Enable Log Management via specific policy.
Allow for setting the policy for Log Management access to something other than admin_required. There are cases where I would want to allow access to Grafana, but not access to Log Management and vica versa. Leave the default policy for admin_required in place. In production we use the identity scope for keystone specific items. I'd like to be able to change the scope for our policy checks to 'monitoring' which may not exist everywhere. Change-Id: If975e0366b94915d2a9e3982307abbdc20de4eb6
This commit is contained in:
parent
dff5945374
commit
1180e8319e
|
@ -55,6 +55,8 @@ DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS)
|
|||
GRAFANA_URL = getattr(settings, 'GRAFANA_URL', None)
|
||||
|
||||
ENABLE_KIBANA_BUTTON = getattr(settings, 'ENABLE_KIBANA_BUTTON', False)
|
||||
KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', 'admin_required')
|
||||
KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', 'identity')
|
||||
KIBANA_HOST = getattr(settings, 'KIBANA_HOST', 'http://192.168.10.4:5601/')
|
||||
|
||||
OPENSTACK_SSL_NO_VERIFY = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
||||
|
|
|
@ -241,7 +241,7 @@ class IndexView(TemplateView):
|
|||
context["api"] = api_root
|
||||
context["dashboards"] = get_dashboard_links(self.request)
|
||||
context['can_access_logs'] = policy.check(
|
||||
(('identity', 'admin_required'), ), self.request
|
||||
((getattr(settings, 'KIBANA_POLICY_SCOPE'), getattr(settings, 'KIBANA_POLICY_RULE')), ), self.request
|
||||
)
|
||||
context['enable_kibana_button'] = settings.ENABLE_KIBANA_BUTTON
|
||||
return context
|
||||
|
@ -412,5 +412,5 @@ class KibanaProxyView(generic.View):
|
|||
|
||||
def _can_access_kibana(self):
|
||||
return policy.check(
|
||||
(('identity', 'admin_required'),), self.request
|
||||
((getattr(settings, 'KIBANA_POLICY_SCOPE'), getattr(settings, 'KIBANA_POLICY_RULE')), ), self.request
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue