Files

Stephen Finucane 597fd0440b docs: Add separate man page for each CLI tool

Change-Id: Ifcfc88a67b038528f03756d550e1ddf8726cb37a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>

2020-06-30 14:17:56 +01:00

1.4 KiB

Raw Blame History

oslopolicy-validator

oslopolicy-policy-validator

Synopsis

oslopolicy-policy-validator

Description

The oslopolicy-validator tool can be used to perform basic sanity checks against a policy file. It will detect the following problems:

A missing policy file
Rules which have invalid syntax
Rules which reference non-existent other rules
Rules which form a cyclical reference with another rule
Rules which do not exist in the specified namespace

This tool does very little validation of the content of the rules. Other tools, such as oslopolicy-checker, should be used to check that rules do what is intended.

Options

Examples

Validate the policy file used for Keystone:

oslopolicy-validator --config-file /etc/keystone/keystone.conf --namespace keystone

Sample output from a failed validation:

$ oslopolicy-validator --config-file keystone.conf --namespace keystone
WARNING:oslo_policy.policy:Policies ['foo', 'bar'] are part of a cyclical reference.
Invalid rules found
Failed to parse rule: (role:admin and system_scope:all) or (role:foo and oken.domain.id:%(target.user.domain_id)s))
Unknown rule found in policy file: foo
Unknown rule found in policy file: bar

1.4 KiB Raw Blame History