From 82f68df58998003de4cd47c5cd247080af15bea4 Mon Sep 17 00:00:00 2001 From: Witold Bedyk Date: Tue, 31 Jul 2018 14:47:07 +0200 Subject: [PATCH] Update policy configuration document Change-Id: I94164f43c20eb2d3ee66be4aab8419eff3f46333 Story: 2001233 Task: 23333 --- doc/source/configuration/configuring.rst | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/source/configuration/configuring.rst b/doc/source/configuration/configuring.rst index 50111972..45476041 100644 --- a/doc/source/configuration/configuring.rst +++ b/doc/source/configuration/configuring.rst @@ -82,9 +82,12 @@ The configuration for ``monitoring`` should either be provided in Configuring RBAC ---------------- -At the moment monasca-log-api does not feature RBAC fully with -``oslo.policies``. -It provides a custom mechanism, however, that can be configured as follows: +The role-based access policy can be defined in the ``log-api.policy.yaml`` file +as described in `oslo.policy documentation +`_. + +Additionally, for historical reasons, custom RBAC mechanism is provided. It can +be configured as follows: * ``path`` - list of URIs that RBAC applies to * ``default_roles`` - list of roles that are permitted to access the API @@ -93,12 +96,9 @@ It provides a custom mechanism, however, that can be configured as follows: * ``delegate_roles`` - list of roles required by log-agent for sending logs on behalf of another project (tenant) -The configuration for ``roles_middleware`` should either be provided in +The configuration for ``roles_middleware`` can be provided either in ``log-api.conf`` or in a file in one of the configuration directories. -The configuration for accessing the services by ``oslo.policies`` can be -provided in ``log-api.policy.yaml``. - Configuring Logging ------------------- @@ -158,4 +158,3 @@ example:: POST /logs POST /log/single "log_api:logs:post": "role:monasca-user" -