openstack-manuals

Allow policy.json resource vs constant check

Bug #1278040 reported by OpenStack Infra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Invalid
Medium
Unassigned

Bug Description

https://review.openstack.org/68176

Dear documentation bug triager. This bug was created here because we did not know how to map the project name "openstack/oslo-incubator" to a launchpad project name. This indicates that the notify_impact config needs tweaks. You can ask the OpenStack infra team (#openstack-infra on freenode) for help if you need to.

commit 0da5de6b548d34300a75f80bf87d6a809c609d2f
Author: Florent Flament <email address hidden>
Date: Tue Jan 21 17:03:19 2014 +0000

    Allow policy.json resource vs constant check

    Adds the ability to check any resource's field against a constant
    (literal, or string) in the policy.json file.

    For instance, I can ensure that only users with field `enabled` set to
    False can be deleted with the following rule:
    "identity:delete_user": "False:%(target.user.enabled)s",

    Or that only the `Member` role can be granted:
    "identity:create_grant": "'Member':%(target.role.name)s",

    Change-Id: I99688fd88c229b7566ddf6e4933412b6fd0cbdb2
    Implements: blueprint policy-constant-check
    DocImpact

Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: New → Confirmed
importance: Undecided → Medium
milestone: none → icehouse
Revision history for this message
Tom Fifield (fifieldt) wrote :

we don't doc policy.json to this level of detail

Changed in openstack-manuals:
status: Confirmed → Invalid
milestone: icehouse → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.