diff options
author | Divya <dikonoor@in.ibm.com> | 2015-03-27 09:27:35 +0100 |
---|---|---|
committer | Divya <dikonoor@in.ibm.com> | 2015-04-07 15:43:06 +0200 |
commit | aa78d70df29c3927c032ef49079011fd9c937f73 (patch) | |
tree | c4b93eb8ab1ef7497c95a6189fcb79febe63c63b /etc | |
parent | 2fb046fb6682ceadc82acdbfd3d708ac23fe9fa2 (diff) | |
download | ceilometer-aa78d70df29c3927c032ef49079011fd9c937f73.tar.gz |
Adds support for default rule in ceilometer policy.json.
The default rule is broken in the current implementation of
ceilometer rbac, because ceilometer rbac.py does not leverage
the support provided by oslo_policy . It instead tries to
loop through all the rules in the policy.json to check if the
rule corresponding to the requested REST api matches with the
any in the policy.json. In this process, it completely ignores
the existence of the default rule.
Closes-Bug: 1435855
Change-Id: Icab626b28d14514b0f024df447a8e7f35c52257c
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ceilometer/policy.json | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/ceilometer/policy.json b/etc/ceilometer/policy.json index 4c3ec47a..2bcd0342 100644 --- a/etc/ceilometer/policy.json +++ b/etc/ceilometer/policy.json @@ -2,5 +2,6 @@ "context_is_admin": "role:admin", "context_is_project": "project_id:%(target.project_id)s", "context_is_owner": "user_id:%(target.user_id)s", - "segregation": "rule:context_is_admin" + "segregation": "rule:context_is_admin", + "default": "" } |