blob: 08b56c9f621d6d02242e41d72c236d1ad4dd7b77 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
======================
Command Line Interface
======================
This document describes the various command line tools exposed by
``oslo.policy`` to manage policies and policy files.
oslopolicy-checker
==================
Run the command line ``oslopolicy-checker`` to check policy against the
OpenStack Identity API access information.
Command-line arguments:
* ``--policy POLICY`` path to policy file.
* ``--access ACCESS`` path to access token file.
* ``--rule RULE`` (optional) rule to test. If omitted, tests all rules.
* ``--is_admin IS_ADMIN`` (optional) set is_admin=True on the credentials.
Sample access tokens are provided in the ``sample_data`` directory.
Examples
--------
Test all of Nova's policy with an admin token
.. code-block:: bash
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json
--access sample_data/auth_v3_token_admin.json
Test the ``compute_extension:flavorextraspecs:index`` rule in Nova's policy
with the admin member token and ``is_admin`` set to ``True``
.. code-block:: bash
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json \
--access sample_data/auth_v3_token_admin.json \
--is_admin=true --rule compute_extension:flavorextraspecs:index
Test the ``compute_extension:flavorextraspecs:index`` rule in Nova's policy
with the plain member token
.. code-block:: bash
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json \
--access sample_data/auth_v3_token_member.json \
--rule compute_extension:flavorextraspecs:index
|