Merge "Use policy-generator to generate policy sample file"

This commit is contained in:
Jenkins 2017-02-04 03:10:42 +00:00 committed by Gerrit Code Review
commit 465c98dfd0
4 changed files with 8 additions and 39 deletions

View File

@ -0,0 +1,4 @@
To generate the sample policy.json file, run the following command from the top
level of the mogan directory:
tox -egenpolicy

View File

@ -1,38 +0,0 @@
# Legacy rule for cloud admin access
"admin_api": "role:admin or role:administrator"
# Internal flag for public API routes
"public_api": "is_public_api:True"
# Show or mask secrets within instance information in API responses
"show_instance_secrets": "!"
# any access will be passed
"allow": "@"
# all access will be forbidden
"deny": "!"
# Full read/write API access
"is_admin": "rule:admin_api or (rule:is_member and role:mogan_admin)"
# Admin or owner API access
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
# Admin or user API access
"admin_or_user": "is_admin:True or user_id:%(user_id)s"
# Default API access rule
"default": "rule:admin_or_owner"
# Retrieve Instance records
"mogan:instance:get": "rule:default"
# View Instance power and provision state
"mogan:instance:get_states": "rule:default"
# Create Instance records
"mogan:instance:create": "rule:allow"
# Delete Instance records
"mogan:instance:delete": "rule:default"
# Update Instance records
"mogan:instance:update": "rule:default"
# Start an instance
"mogan:instance:set_power_state:on": "rule:default"
# Stop an instance
"mogan:instance:set_power_state:off": "rule:default"
# Reboot an instance
"mogan:instance:set_power_state:reboot": "rule:default"
# Get Instance network information
"mogan:instance:get_networks": "rule:default"
# Associate floating IP to instance
"mogan:instance:associate_floatingip": "rule:default"

View File

@ -0,0 +1,3 @@
[DEFAULT]
output_file = etc/mogan/policy.json.sample
namespace = mogan.api

View File

@ -72,7 +72,7 @@ commands =
sitepackages = False
envdir = {toxworkdir}/venv
commands =
oslopolicy-sample-generator --namespace=mogan.api --output-file=etc/mogan/policy.json.sample
oslopolicy-sample-generator --config-file=tools/config/mogan-policy-generator.conf
[testenv:api-ref]
# This environment is called from CI scripts to test and publish