180ae8964d
Implements interim-glance-authz-service Change-Id: Ifefa4174aa45a29fd58ab40c74b5eaf6fecb4f83
2.4 KiB
Policies
Glance's API calls may be restricted to certain sets of users using a Policy configuration file.
This document explains exactly how policies work and how the policy configuration file is constructed.
Basics
A policy is composed of a set of rules that are used by the Policy "Brain" in determining if a particular action may be performed by a particular role.
Constructing a Policy Configuration File
Policy configuration files are simply serialized JSON dictionaries that contain sets of rules. Each top-level key is the name of a rule. Each rule is a string that describes an action that may be performed in the Glance API.
The actions that may have a rule enforced on them are:
get_images- Allowed to call theGET /imagesandGET /images/detailAPI callsget_image- Allowed to call theHEAD /images/<IMAGE_ID>andGET /images/<IMAGE_ID>API callsadd_image- Allowed to call thePOST /imagesAPI callmodify_image- Allowed to call thePUT /images/<IMAGE_ID>API calldelete_image- Allowed to call theDELETE /images/<IMAGE_ID>API call
To limit an action to a particular role or roles, you list the roles like so :
{
"delete_image": ["role:admin", "role:superuser"]
}The above would add a rule that only allowed users that had roles of either "admin" or "superuser" to delete an image.
Examples
Example 1. (The default policy configuration)
{ "default": [] }
Note that an empty JSON list means that all methods of the Glance API are callable by anyone.
Example 2. Disallow modification calls to non-admins
{ "default": [], "add_image": ["role:admin"], "modify_image": ["role:admin"], "delete_image": ["role:admin"] }