openstack
/
oslo.policy
Code Issues Proposed changes

Merge "Fix document formatting"

This commit is contained in:
Zuul 2018-05-18 15:52:34 +00:00 committed by Gerrit Code Review
parent 90e6412210 3a849a0410
commit ba836f2d40
1 changed files with 32 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
oslo_policy/policy.py
View File

@ -37,24 +37,24 @@ easier for most people to understand.
In the policy language, each check is specified as a simple "a:b" pair that is In the policy language, each check is specified as a simple "a:b" pair that is
matched to the correct class to perform that check: matched to the correct class to perform that check:
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
| TYPE | SYNTAX | | TYPE | SYNTAX |
+================================+==========================================+ +================================+==========================================+
|User's Role | role:admin | |User's Role | role:admin |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
|Rules already defined on policy | rule:admin_required | |Rules already defined on policy | rule:admin_required |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
|Against URLs¹ | http://my-url.org/check | |Against URLs¹ | http://my-url.org/check |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
|User attributes² | project_id:%(target.project.id)s | |User attributes² | project_id:%(target.project.id)s |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
|Strings | - <variable>:'xpto2035abc' | |Strings | - <variable>:'xpto2035abc' |
| | - 'myproject':<variable> | | | - 'myproject':<variable> |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
| | - project_id:xpto2035abc | | | - project_id:xpto2035abc |
|Literals | - domain_id:20 | |Literals | - domain_id:20 |
| | - True:%(user.enabled)s | | | - True:%(user.enabled)s |
+--------------------------------+------------------------------------------+ +--------------------------------+------------------------------------------+
¹URL checking must return ``True`` to be valid ¹URL checking must return ``True`` to be valid
@ -72,17 +72,17 @@ policy rule::
Operator precedence is below: Operator precedence is below:
+------------+-------------+-------------+ +------------+-------------+-------------+
| PRECEDENCE | TYPE | EXPRESSION | | PRECEDENCE | TYPE | EXPRESSION |
+============+=============+=============+ +============+=============+=============+
| 4 | Grouping | (...) | | 4 | Grouping | (...) |
+------------+-------------+-------------+ +------------+-------------+-------------+
| 3 | Logical NOT | not ... | | 3 | Logical NOT | not ... |
+------------+-------------+-------------+ +------------+-------------+-------------+
| 2 | Logical AND | ... and ... | | 2 | Logical AND | ... and ... |
+------------+-------------+-------------+ +------------+-------------+-------------+
| 1 | Logical OR | ... or ... | | 1 | Logical OR | ... or ... |
+------------+-------------+-------------+ +------------+-------------+-------------+
Operator with larger precedence number precedes others with smaller numbers. Operator with larger precedence number precedes others with smaller numbers.
@ -123,9 +123,9 @@ policy enforcement.
Generic checks can be used to perform policy checks on the following user Generic checks can be used to perform policy checks on the following user
attributes obtained through a token: attributes obtained through a token:
- user_id - user_id
- domain_id or project_id (depending on the token scope) - domain_id or project_id (depending on the token scope)
- list of roles held for the given token scope - list of roles held for the given token scope
.. note:: .. note::
Some resources which are exposed by the API do not support policy Some resources which are exposed by the API do not support policy