diff options
| author | Lance Bragstad <lbragstad@gmail.com> | 2018-06-01 22:07:34 +0000 |
|---|---|---|
| committer | Lance Bragstad <lbragstad@gmail.com> | 2018-06-01 22:07:34 +0000 |
| commit | 3fe95b2aebde226bab0d710885f60a1862499b16 (patch) | |
| tree | 48964c77ef54f0040dcdab35fa04c13bc3440cdc /doc | |
| parent | e74a3b77447094767be78ae76758999e376f361f (diff) | |
| download | oslo-policy-3fe95b2aebde226bab0d710885f60a1862499b16.tar.gz | |
Add CLI usage documentation
This commit adds usage and examples for generating sample policy
files and listing redundant policy rules.
Change-Id: I2ff00a0a038fde5596ec2fe35de1b7647efcbb9c
Closes-Bug: 1741073
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/cli/index.rst | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/doc/source/cli/index.rst b/doc/source/cli/index.rst index 08b56c9..87f9fcf 100644 --- a/doc/source/cli/index.rst +++ b/doc/source/cli/index.rst @@ -50,3 +50,67 @@ with the plain member token --policy /opt/stack/nova/etc/nova/policy.json \ --access sample_data/auth_v3_token_member.json \ --rule compute_extension:flavorextraspecs:index + +oslopolicy-sample-generator +=========================== + +The ``oslopolicy-sample-generator`` command can be used to generate a sample +policy file based on the default policies in a given namespace. This tool +requires a namespace to query for policies and supports output in JSON or YAML. + +Examples +-------- + +To generate sample policies for a namespace called ``keystone``: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace keystone + + +To generate sample policies in JSON use: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace nova --format json + +To generate a sample policy file and output directly to a file: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace keystone \ + --format yaml \ + --output-file keystone-policy.yaml + +Use the following to generate help text for additional options and arguments +supported by ``oslopolicy-sample-generator``: + +.. code-block:: bash + + oslopolicy-sample-generator --help + +oslopolicy-list-redundant +========================= + +The ``oslopolicy-list-redundant`` tool is useful for detecting policies that +are specified in policy files that are the same as the defaults provided by the +service. Operators can use this tool to find policies that they can remove from +their policy files, making maintenance easier. + +This tool assumes a policy file containing overrides exists and is specified +through configuration. + +Examples +-------- + +To list redundant default policies: + +.. code-block:: bash + + oslopolicy-list-redundant --namespace keystone --config-dir /etc/keystone + +For more information regarding the options supported by this tool: + +.. code-block:: bash + + oslopolicy-list-redundant --help |