Enable Log Management via specific policy.

Allow for setting the policy for Log Management access
to something other than admin_required. There are cases
where I would want to allow access to Grafana, but not
access to Log Management and vica versa. Leave the default
policy for admin_required in place.

In production we use the identity scope for keystone
specific items. I'd like to be able to change the scope
for our policy checks to 'monitoring' which may not
exist everywhere.

Change-Id: If975e0366b94915d2a9e3982307abbdc20de4eb6
This commit is contained in:
Tom Miller 2017-01-10 14:43:22 -07:00
parent dff5945374
commit 1180e8319e
2 changed files with 4 additions and 2 deletions

View File

@ -55,6 +55,8 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)
ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')
OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)

View File

@ -241,7 +241,7 @@ class IndexView(TemplateView):
context["api"] = api_root
context["dashboards"] = get_dashboard_links(self.request)
context['can_access_logs'] = policy.check(
(('identity', 'admin_required'), ), self.request
((getattr(settings, 'KIBANA_POLICY_SCOPE'), getattr(settings, 'KIBANA_POLICY_RULE')), ), self.request
)
context['enable_kibana_button'] = settings.ENABLE_KIBANA_BUTTON
return context
@ -412,5 +412,5 @@ class KibanaProxyView(generic.View):
def _can_access_kibana(self):
return policy.check(
(('identity', 'admin_required'),), self.request
((getattr(settings, 'KIBANA_POLICY_SCOPE'), getattr(settings, 'KIBANA_POLICY_RULE')), ), self.request
)