From f4c533b25f06f820e8b0828a939b01b31f12fa87 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Mon, 6 Apr 2015 16:15:33 -0400 Subject: Add oslopolicy-checker command-line tool Allows testing the access_data from a Keystone token against all rules in a policy file. Optionally can test a single rule. See $ tox -e venv -- oslopolicy-checker --help For more details Co-Authored-By: Ian Cordasco Implements-Blueprint: oslopolicy-cli Change-Id: I8b2e8739c85077e856775f37e9868eb0a8babb3c --- sample_data/auth_v3_token_admin.json | 135 ++++++++++++++++++++++++++++++++++ sample_data/auth_v3_token_member.json | 135 ++++++++++++++++++++++++++++++++++ 2 files changed, 270 insertions(+) create mode 100644 sample_data/auth_v3_token_admin.json create mode 100644 sample_data/auth_v3_token_member.json (limited to 'sample_data') diff --git a/sample_data/auth_v3_token_admin.json b/sample_data/auth_v3_token_admin.json new file mode 100644 index 0000000..d2d6b57 --- /dev/null +++ b/sample_data/auth_v3_token_admin.json @@ -0,0 +1,135 @@ +{ + "token": { + "methods": [ + "password" + ], + "roles": [ + { + "name": "admin", + "id":"41b1af9bb39241e8b8b79fae5906abcc" + } + ], + "expires_at": "2038-01-18T21:14:07Z", + "issued_at": "2000-01-18T21:14:07Z", + "project": { + "id": "tenant_id1", + "domain": { + "id": "domain_id1", + "name": "domain_name1" + }, + "enabled": true, + "description": null, + "name": "tenant_name1" + }, + "catalog": [ + { + "endpoints": [ + { + "id": "f84e070735e54914b41e2b5cfa94dcf7", + "interface": "admin", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "8220bba1d2844e0b81b171c6ede1155f", + "interface": "internal", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "719b92ea82a04e7a9ff1107c62da10da", + "interface": "public", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + } + ], + "type": "volume", + "name": "volume", + "id":"547e9195d1914b5eb087bedbc98fccc3" + }, + { + "endpoints": [ + { + "id": "44752324c0d44375bc854168ea22f1fc", + "interface": "admin", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + }, + { + "id": "a59b3734f57449078f1637c10f96c8e8", + "interface": "internal", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + }, + { + "id": "16c3ab1a4df640569812e432c98b2a48", + "interface": "public", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + } + ], + "type": "image", + "name": "glance", + "id": "22c15d232e55419eb4aeb3ebbd12aac2" + }, + { + "endpoints": [ + { + "id": "9c2fdc2d45bb45c5a7f973e235e0f998", + "interface": "admin", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "88ccfa8cbb7743998b38b998f4e6a720", + "interface": "internal", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "113ee928c6934c92b9a12bd4e456c804", + "interface": "public", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + } + ], + "type": "compute", + "name": "nova", + "id": "fbf2afcdeb10473392636df9785d3fb5" + }, + { + "endpoints": [ + { + "id": "c10a5cda00784049953296d18464aa38", + "interface": "admin", + "url": "http://127.0.0.1:35357/v3", + "region": "RegionOne" + }, + { + "id": "334650263e064428bb2f0b7c3c7a743c", + "interface": "internal", + "url": "http://127.0.0.1:35357/v3", + "region": "RegionOne" + }, + { + "id": "52ff54addc38430d9b656c7164e2caf8", + "interface": "public", + "url": "http://127.0.0.1:5000/v3", + "region": "RegionOne" + } + ], + "type": "identity", + "name": "keystone", + "id": "a0d9913a4bca4d5699e151804e0b5172" + } + ], + "user": { + "domain": { + "id": "domain_id1", + "name": "domain_name1" + }, + "name": "user_name1", + "id": "user_id1" + } + } +} diff --git a/sample_data/auth_v3_token_member.json b/sample_data/auth_v3_token_member.json new file mode 100644 index 0000000..77d6d2f --- /dev/null +++ b/sample_data/auth_v3_token_member.json @@ -0,0 +1,135 @@ +{ + "token": { + "methods": [ + "password" + ], + "roles": [ + { + "name": "member", + "id": "bb8d0f54-a1c9-444f-81da-231aef4d7e03" + } + ], + "expires_at": "2038-01-18T21:14:07Z", + "issued_at": "2000-01-18T21:14:07Z", + "project": { + "id": "tenant_id1", + "domain": { + "id": "domain_id1", + "name": "domain_name1" + }, + "enabled": true, + "description": null, + "name": "tenant_name1" + }, + "catalog": [ + { + "endpoints": [ + { + "id": "f84e070735e54914b41e2b5cfa94dcf7", + "interface": "admin", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "8220bba1d2844e0b81b171c6ede1155f", + "interface": "internal", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "719b92ea82a04e7a9ff1107c62da10da", + "interface": "public", + "url": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + } + ], + "type": "volume", + "name": "volume", + "id":"547e9195d1914b5eb087bedbc98fccc3" + }, + { + "endpoints": [ + { + "id": "44752324c0d44375bc854168ea22f1fc", + "interface": "admin", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + }, + { + "id": "a59b3734f57449078f1637c10f96c8e8", + "interface": "internal", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + }, + { + "id": "16c3ab1a4df640569812e432c98b2a48", + "interface": "public", + "url": "http://127.0.0.1:9292/v1", + "region": "regionOne" + } + ], + "type": "image", + "name": "glance", + "id": "22c15d232e55419eb4aeb3ebbd12aac2" + }, + { + "endpoints": [ + { + "id": "9c2fdc2d45bb45c5a7f973e235e0f998", + "interface": "admin", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "88ccfa8cbb7743998b38b998f4e6a720", + "interface": "internal", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + }, + { + "id": "113ee928c6934c92b9a12bd4e456c804", + "interface": "public", + "url": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", + "region": "regionOne" + } + ], + "type": "compute", + "name": "nova", + "id": "fbf2afcdeb10473392636df9785d3fb5" + }, + { + "endpoints": [ + { + "id": "c10a5cda00784049953296d18464aa38", + "interface": "admin", + "url": "http://127.0.0.1:35357/v3", + "region": "RegionOne" + }, + { + "id": "334650263e064428bb2f0b7c3c7a743c", + "interface": "internal", + "url": "http://127.0.0.1:35357/v3", + "region": "RegionOne" + }, + { + "id": "52ff54addc38430d9b656c7164e2caf8", + "interface": "public", + "url": "http://127.0.0.1:5000/v3", + "region": "RegionOne" + } + ], + "type": "identity", + "name": "keystone", + "id": "a0d9913a4bca4d5699e151804e0b5172" + } + ], + "user": { + "domain": { + "id": "domain_id1", + "name": "domain_name1" + }, + "name": "user_name1", + "id": "user_id1" + } + } +} -- cgit v1.2.1