f4c533b25f
Allows testing the access_data from a Keystone token against all rules in a policy file. Optionally can test a single rule. See $ tox -e venv -- oslopolicy-checker --help For more details Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com> Implements-Blueprint: oslopolicy-cli Change-Id: I8b2e8739c85077e856775f37e9868eb0a8babb3c
47 lines
1.4 KiB
ReStructuredText
47 lines
1.4 KiB
ReStructuredText
======================
|
|
Command Line Interface
|
|
======================
|
|
|
|
Run the command line ``oslopolicy-checker`` to check policy against the
|
|
OpenStack Identity API access information.
|
|
|
|
Command-line arguments:
|
|
|
|
* ``--policy POLICY`` path to policy file.
|
|
* ``--access ACCESS`` path to access token file.
|
|
* ``--rule RULE`` (optional) rule to test. If omitted, tests all rules.
|
|
* ``--is_admin IS_ADMIN`` (optional) set is_admin=True on the credentials.
|
|
|
|
Sample access tokens are provided in the ``sample_data`` directory.
|
|
|
|
Examples
|
|
--------
|
|
|
|
Test all of Nova's policy with an admin token
|
|
|
|
.. code-block:: bash
|
|
|
|
tox -e venv -- oslopolicy-checker \
|
|
--policy /opt/stack/nova/etc/nova/policy.json
|
|
--access sample_data/auth_v3_token_admin.json
|
|
|
|
Test the ``compute_extension:flavorextraspecs:index`` rule in Nova's policy
|
|
with the admin member token and ``is_admin`` set to ``True``
|
|
|
|
.. code-block:: bash
|
|
|
|
tox -e venv -- oslopolicy-checker \
|
|
--policy /opt/stack/nova/etc/nova/policy.json \
|
|
--access sample_data/auth_v3_token_admin.json \
|
|
--is_admin=true --rule compute_extension:flavorextraspecs:index
|
|
|
|
Test the ``compute_extension:flavorextraspecs:index`` rule in Nova's policy
|
|
with the plain member token
|
|
|
|
.. code-block:: bash
|
|
|
|
tox -e venv -- oslopolicy-checker \
|
|
--policy /opt/stack/nova/etc/nova/policy.json \
|
|
--access sample_data/auth_v3_token_member.json \
|
|
--rule compute_extension:flavorextraspecs:index
|