The description for method enforce in rbac.py is not right, and
will confuse the developer, so correct it.
Change-Id: I35737470421c19278efaa201803a15bab8faee1f
Rbac context is limited not by policy but is inherently built in
as we cannot enforce policy on a list.
This patch drops the dummy policy, the invalid context_is_project
and context_is_admin policies, and ensures policy rbac can restrict
on admin appropriately.
Closes-Bug: #1504495
Change-Id: Id3b1ad71aea46456c6e6c1995776b988017d4786
The default rule is broken in the current implementation of
ceilometer rbac, because ceilometer rbac.py does not leverage
the support provided by oslo_policy . It instead tries to
loop through all the rules in the policy.json to check if the
rule corresponding to the requested REST api matches with the
any in the policy.json. In this process, it completely ignores
the existence of the default rule.
Closes-Bug: 1435855
Change-Id: Icab626b28d14514b0f024df447a8e7f35c52257c
This patch adds policy based Role Based Access Control
to the Ceilometer V2 APIs.
Validation/Enforcement of the policy is executed for the
different controllers and hence it is possible to
granularly control access.
Co-Authored-By: Fabio Giannetti <fabio.giannetti@hp.com>
Change-Id: I788b9b31c8cfba9f3caa19f1f6d465a3f81101ad