Adam Young f4c533b25f Add oslopolicy-checker command-line tool

Allows testing the access_data from a Keystone token against
all rules in a policy file.

Optionally can test a single rule. See

$ tox -e venv -- oslopolicy-checker --help

For more details

Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Implements-Blueprint: oslopolicy-cli
Change-Id: I8b2e8739c85077e856775f37e9868eb0a8babb3c

2016-01-12 15:44:03 -06:00

1.4 KiB

Raw Blame History

Command Line Interface

Run the command line oslopolicy-checker to check policy against the OpenStack Identity API access information.

Command-line arguments:

--policy POLICY path to policy file.
--access ACCESS path to access token file.
--rule RULE (optional) rule to test. If omitted, tests all rules.
--is_admin IS_ADMIN (optional) set is_admin=True on the credentials.

Sample access tokens are provided in the sample_data directory.

Examples

Test all of Nova's policy with an admin token

tox -e venv -- oslopolicy-checker \
  --policy  /opt/stack/nova/etc/nova/policy.json
  --access sample_data/auth_v3_token_admin.json

Test the compute_extension:flavorextraspecs:index rule in Nova's policy with the admin member token and is_admin set to True

tox -e venv -- oslopolicy-checker \
  --policy  /opt/stack/nova/etc/nova/policy.json \
  --access sample_data/auth_v3_token_admin.json \
  --is_admin=true --rule compute_extension:flavorextraspecs:index

Test the compute_extension:flavorextraspecs:index rule in Nova's policy with the plain member token

tox -e venv -- oslopolicy-checker \
  --policy  /opt/stack/nova/etc/nova/policy.json \
  --access sample_data/auth_v3_token_member.json \
  --rule compute_extension:flavorextraspecs:index

1.4 KiB Raw Blame History

Command Line Interface

Examples

1.4 KiB

Raw Blame History