diff options
author | Thomas Duval <thomas.duval@orange.com> | 2020-06-03 10:06:52 +0200 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2020-06-03 10:06:52 +0200 |
commit | 7bb53c64da2dcf88894bfd31503accdd81498f3d (patch) | |
tree | 4310e12366818af27947b5e2c80cb162da93a4b5 /old/external_policy_checker/README.md | |
parent | cbea4e360e9bfaa9698cf7c61c83c96a1ba89b8c (diff) |
Update to new version 5.4HEADstable/jermamaster
Signed-off-by: Thomas Duval <thomas.duval@orange.com>
Change-Id: Idcd868133d75928a1ffd74d749ce98503e0555ea
Diffstat (limited to 'old/external_policy_checker/README.md')
-rw-r--r-- | old/external_policy_checker/README.md | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/old/external_policy_checker/README.md b/old/external_policy_checker/README.md new file mode 100644 index 00000000..ac44af0e --- /dev/null +++ b/old/external_policy_checker/README.md @@ -0,0 +1,46 @@ +#External Policy Checker + +OpenStack component (like Nova, Glance, Cinder, ...) must populate 3 attributes to allow computing an authorization. +Those 3 attributes are: +- target +- credentials +- rule +In all those attributes, we must find the following information: +- In the 'credentials' attribute: + - the user ID: this is given in general by Keystone + - the project ID: this is given in general by Keystone + - as a proposal, the domain ID: this is given in general by Keystone +- In the 'target' attribute: + - the resource ID (ie nova virtual machine ID, Glance image ID, ...): this must come from the component source of the request (Nova, Glance, …) +- In the 'rule' attribute: + - the action name: this must come from the component source of the request (Nova, Glance, ) + +This server must be used to verify that all information given from OpenStack components can be retrieved in those attributes. + + +## Usage: + +### server + +To start the server locally: + + cd external_policy_checker + python3 server.py + +To start the server as a docker container: + + docker run -ti -p 8080:8080 moon_platform/external_policy_checker:latest + +### API + +Here are the API, you can request: + + POST /policy_checker + POST /authz/grant + POST /authz/deny + +The `/policy_checker` allows to check if all information can be retrieve. +The `/authz/grant` will always send a "True" response. +The `/authz/deny` will always send a "False" response. + + |