Adding policy support for ceilometer

Adding default policy json file for ceilometer which is very sparse. Configuring access to metering panel to be RBAC gated. Using the appropriate policy checks to load the panel. Change-Id: Iad3ffe9d73fb994b146637e714c7d8c46102e104 Closes-Bug: #1419193 Partially-Closes: #1161144
2015-02-06 17:00:27 -07:00 · 2015-02-06 17:00:27 -07:00 · 9d8079db0c
parent a86b6c7320
commit 9d8079db0c
3 changed files with 10 additions and 1 deletions
--- a/openstack_dashboard/conf/ceilometer_policy.json
+++ b/openstack_dashboard/conf/ceilometer_policy.json
@ -0,0 +1,6 @@
+{
+    "context_is_admin": "role:admin",
+    "context_is_project": "project_id:%(target.project_id)s",
+    "context_is_owner": "user_id:%(target.user_id)s",
+    "segregation": "rule:context_is_admin"
+}
--- a/openstack_dashboard/dashboards/admin/metering/panel.py
+++ b/openstack_dashboard/dashboards/admin/metering/panel.py
@ -19,7 +19,9 @@ from openstack_dashboard.dashboards.admin import dashboard
 class Metering(horizon.Panel):
    name = _("Resource Usage")
    slug = 'metering'
-    permissions = ('openstack.services.metering', 'openstack.roles.admin', )
+    permissions = ('openstack.services.metering', )
+    policy_rules = (('telemetry', 'telemetry:compute_statistics'),
+                    ('telemetry', 'telemetry:get_meter'),)


 dashboard.Admin.register(Metering)
--- a/openstack_dashboard/settings.py
+++ b/openstack_dashboard/settings.py
@ -223,6 +223,7 @@ POLICY_FILES = {
    'image': 'glance_policy.json',
    'orchestration': 'heat_policy.json',
    'network': 'neutron_policy.json',
+    'telemetry': 'ceilometer_policy.json',
 }

 SECRET_KEY = None