
||||
'rule:admin_or_creator'),
|
||||
policy.RuleDefault('secrets:get',
|
||||
'rule:all_but_audit'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
33
barbican/common/policies/secretstores.py
Normal file
33
barbican/common/policies/secretstores.py
Normal file
@ -0,0 +1,33 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('secretstores:get',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('secretstores:get_global_default',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('secretstores:get_preferred',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('secretstore_preferred:post',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('secretstore_preferred:delete',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('secretstore:get',
|
||||
'rule:admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
29
barbican/common/policies/transportkeys.py
Normal file
29
barbican/common/policies/transportkeys.py
Normal file
@ -0,0 +1,29 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('transport_key:get',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('transport_key:delete',
|
||||
'rule:admin'),
|
||||
policy.RuleDefault('transport_keys:get',
|
||||
'rule:all_users'),
|
||||
policy.RuleDefault('transport_keys:post',
|
||||
'rule:admin'),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
23
barbican/common/policies/versions.py
Normal file
23
barbican/common/policies/versions.py
Normal file
@ -0,0 +1,23 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault('version:get',
|
||||
'@')
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
3
etc/oslo-config-generator/policy.conf
Normal file
3
etc/oslo-config-generator/policy.conf
Normal file
@ -0,0 +1,3 @@
|
||||
[DEFAULT]
|
||||
output_file = etc/barbican/policy.yaml.sample
|
||||
namespace = barbican
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- Maintain the policy rules in code and add an oslo.policy CLI script
|
||||
in tox to generate policy sample file.
|
||||
|
||||
The script can be called like
|
||||
"oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf"
|
||||
and will generate a policy.yaml.sample file with the effective policy.
|
@ -28,6 +28,9 @@ dogtag =
|
||||
dogtag-pki>=10.3.5.1 # LGPLv3+
|
||||
|
||||
[entry_points]
|
||||
oslo.policy.policies =
|
||||
barbican = barbican.common.policies:list_rules
|
||||
|
||||
console_scripts =
|
||||
barbican-manage = barbican.cmd.barbican_manage:main
|
||||
barbican-db-manage = barbican.cmd.db_manage:main
|
||||
|
3
tox.ini
3
tox.ini
@ -124,5 +124,8 @@ commands = sphinx-build -a -E -W -d install-guide/build/doctrees -b html install
|
||||
deps = bindep
|
||||
commands = bindep test
|
||||
|
||||
[testenv:genpolicy]
|
||||
commands = oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf
|
||||
|
||||
[hacking]
|
||||
local-check-factory = barbican.hacking.checks.factory
|
||||
|
Loading…
x
Reference in New Issue
Block a user