Gluon Access Control Blueprint - updates
Contains updates for the policy.json and proton.conf files Change-Id: I7472c238c09f5cdaab161a5cbf07df12e44f78f4 Implements: blueprint gluon-auth
This commit is contained in:
parent
8ba391dd77
commit
3c007e31d6
|
@ -133,26 +133,30 @@ to /etc/gluon/policy.json file. This file will have the following format.
|
|||
"regular_user": "",
|
||||
"default": "rule:admin_or_owner",
|
||||
|
||||
"create_baseport": "rule:admin_or_network_owner",
|
||||
"get_baseport": "rule:admin_or_owner",
|
||||
"update_baseport": "rule:admin_or_network_owner",
|
||||
"delete_baseport": "rule:admin_or_network_owner",
|
||||
"create_ports": "rule:admin_or_network_owner",
|
||||
"get_ports": "rule:admin_or_owner",
|
||||
"update_ports": "rule:admin_or_network_owner",
|
||||
"delete_ports": "rule:admin_or_network_owner",
|
||||
|
||||
"create_service": "rule:admin_or_network_owner",
|
||||
"get_service": "rule:admin_or_owner",
|
||||
"update_service": "rule:admin_or_network_owner",
|
||||
"delete_service": "rule:admin_or_network_owner",
|
||||
"create_interfaces": "rule:admin_or_network_owner",
|
||||
"get_interfaces": "rule:admin_or_owner",
|
||||
"update_interfaces": "rule:admin_or_network_owner",
|
||||
"delete_interfaces": "rule:admin_or_network_owner",
|
||||
|
||||
"create_function": "rule:admin_or_network_owner",
|
||||
"get_function": "rule:admin_or_owner",
|
||||
"update_function": "rule:admin_or_network_owner",
|
||||
"delete_function": "rule:admin_or_network_owner",
|
||||
"create_vpns": "rule:admin_or_network_owner",
|
||||
"get_vpns": "rule:admin_or_owner",
|
||||
"update_vpns": "rule:admin_or_network_owner",
|
||||
"delete_vpns": "rule:admin_or_network_owner",
|
||||
|
||||
"create_service_binding": "rule:admin_or_network_owner",
|
||||
"delete_service_binding": "rule:admin_or_network_owner",
|
||||
"create_vpnbindings": "rule:admin_or_network_owner",
|
||||
"get_vpnbindings": "rule:admin_or_owner",
|
||||
"update_vpnbindings": "rule:admin_or_network_owner",
|
||||
"delete_vpnbindings": "rule:admin_or_network_owner",
|
||||
|
||||
"create_function_binding": "rule:admin_or_network_owner",
|
||||
"delete_function_binding": "rule:admin_or_network_owner",
|
||||
"create_vpnafconfigs": "rule:admin_or_network_owner",
|
||||
"get_vpnafconfigs": "rule:admin_or_owner",
|
||||
"update_vpnafconfigs": "rule:admin_or_network_owner",
|
||||
"delete_vpnafconfigs": "rule:admin_or_network_owner",
|
||||
}
|
||||
|
||||
|
||||
|
@ -176,6 +180,27 @@ with Gluon to add keystone authentication and enforce RBAC policies defined in t
|
|||
|
||||
The pecan-wsgi service in the Neutron will be used as a reference code for Gluon implementation
|
||||
|
||||
Configuration
|
||||
~~~~~~~~~~~~~
|
||||
The /etc/proton/proton.conf file can be used to configure the authentication details. A sample
|
||||
configuration is shown below.
|
||||
|
||||
[api]
|
||||
auth_strategy = keystone
|
||||
|
||||
[keystone_authentication]
|
||||
auth_uri = http://127.0.0.1/identity
|
||||
project_domain_name = Default
|
||||
project_name = service
|
||||
user_domain_name = Default
|
||||
password = welcome
|
||||
username = gluon
|
||||
auth_url = http://127.0.0.1/identity_admin
|
||||
auth_type = password
|
||||
|
||||
[oslo_policy]
|
||||
policy_file = /etc/proton/policy.json
|
||||
|
||||
Appendix
|
||||
--------
|
||||
Configuring identity details for Keystone:
|
||||
|
|
Loading…
Reference in New Issue