198ef70c2b
this patch introduces an oslo.policy-based API access policy
enforcement engine to ironic-inspector.
As part of implementation, a proper oslo.context-based request
context is also generated and assigned to each request.
Short overview of changes:
- added custom RequestContext class
- extends oslo.context to handle of "is_public_api" flag
(False by default)
- added context to request in each API route
- '/continue' api sets the "is_public_api" flag to True
- added documented definitions for API access policies and their
defaults
- added enforcement of these policies on API requests
- added oslo.policy-specific entry points to setup.cfg
- added autogenerated policy sample file with defaults
- added documentation with autogenerated policies
Change-Id: Iff6f98fa9950d78608f0a7c325d132c11a1383b3
Closes-Bug: #1719812
16 lines
372 B
ReStructuredText
16 lines
372 B
ReStructuredText
Configuration Guide
|
|
===================
|
|
|
|
The ironic-inspector service operation is defined by a configuration
|
|
file. The overview of configuration file options follow.
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
Ironic Inspector Configuration Options <ironic-inspector>
|
|
Sample Ironic Inspector Configuration <sample-config>
|
|
Policies <policy>
|
|
Sample policy file <sample-policy>
|
|
|
|
|