diff options
author | Zuul <zuul@review.openstack.org> | 2018-06-07 22:01:54 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2018-06-07 22:01:54 +0000 |
commit | 9fbbda81f10f81ff691eca102b61646e70b7042b (patch) | |
tree | e19dfb0ca36e21dcc9bb6b5b1d2168af64b624fa /doc | |
parent | 17ebfd5868388ea0fbc3f4881dae8b0c9fd8e742 (diff) | |
parent | 3fe95b2aebde226bab0d710885f60a1862499b16 (diff) | |
download | oslo-policy-9fbbda81f10f81ff691eca102b61646e70b7042b.tar.gz |
Merge "Add CLI usage documentation"
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/cli/index.rst | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/doc/source/cli/index.rst b/doc/source/cli/index.rst index 08b56c9..87f9fcf 100644 --- a/doc/source/cli/index.rst +++ b/doc/source/cli/index.rst @@ -50,3 +50,67 @@ with the plain member token --policy /opt/stack/nova/etc/nova/policy.json \ --access sample_data/auth_v3_token_member.json \ --rule compute_extension:flavorextraspecs:index + +oslopolicy-sample-generator +=========================== + +The ``oslopolicy-sample-generator`` command can be used to generate a sample +policy file based on the default policies in a given namespace. This tool +requires a namespace to query for policies and supports output in JSON or YAML. + +Examples +-------- + +To generate sample policies for a namespace called ``keystone``: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace keystone + + +To generate sample policies in JSON use: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace nova --format json + +To generate a sample policy file and output directly to a file: + +.. code-block:: bash + + oslopolicy-sample-generator --namespace keystone \ + --format yaml \ + --output-file keystone-policy.yaml + +Use the following to generate help text for additional options and arguments +supported by ``oslopolicy-sample-generator``: + +.. code-block:: bash + + oslopolicy-sample-generator --help + +oslopolicy-list-redundant +========================= + +The ``oslopolicy-list-redundant`` tool is useful for detecting policies that +are specified in policy files that are the same as the defaults provided by the +service. Operators can use this tool to find policies that they can remove from +their policy files, making maintenance easier. + +This tool assumes a policy file containing overrides exists and is specified +through configuration. + +Examples +-------- + +To list redundant default policies: + +.. code-block:: bash + + oslopolicy-list-redundant --namespace keystone --config-dir /etc/keystone + +For more information regarding the options supported by this tool: + +.. code-block:: bash + + oslopolicy-list-redundant --help |