From 086f0fb13ead0048388b1d96ee0211980dcb7540 Mon Sep 17 00:00:00 2001 From: mhuin Date: Mon, 21 Jul 2014 14:42:44 +0200 Subject: [PATCH] Fix README --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index b2e8c24..3037a0f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -SwiftPolicy Middleware. ------------------------ +SwiftPolicy Middleware +---------------------- -SwiftPolicy Middleware for OpenStack Swift, allows to use json policy file -format to handle swift authorizations. +The SwiftPolicy Middleware for OpenStack Swift allows to use a JSON policy file +to handle swift authorizations. SwiftPolicy is an adaptation of the keystoneauth middleware here: https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py @@ -14,9 +14,9 @@ Install 1) Install SwiftPolicy with ``sudo python setup.py install`` or ``sudo python setup.py develop``. -2) Alter your proxy-server.conf pipeline to have SwiftPolicy: +2) Alter your proxy-server.conf pipeline to include SwiftPolicy: -For example, you can use SwiftPolicy in place of keystoneauth middleware: +For example, you can use SwiftPolicy in place of the keystoneauth middleware: Change:: @@ -28,23 +28,23 @@ For example, you can use SwiftPolicy in place of keystoneauth middleware: [pipeline:main] pipeline = catch_errors cache swiftpolicy tempauth proxy-server -3) Add to your proxy-server.conf the section for the SwiftPolicy WSGI filter:: +3) Add to your proxy-server.conf the section for the SwiftPolicy WSGI filter. -Policy file is given using ``policy`` option +The policy file is set with the ``policy`` option :: [filter:swift3] use = egg:swiftpolicy#swiftpolicy policy = %(here)s/default.json -We install along with this middleare a default policy file in /etc/swift/default.json, which make our middleware behaves -the same way as keystoneauth (for compatibility reasons). +This middleware comes with a default policy file in /etc/swift/default.json that maintains +compatibility with keystoneauth. Policy file ----------- -The policy file will list all possible actions on swift proxy. -Action's format is: ``_`` (example: "get_container", "put_object", etc). +The policy file will list all possible actions on a swift proxy. +Action's syntax is: ``_`` (example: "get_container", "put_object", etc). ... "get_container": "rule:allowed_for_user", @@ -53,9 +53,9 @@ Action's format is: ``_`` (example: "get_container", " ... -Policy file contains also two specific rules: "swift_owner" "reseller_request", they define +The policy file contains also two specific rules: "swift_owner" "reseller_request", they are defined when swift_owner and reseller_request headers are set to true, as those two values are part -of the contract between the auth system (more details here: http://docs.openstack.org/developer/swift/overview_auth.html) +of the contract with the auth system (more details here: http://docs.openstack.org/developer/swift/overview_auth.html) ... "swift_owner": "rule:swift_reseller or rule:swift_operator", @@ -65,14 +65,14 @@ of the contract between the auth system (more details here: http://docs.openstac Example ------- -* To deny creation of new containers: set put_container to '!': +* To forbid the creation of new containers: set put_container to '!': ... "get_container": "rule:allowed_for_user", "put_container": "!", ... -* To restrict creation of new container to users with role "admin": +* To restrict the creation of new containers to users with the role "admin": ... "get_container": "rule:allowed_for_user", @@ -82,5 +82,5 @@ Example Limitations ----------- -* swiftpolicy does not support dynamic reload of policies, and thus, swift proxy have -to be restarted when policy file is updated. +* swiftpolicy does not support dynamic reload of policies, and thus, the swift proxy has +to be restarted when the policy file is updated.