7eca672645
This patch introduces the implementation for registering default policy rules in code. Default rules are defined under cloudkitty.common.policies. Each API's policies are defined in a sub-folder under that path and __init__.py contains all the default policies in code which are registered in the ``init`` enforcer function in cloudkitty/common/policy.py. This commit does the following: - Creates the ``policies`` module that contains all the default policies in code. - Adds the base policy rules into code (context_is_admin, admin_or_owner and default rules). - Add policies in code for current APIs - Add a tox env to generate default policy sample file - Delete policy.json from repo as policies in code will be used. Change-Id: I257e8cefc2b699fc979c717531cd9ba77233d94b Implements: blueprint policy-in-code
16 lines
760 B
ReStructuredText
16 lines
760 B
ReStructuredText
========================
|
|
Cloudkitty Sample Policy
|
|
========================
|
|
|
|
The following is a sample Cloudkitty policy file that has been auto-generated
|
|
from default policy values in code. If you're using the default policies, then
|
|
the maintenance of this file is not necessary, and it should not be copied into
|
|
a deployment. Doing so will result in duplicate policy definitions. It is here
|
|
to help explain which policy operations protect specific Cloudkitty APIs, but it
|
|
is not suggested to copy and paste into a deployment unless you're planning on
|
|
providing a different policy for an operation that is not the default.
|
|
|
|
The sample policy file can also be viewed in `file form <_static/policy.yaml.sample>`_.
|
|
|
|
.. literalinclude:: _static/policy.yaml.sample
|