ironic-inspector/config-generator.conf
Pavlo Shchelokovskyy 198ef70c2b Add request context and policy enforcement
this patch introduces an oslo.policy-based API access policy
enforcement engine to ironic-inspector.
As part of implementation, a proper oslo.context-based request
context is also generated and assigned to each request.

Short overview of changes:

- added custom RequestContext class

  - extends oslo.context to handle of "is_public_api" flag
    (False by default)

- added context to request in each API route

  - '/continue' api sets the "is_public_api" flag to True

- added documented definitions for API access policies and their
  defaults
- added enforcement of these policies on API requests
- added oslo.policy-specific entry points to setup.cfg
- added autogenerated policy sample file with defaults
- added documentation with autogenerated policies

Change-Id: Iff6f98fa9950d78608f0a7c325d132c11a1383b3
Closes-Bug: #1719812
2017-10-13 11:55:52 +00:00

14 lines
437 B
Plaintext

[DEFAULT]
output_file = example.conf
namespace = ironic_inspector
namespace = ironic_inspector.common.ironic
namespace = ironic_inspector.common.swift
namespace = ironic_inspector.plugins.capabilities
namespace = ironic_inspector.plugins.discovery
namespace = ironic_inspector.plugins.pci_devices
namespace = keystonemiddleware.auth_token
namespace = oslo.db
namespace = oslo.log
namespace = oslo.middleware.cors
namespace = oslo.policy