32a00a6529
1. We register both apirule and rule into enforcer, so we can keep the rule in the check_str 2. We re-generate all the services' policy, we just use the original policy of them. If users want to change, they can change them by themselves. 3. Adjust the post_install.sh, we install the service packages with dependencies. 4. Split the ironic and ironic_inspector policy, they can not be in the same policy file. Change-Id: I9e152e33be4eef60432fb2030d388b3bec4c082e
36 lines
1.1 KiB
Python
36 lines
1.1 KiB
Python
# flake8: noqa
|
|
# fmt: off
|
|
|
|
from . import base
|
|
|
|
list_rules = (
|
|
base.Rule(
|
|
name="context_is_admin",
|
|
check_str=("role:admin"),
|
|
description="No description",
|
|
),
|
|
base.APIRule(
|
|
name="segregation",
|
|
check_str=("role:admin and system_scope:all"),
|
|
description="Return the user and project the requestshould be limited to",
|
|
scope_types=["system"],
|
|
operations=[{"method": "GET", "path": "/v2/events"}, {"method": "GET", "path": "/v2/events/{message_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="telemetry:events:index",
|
|
check_str=(""),
|
|
description="Return all events matching the query filters.",
|
|
scope_types=["system", "project"],
|
|
operations=[{"method": "GET", "path": "/v2/events"}],
|
|
),
|
|
base.APIRule(
|
|
name="telemetry:events:show",
|
|
check_str=(""),
|
|
description="Return a single event with the given message id.",
|
|
scope_types=["system", "project"],
|
|
operations=[{"method": "GET", "path": "/v2/events/{message_id}"}],
|
|
),
|
|
)
|
|
|
|
__all__ = ("list_rules",)
|