x/group-based-policy
Code Issues Proposed changes
00eda5e6ce
group-based-policy/etc
History
Sumit Naiksatam b63b4d97db [aim-mapping] Restrict auto-ptg access 
This patch restricts GET and UPDATE for auto-ptg to the admin
via policy.json RBAC enforcement mechanism. When these rules are
in effect, policy_target creation in the auto_ptg is also restricted
to only the admin. These rules can however be relaxed if required by
modifying the policy.json file as follows:

Replace:
"get_policy_target_group": "rule:admin_auto_ptg or rule:non_auto_ptg",
"update_policy_target_group": "rule:admin_auto_ptg or rule:non_auto_ptg",

with:
"get_policy_target_group": "rule:admin_or_owner or rule:shared_ptg",

This patch adds a new driver extension attribute: is_auto_ptg to
facilitate specification of rules in policy.json. This has the added
benefit of supportying the specification of a filter for auto_ptgs
when retrieving policy_target_groups.

Change-Id: I6d9e873acb2b1b3bee8d78a45527bd4d5d437eca
2016-12-16 15:03:30 -08:00
..
drivers refactor SC mapping into a dedicated gbp driver 2015-10-15 15:36:32 -07:00
servicechain Admin or Provider tenant to own implicit SCIs 2015-09-24 14:34:36 -07:00
grouppolicy.ini refactor SC mapping into a dedicated gbp driver 2015-10-15 15:36:32 -07:00
policy.json [aim-mapping] Restrict auto-ptg access 2016-12-16 15:03:30 -08:00