Gluon Access Control Blueprint - updates
Contains updates for the policy.json and proton.conf files Change-Id: I7472c238c09f5cdaab161a5cbf07df12e44f78f4 Implements: blueprint gluon-auth
This commit is contained in:
parent
8ba391dd77
commit
3c007e31d6
|
@ -133,26 +133,30 @@ to /etc/gluon/policy.json file. This file will have the following format.
|
||||||
"regular_user": "",
|
"regular_user": "",
|
||||||
"default": "rule:admin_or_owner",
|
"default": "rule:admin_or_owner",
|
||||||
|
|
||||||
"create_baseport": "rule:admin_or_network_owner",
|
"create_ports": "rule:admin_or_network_owner",
|
||||||
"get_baseport": "rule:admin_or_owner",
|
"get_ports": "rule:admin_or_owner",
|
||||||
"update_baseport": "rule:admin_or_network_owner",
|
"update_ports": "rule:admin_or_network_owner",
|
||||||
"delete_baseport": "rule:admin_or_network_owner",
|
"delete_ports": "rule:admin_or_network_owner",
|
||||||
|
|
||||||
"create_service": "rule:admin_or_network_owner",
|
"create_interfaces": "rule:admin_or_network_owner",
|
||||||
"get_service": "rule:admin_or_owner",
|
"get_interfaces": "rule:admin_or_owner",
|
||||||
"update_service": "rule:admin_or_network_owner",
|
"update_interfaces": "rule:admin_or_network_owner",
|
||||||
"delete_service": "rule:admin_or_network_owner",
|
"delete_interfaces": "rule:admin_or_network_owner",
|
||||||
|
|
||||||
"create_function": "rule:admin_or_network_owner",
|
"create_vpns": "rule:admin_or_network_owner",
|
||||||
"get_function": "rule:admin_or_owner",
|
"get_vpns": "rule:admin_or_owner",
|
||||||
"update_function": "rule:admin_or_network_owner",
|
"update_vpns": "rule:admin_or_network_owner",
|
||||||
"delete_function": "rule:admin_or_network_owner",
|
"delete_vpns": "rule:admin_or_network_owner",
|
||||||
|
|
||||||
"create_service_binding": "rule:admin_or_network_owner",
|
"create_vpnbindings": "rule:admin_or_network_owner",
|
||||||
"delete_service_binding": "rule:admin_or_network_owner",
|
"get_vpnbindings": "rule:admin_or_owner",
|
||||||
|
"update_vpnbindings": "rule:admin_or_network_owner",
|
||||||
|
"delete_vpnbindings": "rule:admin_or_network_owner",
|
||||||
|
|
||||||
"create_function_binding": "rule:admin_or_network_owner",
|
"create_vpnafconfigs": "rule:admin_or_network_owner",
|
||||||
"delete_function_binding": "rule:admin_or_network_owner",
|
"get_vpnafconfigs": "rule:admin_or_owner",
|
||||||
|
"update_vpnafconfigs": "rule:admin_or_network_owner",
|
||||||
|
"delete_vpnafconfigs": "rule:admin_or_network_owner",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -176,6 +180,27 @@ with Gluon to add keystone authentication and enforce RBAC policies defined in t
|
||||||
|
|
||||||
The pecan-wsgi service in the Neutron will be used as a reference code for Gluon implementation
|
The pecan-wsgi service in the Neutron will be used as a reference code for Gluon implementation
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
~~~~~~~~~~~~~
|
||||||
|
The /etc/proton/proton.conf file can be used to configure the authentication details. A sample
|
||||||
|
configuration is shown below.
|
||||||
|
|
||||||
|
[api]
|
||||||
|
auth_strategy = keystone
|
||||||
|
|
||||||
|
[keystone_authentication]
|
||||||
|
auth_uri = http://127.0.0.1/identity
|
||||||
|
project_domain_name = Default
|
||||||
|
project_name = service
|
||||||
|
user_domain_name = Default
|
||||||
|
password = welcome
|
||||||
|
username = gluon
|
||||||
|
auth_url = http://127.0.0.1/identity_admin
|
||||||
|
auth_type = password
|
||||||
|
|
||||||
|
[oslo_policy]
|
||||||
|
policy_file = /etc/proton/policy.json
|
||||||
|
|
||||||
Appendix
|
Appendix
|
||||||
--------
|
--------
|
||||||
Configuring identity details for Keystone:
|
Configuring identity details for Keystone:
|
||||||
|
@ -200,4 +225,4 @@ Configuring identity details for Keystone:
|
||||||
|
|
||||||
Reference
|
Reference
|
||||||
---------
|
---------
|
||||||
1) Port and service binding model - https://review.openstack.org/#/c/392250
|
1) Port and service binding model - https://review.openstack.org/#/c/392250
|
||||||
|
|
Loading…
Reference in New Issue