Update policy configuration document
Change-Id: I94164f43c20eb2d3ee66be4aab8419eff3f46333 Story: 2001233 Task: 23333
This commit is contained in:
parent
5729d7e7c8
commit
82f68df589
|
@ -82,9 +82,12 @@ The configuration for ``monitoring`` should either be provided in
|
|||
Configuring RBAC
|
||||
----------------
|
||||
|
||||
At the moment monasca-log-api does not feature RBAC fully with
|
||||
``oslo.policies``.
|
||||
It provides a custom mechanism, however, that can be configured as follows:
|
||||
The role-based access policy can be defined in the ``log-api.policy.yaml`` file
|
||||
as described in `oslo.policy documentation
|
||||
<https://docs.openstack.org/oslo.policy>`_.
|
||||
|
||||
Additionally, for historical reasons, custom RBAC mechanism is provided. It can
|
||||
be configured as follows:
|
||||
|
||||
* ``path`` - list of URIs that RBAC applies to
|
||||
* ``default_roles`` - list of roles that are permitted to access the API
|
||||
|
@ -93,12 +96,9 @@ It provides a custom mechanism, however, that can be configured as follows:
|
|||
* ``delegate_roles`` - list of roles required by log-agent for sending logs
|
||||
on behalf of another project (tenant)
|
||||
|
||||
The configuration for ``roles_middleware`` should either be provided in
|
||||
The configuration for ``roles_middleware`` can be provided either in
|
||||
``log-api.conf`` or in a file in one of the configuration directories.
|
||||
|
||||
The configuration for accessing the services by ``oslo.policies`` can be
|
||||
provided in ``log-api.policy.yaml``.
|
||||
|
||||
Configuring Logging
|
||||
-------------------
|
||||
|
||||
|
@ -158,4 +158,3 @@ example::
|
|||
POST /logs
|
||||
POST /log/single
|
||||
"log_api:logs:post": "role:monasca-user"
|
||||
|
||||
|
|
Loading…
Reference in New Issue