Adds support for default rule in ceilometer policy.json.

The default rule is broken in the current implementation of ceilometer rbac, because ceilometer rbac.py does not leverage the support provided by oslo_policy . It instead tries to loop through all the rules in the policy.json to check if the rule corresponding to the requested REST api matches with the any in the policy.json. In this process, it completely ignores the existence of the default rule. Closes-Bug: 1435855 Change-Id: Icab626b28d14514b0f024df447a8e7f35c52257c
author: Divya <dikonoor@in.ibm.com> 2015-03-27 09:27:35 +0100
committer: Divya <dikonoor@in.ibm.com> 2015-04-07 15:43:06 +0200
commit: aa78d70df29c3927c032ef49079011fd9c937f73 (patch)
tree: c4b93eb8ab1ef7497c95a6189fcb79febe63c63b /etc
parent: 2fb046fb6682ceadc82acdbfd3d708ac23fe9fa2 (diff)
download: ceilometer-aa78d70df29c3927c032ef49079011fd9c937f73.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/ceilometer/policy.json b/etc/ceilometer/policy.json
index 4c3ec47a..2bcd0342 100644
--- a/etc/ceilometer/policy.json
+++ b/etc/ceilometer/policy.json
@@ -2,5 +2,6 @@
     "context_is_admin": "role:admin",
     "context_is_project": "project_id:%(target.project_id)s",
     "context_is_owner": "user_id:%(target.user_id)s",
-    "segregation": "rule:context_is_admin"
+    "segregation": "rule:context_is_admin",
+    "default": ""
 }
author	Divya <dikonoor@in.ibm.com>	2015-03-27 09:27:35 +0100
committer	Divya <dikonoor@in.ibm.com>	2015-04-07 15:43:06 +0200
commit	aa78d70df29c3927c032ef49079011fd9c937f73 (patch)
tree	c4b93eb8ab1ef7497c95a6189fcb79febe63c63b /etc
parent	2fb046fb6682ceadc82acdbfd3d708ac23fe9fa2 (diff)
download	ceilometer-aa78d70df29c3927c032ef49079011fd9c937f73.tar.gz