Rules engine to enforce access control policy
f79650325f
This allows us to test the policy for other services which might have
different or unusual target data formats (such as Barbican). It would be
possible to pass it as a nested dictionary, e.g.:
{
"target": {
"secret": {
"project_id": "my project id"
}
}
}
or as a key pair (as oslo.policy would expect):
{
"target.secret.project_id": "my project id"
}
Both will work (note that this logic was taken from barbican).
This fixes around the limitation that the target is hardcoded to be
"project_id", and thus allows to test more scenarios (such as the
project ID not matching).
Change-Id: Ia9f7462072a8cb142251c8bb5ef19d9a25a98119
|
||
|---|---|---|
| doc/source | ||
| oslo_policy | ||
| releasenotes | ||
| sample_data | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .stestr.conf | ||
| .zuul.yaml | ||
| babel.cfg | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| lower-constraints.txt | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
Team and repository tags
oslo.policy
The Oslo Policy library provides support for RBAC policy enforcement across all OpenStack services.
- Free software: Apache license
- Documentation: https://docs.openstack.org/oslo.policy/latest/
- Source: https://git.openstack.org/cgit/openstack/oslo.policy
- Bugs: https://bugs.launchpad.net/oslo.policy
- Blueprints: https://blueprints.launchpad.net/oslo.policy
- Release Notes: https://docs.openstack.org/releasenotes/oslo.policy