Update paste, policy and rootwrap configurations 2016-12-10
Change-Id: I2586f36e23d5decec524babf8ef8de2cb6be6468
This commit is contained in:
Andy McCrae
@@ -157,3 +157,4 @@ trove_config_overrides: {}
|
|||||||
trove_api_paste_ini_overrides: {}
|
trove_api_paste_ini_overrides: {}
|
||||||
trove_conductor_config_overrides: {}
|
trove_conductor_config_overrides: {}
|
||||||
trove_taskmanager_config_overrides: {}
|
trove_taskmanager_config_overrides: {}
|
||||||
|
trove_policy_overrides: {}
|
||||||
|
|||||||
@@ -33,6 +33,10 @@
|
|||||||
dest: "/etc/trove/trove.conf"
|
dest: "/etc/trove/trove.conf"
|
||||||
config_overrides: "{{ trove_config_overrides }}"
|
config_overrides: "{{ trove_config_overrides }}"
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
|
- src: "policy.json.j2"
|
||||||
|
dest: "/etc/trove/policy.json"
|
||||||
|
config_overrides: "{{ trove_policy_overrides }}"
|
||||||
|
config_type: "json"
|
||||||
notify:
|
notify:
|
||||||
- Restart Apache
|
- Restart Apache
|
||||||
- Restart trove API services
|
- Restart trove API services
|
||||||
|
|||||||
96
templates/policy.json.j2
Normal file
96
templates/policy.json.j2
Normal file
@@ -0,0 +1,96 @@
|
|||||||
|
{
|
||||||
|
"admin": "role:admin or is_admin:True",
|
||||||
|
"admin_or_owner": "rule:admin or tenant:%(tenant)s",
|
||||||
|
"default": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"instance:create": "rule:admin_or_owner",
|
||||||
|
"instance:delete": "rule:admin_or_owner",
|
||||||
|
"instance:force_delete": "rule:admin_or_owner",
|
||||||
|
"instance:index": "rule:admin_or_owner",
|
||||||
|
"instance:show": "rule:admin_or_owner",
|
||||||
|
"instance:update": "rule:admin_or_owner",
|
||||||
|
"instance:edit": "rule:admin_or_owner",
|
||||||
|
"instance:restart": "rule:admin_or_owner",
|
||||||
|
"instance:resize_volume": "rule:admin_or_owner",
|
||||||
|
"instance:resize_flavor": "rule:admin_or_owner",
|
||||||
|
"instance:reset_status": "rule:admin",
|
||||||
|
"instance:promote_to_replica_source": "rule:admin_or_owner",
|
||||||
|
"instance:eject_replica_source": "rule:admin_or_owner",
|
||||||
|
"instance:configuration": "rule:admin_or_owner",
|
||||||
|
"instance:guest_log_list": "rule:admin_or_owner",
|
||||||
|
"instance:backups": "rule:admin_or_owner",
|
||||||
|
"instance:module_list": "rule:admin_or_owner",
|
||||||
|
"instance:module_apply": "rule:admin_or_owner",
|
||||||
|
"instance:module_remove": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"instance:extension:root:create": "rule:admin_or_owner",
|
||||||
|
"instance:extension:root:delete": "rule:admin_or_owner",
|
||||||
|
"instance:extension:root:index": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"instance:extension:user:create": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user:delete": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user:index": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user:show": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user:update": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user:update_all": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"instance:extension:user_access:update": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user_access:delete": "rule:admin_or_owner",
|
||||||
|
"instance:extension:user_access:index": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"instance:extension:database:create": "rule:admin_or_owner",
|
||||||
|
"instance:extension:database:delete": "rule:admin_or_owner",
|
||||||
|
"instance:extension:database:index": "rule:admin_or_owner",
|
||||||
|
"instance:extension:database:show": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"cluster:create": "rule:admin_or_owner",
|
||||||
|
"cluster:delete": "rule:admin_or_owner",
|
||||||
|
"cluster:force_delete": "rule:admin_or_owner",
|
||||||
|
"cluster:index": "rule:admin_or_owner",
|
||||||
|
"cluster:show": "rule:admin_or_owner",
|
||||||
|
"cluster:show_instance": "rule:admin_or_owner",
|
||||||
|
"cluster:action": "rule:admin_or_owner",
|
||||||
|
"cluster:reset-status": "rule:admin",
|
||||||
|
|
||||||
|
"cluster:extension:root:create": "rule:admin_or_owner",
|
||||||
|
"cluster:extension:root:delete": "rule:admin_or_owner",
|
||||||
|
"cluster:extension:root:index": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"backup:create": "rule:admin_or_owner",
|
||||||
|
"backup:delete": "rule:admin_or_owner",
|
||||||
|
"backup:index": "rule:admin_or_owner",
|
||||||
|
"backup:show": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"configuration:create": "rule:admin_or_owner",
|
||||||
|
"configuration:delete": "rule:admin_or_owner",
|
||||||
|
"configuration:index": "rule:admin_or_owner",
|
||||||
|
"configuration:show": "rule:admin_or_owner",
|
||||||
|
"configuration:instances": "rule:admin_or_owner",
|
||||||
|
"configuration:update": "rule:admin_or_owner",
|
||||||
|
"configuration:edit": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"configuration-parameter:index": "rule:admin_or_owner",
|
||||||
|
"configuration-parameter:show": "rule:admin_or_owner",
|
||||||
|
"configuration-parameter:index_by_version": "rule:admin_or_owner",
|
||||||
|
"configuration-parameter:show_by_version": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"datastore:index": "",
|
||||||
|
"datastore:show": "",
|
||||||
|
"datastore:version_show": "",
|
||||||
|
"datastore:version_show_by_uuid": "",
|
||||||
|
"datastore:version_index": "",
|
||||||
|
"datastore:list_associated_flavors": "",
|
||||||
|
"datastore:list_associated_volume_types": "",
|
||||||
|
|
||||||
|
"flavor:index": "",
|
||||||
|
"flavor:show": "",
|
||||||
|
|
||||||
|
"limits:index": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"module:create": "rule:admin_or_owner",
|
||||||
|
"module:delete": "rule:admin_or_owner",
|
||||||
|
"module:index": "rule:admin_or_owner",
|
||||||
|
"module:show": "rule:admin_or_owner",
|
||||||
|
"module:instances": "rule:admin_or_owner",
|
||||||
|
"module:update": "rule:admin_or_owner"
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user