From 3e374a98642de32399001350c938ed4b650353d4 Mon Sep 17 00:00:00 2001 From: Kamal Hussain Date: Tue, 7 Feb 2017 15:10:42 -0600 Subject: [PATCH] Sample policy.json and proton.conf files Contains sample files of policy.json and proton.conf. Change-Id: I95e0f49cf6d7f56c02b7b6eca49579d59ef54503 Implements: blueprint gluon-auth --- doc/samples/policy.json | 35 +++++++++++++++++++++++++++++++++++ doc/samples/proton.conf | 20 ++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 doc/samples/policy.json create mode 100644 doc/samples/proton.conf diff --git a/doc/samples/policy.json b/doc/samples/policy.json new file mode 100644 index 0000000..745770b --- /dev/null +++ b/doc/samples/policy.json @@ -0,0 +1,35 @@ +{ + "owner": "tenant_id:%(tenant_id)s", + "admin_or_owner": "rule:context_is_admin or rule:owner", + "context_is_advsvc": "role:advsvc", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", + "admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "default": "rule:admin_or_owner", + + "create_ports": "rule:admin_or_network_owner", + "get_ports": "rule:admin_or_owner", + "update_ports": "rule:admin_or_network_owner", + "delete_ports": "rule:admin_or_network_owner", + + "create_interfaces": "rule:admin_or_network_owner", + "get_interfaces": "rule:admin_or_owner", + "update_interfaces": "rule:admin_or_network_owner", + "delete_interfaces": "rule:admin_or_network_owner", + + "create_vpns": "rule:admin_or_network_owner", + "get_vpns": "rule:admin_or_owner", + "update_vpns": "rule:admin_or_network_owner", + "delete_vpns": "rule:admin_or_network_owner", + + "create_vpnbindings": "rule:admin_or_network_owner", + "get_vpnbindings": "rule:admin_or_owner", + "update_vpnbindings": "rule:admin_or_network_owner", + "delete_vpnbindings": "rule:admin_or_network_owner", + + "create_vpnafconfigs": "rule:admin_or_network_owner", + "get_vpnafconfigs": "rule:admin_or_owner", + "update_vpnafconfigs": "rule:admin_or_network_owner", + "delete_vpnafconfigs": "rule:admin_or_network_owner", +} diff --git a/doc/samples/proton.conf b/doc/samples/proton.conf new file mode 100644 index 0000000..90a080b --- /dev/null +++ b/doc/samples/proton.conf @@ -0,0 +1,20 @@ +# /etc/proton/proton.conf file + +[DEFAULT] +state_path = /opt/proton + +[api] +auth_strategy = keystone + +[keystone_authentication] +auth_uri = http://127.0.0.1/identity +project_domain_name = Default +project_name = service +user_domain_name = Default +password = welcome +username = gluon +auth_url = http://127.0.0.1/identity_admin +auth_type = password + +[oslo_policy] +policy_file = /etc/proton/policy.json