oslo.policy

Commit Graph

Author	SHA1	Message	Date
Colleen Murphy	99daead510	Modernize policy checker Without this patch, the policy checker issues a 'failed' result when checking a system-scoped sample token against a policy string like "role:admin and system_scope:all", because the policy checker does not understand the 'system_scope' attribute that is now in oslo.context[1] and wasn't parsing the "system" scope object from the sample token. Similarly, it fails on a string like "user_id:%(user_id)s" because it never looked up the user_id from the sample token. This change updates the policy checker to understand token contexts and policies like these so that more of the policy defaults in keystone, and soon other projects, will pass. This also adds a new system-scoped sample token to check against. [1] https://review.opendev.org/530509 Change-Id: I02fbbc99d28aa5c787133f530f6e968341107bf7	2019-10-10 08:38:14 -07:00
Adam Young	f4c533b25f	Add oslopolicy-checker command-line tool Allows testing the access_data from a Keystone token against all rules in a policy file. Optionally can test a single rule. See $ tox -e venv -- oslopolicy-checker --help For more details Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com> Implements-Blueprint: oslopolicy-cli Change-Id: I8b2e8739c85077e856775f37e9868eb0a8babb3c	2016-01-12 15:44:03 -06:00

Author

SHA1

Message

Date

Colleen Murphy

99daead510

Modernize policy checker

Without this patch, the policy checker issues a 'failed' result when
checking a system-scoped sample token against a policy string like
"role:admin and system_scope:all", because the policy checker does not
understand the 'system_scope' attribute that is now in oslo.context[1]
and wasn't parsing the "system" scope object from the sample token.
Similarly, it fails on a string like "user_id:%(user_id)s" because it
never looked up the user_id from the sample token. This change updates
the policy checker to understand token contexts and policies like these
so that more of the policy defaults in keystone, and soon other
projects, will pass. This also adds a new system-scoped sample token to
check against.

[1] https://review.opendev.org/530509

Change-Id: I02fbbc99d28aa5c787133f530f6e968341107bf7

2019-10-10 08:38:14 -07:00

Adam Young

f4c533b25f

Add oslopolicy-checker command-line tool

Allows testing the access_data from a Keystone token against
all rules in a policy file.

Optionally can test a single rule. See

$ tox -e venv -- oslopolicy-checker --help

For more details

Co-Authored-By: Ian Cordasco <graffatcolmingov@gmail.com>
Implements-Blueprint: oslopolicy-cli
Change-Id: I8b2e8739c85077e856775f37e9868eb0a8babb3c

2016-01-12 15:44:03 -06:00

2 Commits