openstack
/
oslo.policy
Code Issues Proposed changes

Clarify what exactly an "access file" is 

The definition of an "access" file is very vague, but oslopolicy-checker
expects it to be a token response body from keystone. If you don't pass
a token response explicitly, oslopolicy-checker will fail.

Change-Id: I5362fabb0344b67996367382dbc173eeaf39b06b
This commit is contained in:
Lance Bragstad 2020-07-20 09:15:42 -05:00
parent cab28649c6
commit 884a4ea461
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/source/cli/oslopolicy-checker.rst
View File

@ -19,7 +19,9 @@ Description
-----------
The ``oslopolicy-policy-generator`` command can be used to check policy against
the OpenStack Identity API access information.
the OpenStack Identity API access information. The access information is a
keystone token response from keystone's `authentication API
<https://docs.openstack.org/api-ref/identity/v3/#password-authentication-with-scoped-authorization>`_.
Options
-------
@ -28,8 +30,8 @@ Options
.. option:: --access ACCESS
Path to a file containing OpenStack Identity API access info in JSON
format.
Path to a file containing an OpenStack Identity API token response body in
JSON format.
.. option:: --enforcer_config ENFORCER_CONFIG