Add Moon stub for the tempest and patrole tests.

Change-Id: Icb3cc72f69636b3a99a3c7c19be3c4e407cb24dc

1 files changed, 46 insertions, 0 deletions

diff --git a/external_policy_checker/README.md b/external_policy_checker/README.md
new file mode 100644
index 00000000..ac44af0e
--- /dev/null
+++ b/external_policy_checker/README.md
@@ -0,0 +1,46 @@
+#External Policy Checker
+
+OpenStack component (like Nova, Glance, Cinder, ...) must populate 3 attributes to allow computing an authorization.
+Those 3 attributes are:
+- target
+- credentials
+- rule
+In all those attributes, we must find the following information:
+- In the 'credentials' attribute:
+    - the user ID: this is given in general by Keystone
+    - the project ID: this is given in general by Keystone
+    - as a proposal, the domain ID: this is given in general by Keystone
+- In the 'target' attribute:
+    - the resource ID (ie nova virtual machine ID, Glance image ID, ...): this must come from the component source of the request (Nova, Glance, …)
+- In the 'rule' attribute:
+    - the action name: this must come from the component source of the request (Nova, Glance, )
+    
+This server must be used to verify that all information given from OpenStack components can be retrieved in those attributes.
+
+
+## Usage:
+
+### server
+
+To start the server locally:
+    
+    cd external_policy_checker
+    python3 server.py 
+
+To start the server as a docker container:
+
+    docker run -ti -p 8080:8080 moon_platform/external_policy_checker:latest
+
+### API
+
+Here are the API, you can request:
+    
+    POST /policy_checker 
+    POST /authz/grant 
+    POST /authz/deny
+
+The `/policy_checker` allows to check if all information can be retrieve. 
+The `/authz/grant` will always send a "True" response.
+The `/authz/deny` will always send a "False" response.
+
+