openstack/openstack-manuals
Code Issues Proposed changes

Merge "Added sample files for the Dashboard service"

Browse Source
This commit is contained in:
Jenkins 2014-02-25 17:54:09 +00:00 committed by Gerrit Code Review
commit ef7e7dc192
4 changed files with 664 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

381
doc/common/samples/dashboard-keystone_policy.json Normal file
View File

@ -0,0 +1,381 @@
{
"admin_required":[
[
"role:admin"
],
[
"is_admin:1"
]
],
"service_role":[
[
"role:service"
]
],
"service_or_admin":[
[
"rule:admin_required"
],
[
"rule:service_role"
]
],
"owner":[
[
"user_id:%(user_id)s"
]
],
"admin_or_owner":[
[
"rule:admin_required"
],
[
"rule:owner"
]
],
"default":[
[
"rule:admin_required"
]
],
"identity:get_service":[
[
"rule:admin_required"
]
],
"identity:list_services":[
[
"rule:admin_required"
]
],
"identity:create_service":[
[
"rule:admin_required"
]
],
"identity:update_service":[
[
"rule:admin_required"
]
],
"identity:delete_service":[
[
"rule:admin_required"
]
],
"identity:get_endpoint":[
[
"rule:admin_required"
]
],
"identity:list_endpoints":[
[
"rule:admin_required"
]
],
"identity:create_endpoint":[
[
"rule:admin_required"
]
],
"identity:update_endpoint":[
[
"rule:admin_required"
]
],
"identity:delete_endpoint":[
[
"rule:admin_required"
]
],
"identity:get_domain":[
[
"rule:admin_required"
]
],
"identity:list_domains":[
[
"rule:admin_required"
]
],
"identity:create_domain":[
[
"rule:admin_required"
]
],
"identity:update_domain":[
[
"rule:admin_required"
]
],
"identity:delete_domain":[
[
"rule:admin_required"
]
],
"identity:get_project":[
[
"rule:admin_required"
]
],
"identity:list_projects":[
[
"rule:admin_required"
]
],
"identity:list_user_projects":[
[
"rule:admin_or_owner"
]
],
"identity:create_project":[
[
"rule:admin_required"
]
],
"identity:update_project":[
[
"rule:admin_required"
]
],
"identity:delete_project":[
[
"rule:admin_required"
]
],
"identity:get_user":[
[
"rule:admin_required"
]
],
"identity:list_users":[
[
"rule:admin_required"
]
],
"identity:create_user":[
[
"rule:admin_required"
]
],
"identity:update_user":[
[
"rule:admin_or_owner"
]
],
"identity:delete_user":[
[
"rule:admin_required"
]
],
"identity:get_group":[
[
"rule:admin_required"
]
],
"identity:list_groups":[
[
"rule:admin_required"
]
],
"identity:list_groups_for_user":[
[
"rule:admin_or_owner"
]
],
"identity:create_group":[
[
"rule:admin_required"
]
],
"identity:update_group":[
[
"rule:admin_required"
]
],
"identity:delete_group":[
[
"rule:admin_required"
]
],
"identity:list_users_in_group":[
[
"rule:admin_required"
]
],
"identity:remove_user_from_group":[
[
"rule:admin_required"
]
],
"identity:check_user_in_group":[
[
"rule:admin_required"
]
],
"identity:add_user_to_group":[
[
"rule:admin_required"
]
],
"identity:get_credential":[
[
"rule:admin_required"
]
],
"identity:list_credentials":[
[
"rule:admin_required"
]
],
"identity:create_credential":[
[
"rule:admin_required"
]
],
"identity:update_credential":[
[
"rule:admin_required"
]
],
"identity:delete_credential":[
[
"rule:admin_required"
]
],
"identity:get_role":[
[
"rule:admin_required"
]
],
"identity:list_roles":[
[
"rule:admin_required"
]
],
"identity:create_role":[
[
"rule:admin_required"
]
],
"identity:update_role":[
[
"rule:admin_required"
]
],
"identity:delete_role":[
[
"rule:admin_required"
]
],
"identity:check_grant":[
[
"rule:admin_required"
]
],
"identity:list_grants":[
[
"rule:admin_required"
]
],
"identity:create_grant":[
[
"rule:admin_required"
]
],
"identity:revoke_grant":[
[
"rule:admin_required"
]
],
"identity:list_role_assignments":[
[
"rule:admin_required"
]
],
"identity:get_policy":[
[
"rule:admin_required"
]
],
"identity:list_policies":[
[
"rule:admin_required"
]
],
"identity:create_policy":[
[
"rule:admin_required"
]
],
"identity:update_policy":[
[
"rule:admin_required"
]
],
"identity:delete_policy":[
[
"rule:admin_required"
]
],
"identity:check_token":[
[
"rule:admin_required"
]
],
"identity:validate_token":[
[
"rule:service_or_admin"
]
],
"identity:validate_token_head":[
[
"rule:service_or_admin"
]
],
"identity:revocation_list":[
[
"rule:service_or_admin"
]
],
"identity:revoke_token":[
[
"rule:admin_or_owner"
]
],
"identity:create_trust":[
[
"user_id:%(trust.trustor_user_id)s"
]
],
"identity:get_trust":[
[
"rule:admin_or_owner"
]
],
"identity:list_trusts":[
[
"@"
]
],
"identity:list_roles_for_trust":[
[
"@"
]
],
"identity:check_role_for_trust":[
[
"@"
]
],
"identity:get_role_for_trust":[
[
"@"
]
],
"identity:delete_trust":[
[
"@"
]
]
}

249
doc/common/samples/dashboard-nova_policy.json Normal file
View File

@ -0,0 +1,249 @@
{
"context_is_admin":"role:admin",
"admin_or_owner":"is_admin:True or project_id:%(project_id)s",
"default":"rule:admin_or_owner",
"cells_scheduler_filter:TargetCellFilter":"is_admin:True",
"compute:create":"",
"compute:create:attach_network":"",
"compute:create:attach_volume":"",
"compute:create:forced_host":"is_admin:True",
"compute:get_all":"",
"compute:get_all_tenants":"",
"compute:unlock_override":"rule:admin_api",
"compute:shelve":"",
"compute:shelve_offload":"",
"compute:unshelve":"",
"admin_api":"is_admin:True",
"compute_extension:accounts":"rule:admin_api",
"compute_extension:admin_actions":"rule:admin_api",
"compute_extension:admin_actions:pause":"rule:admin_or_owner",
"compute_extension:admin_actions:unpause":"rule:admin_or_owner",
"compute_extension:admin_actions:suspend":"rule:admin_or_owner",
"compute_extension:admin_actions:resume":"rule:admin_or_owner",
"compute_extension:admin_actions:lock":"rule:admin_or_owner",
"compute_extension:admin_actions:unlock":"rule:admin_or_owner",
"compute_extension:admin_actions:resetNetwork":"rule:admin_api",
"compute_extension:admin_actions:injectNetworkInfo":"rule:admin_api",
"compute_extension:admin_actions:createBackup":"rule:admin_or_owner",
"compute_extension:admin_actions:migrateLive":"rule:admin_api",
"compute_extension:admin_actions:resetState":"rule:admin_api",
"compute_extension:admin_actions:migrate":"rule:admin_api",
"compute_extension:v3:os-admin-actions":"rule:admin_api",
"compute_extension:v3:os-admin-actions:pause":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unpause":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:suspend":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:resume":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:lock":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unlock":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:reset_network":"rule:admin_api",
"compute_extension:v3:os-admin-actions:inject_network_info":"rule:admin_api",
"compute_extension:v3:os-admin-actions:create_backup":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:migrate_live":"rule:admin_api",
"compute_extension:v3:os-admin-actions:reset_state":"rule:admin_api",
"compute_extension:v3:os-admin-actions:migrate":"rule:admin_api",
"compute_extension:v3:os-admin-password":"",
"compute_extension:aggregates":"rule:admin_api",
"compute_extension:v3:os-aggregates":"rule:admin_api",
"compute_extension:agents":"rule:admin_api",
"compute_extension:v3:os-agents":"rule:admin_api",
"compute_extension:attach_interfaces":"",
"compute_extension:v3:os-attach-interfaces":"",
"compute_extension:baremetal_nodes":"rule:admin_api",
"compute_extension:v3:os-baremetal-nodes":"rule:admin_api",
"compute_extension:cells":"rule:admin_api",
"compute_extension:v3:os-cells":"rule:admin_api",
"compute_extension:certificates":"",
"compute_extension:v3:os-certificates":"",
"compute_extension:cloudpipe":"rule:admin_api",
"compute_extension:cloudpipe_update":"rule:admin_api",
"compute_extension:console_output":"",
"compute_extension:v3:consoles:discoverable":"",
"compute_extension:v3:os-console-output":"",
"compute_extension:consoles":"",
"compute_extension:v3:os-remote-consoles":"",
"compute_extension:coverage_ext":"rule:admin_api",
"compute_extension:v3:os-coverage":"rule:admin_api",
"compute_extension:createserverext":"",
"compute_extension:deferred_delete":"",
"compute_extension:v3:os-deferred-delete":"",
"compute_extension:disk_config":"",
"compute_extension:evacuate":"rule:admin_api",
"compute_extension:v3:os-evacuate":"rule:admin_api",
"compute_extension:extended_server_attributes":"rule:admin_api",
"compute_extension:v3:os-extended-server-attributes":"rule:admin_api",
"compute_extension:extended_status":"",
"compute_extension:v3:os-extended-status":"",
"compute_extension:extended_availability_zone":"",
"compute_extension:v3:os-extended-availability-zone":"",
"compute_extension:extended_ips":"",
"compute_extension:extended_ips_mac":"",
"compute_extension:extended_vif_net":"",
"compute_extension:v3:extension_info:discoverable":"",
"compute_extension:extended_volumes":"",
"compute_extension:v3:os-extended-volumes":"",
"compute_extension:v3:os-extended-volumes:attach":"",
"compute_extension:v3:os-extended-volumes:detach":"",
"compute_extension:fixed_ips":"rule:admin_api",
"compute_extension:v3:os-fixed-ips:discoverable":"",
"compute_extension:v3:os-fixed-ips":"rule:admin_api",
"compute_extension:flavor_access":"",
"compute_extension:v3:os-flavor-access":"",
"compute_extension:flavor_disabled":"",
"compute_extension:v3:os-flavor-disabled":"",
"compute_extension:flavor_rxtx":"",
"compute_extension:v3:os-flavor-rxtx":"",
"compute_extension:flavor_swap":"",
"compute_extension:flavorextradata":"",
"compute_extension:flavorextraspecs:index":"",
"compute_extension:flavorextraspecs:show":"",
"compute_extension:flavorextraspecs:create":"rule:admin_api",
"compute_extension:flavorextraspecs:update":"rule:admin_api",
"compute_extension:flavorextraspecs:delete":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:index":"",
"compute_extension:v3:flavor-extra-specs:show":"",
"compute_extension:v3:flavor-extra-specs:create":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:update":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:delete":"rule:admin_api",
"compute_extension:flavormanage":"rule:admin_api",
"compute_extension:floating_ip_dns":"",
"compute_extension:floating_ip_pools":"",
"compute_extension:floating_ips":"",
"compute_extension:floating_ips_bulk":"rule:admin_api",
"compute_extension:fping":"",
"compute_extension:fping:all_tenants":"rule:admin_api",
"compute_extension:hide_server_addresses":"is_admin:False",
"compute_extension:v3:os-hide-server-addresses":"is_admin:False",
"compute_extension:hosts":"rule:admin_api",
"compute_extension:v3:os-hosts":"rule:admin_api",
"compute_extension:hypervisors":"rule:admin_api",
"compute_extension:v3:os-hypervisors":"rule:admin_api",
"compute_extension:image_size":"",
"compute_extension:v3:os-image-metadata":"",
"compute_extension:v3:os-images":"",
"compute_extension:instance_actions":"",
"compute_extension:v3:os-instance-actions":"",
"compute_extension:instance_actions:events":"rule:admin_api",
"compute_extension:v3:os-instance-actions:events":"rule:admin_api",
"compute_extension:instance_usage_audit_log":"rule:admin_api",
"compute_extension:v3:os-instance-usage-audit-log":"rule:admin_api",
"compute_extension:v3:ips:discoverable":"",
"compute_extension:keypairs":"",
"compute_extension:keypairs:index":"",
"compute_extension:keypairs:show":"",
"compute_extension:keypairs:create":"",
"compute_extension:keypairs:delete":"",
"compute_extension:v3:os-keypairs:discoverable":"",
"compute_extension:v3:os-keypairs":"",
"compute_extension:v3:os-keypairs:index":"",
"compute_extension:v3:os-keypairs:show":"",
"compute_extension:v3:os-keypairs:create":"",
"compute_extension:v3:os-keypairs:delete":"",
"compute_extension:multinic":"",
"compute_extension:v3:os-multinic":"",
"compute_extension:networks":"rule:admin_api",
"compute_extension:networks:view":"",
"compute_extension:networks_associate":"rule:admin_api",
"compute_extension:quotas:show":"",
"compute_extension:quotas:update":"rule:admin_api",
"compute_extension:quotas:delete":"rule:admin_api",
"compute_extension:v3:os-quota-sets:show":"",
"compute_extension:v3:os-quota-sets:update":"rule:admin_api",
"compute_extension:v3:os-quota-sets:delete":"rule:admin_api",
"compute_extension:quota_classes":"",
"compute_extension:v3:os-quota-class-sets":"",
"compute_extension:rescue":"",
"compute_extension:v3:os-rescue":"",
"compute_extension:security_group_default_rules":"rule:admin_api",
"compute_extension:security_groups":"",
"compute_extension:v3:os-security-groups":"",
"compute_extension:server_diagnostics":"rule:admin_api",
"compute_extension:v3:os-server-diagnostics":"rule:admin_api",
"compute_extension:server_password":"",
"compute_extension:v3:os-server-password":"",
"compute_extension:server_usage":"",
"compute_extension:v3:os-server-usage":"",
"compute_extension:services":"rule:admin_api",
"compute_extension:v3:os-services":"rule:admin_api",
"compute_extension:v3:servers:discoverable":"",
"compute_extension:shelve":"",
"compute_extension:shelveOffload":"rule:admin_api",
"compute_extension:v3:os-shelve:shelve":"",
"compute_extension:v3:os-shelve:shelve_offload":"rule:admin_api",
"compute_extension:simple_tenant_usage:show":"rule:admin_or_owner",
"compute_extension:v3:os-simple-tenant-usage:show":"rule:admin_or_owner",
"compute_extension:simple_tenant_usage:list":"rule:admin_api",
"compute_extension:v3:os-simple-tenant-usage:list":"rule:admin_api",
"compute_extension:unshelve":"",
"compute_extension:v3:os-shelve:unshelve":"",
"compute_extension:users":"rule:admin_api",
"compute_extension:virtual_interfaces":"",
"compute_extension:virtual_storage_arrays":"",
"compute_extension:volumes":"",
"compute_extension:volume_attachments:index":"",
"compute_extension:volume_attachments:show":"",
"compute_extension:volume_attachments:create":"",
"compute_extension:volume_attachments:update":"",
"compute_extension:volume_attachments:delete":"",
"compute_extension:volumetypes":"",
"compute_extension:availability_zone:list":"",
"compute_extension:v3:os-availability-zone:list":"",
"compute_extension:availability_zone:detail":"rule:admin_api",
"compute_extension:v3:os-availability-zone:detail":"rule:admin_api",
"compute_extension:used_limits_for_admin":"rule:admin_api",
"compute_extension:v3:os-used-limits":"",
"compute_extension:v3:os-used-limits:tenant":"rule:admin_api",
"compute_extension:migrations:index":"rule:admin_api",
"compute_extension:v3:os-migrations:index":"rule:admin_api",
"volume:create":"",
"volume:get_all":"",
"volume:get_volume_metadata":"",
"volume:get_snapshot":"",
"volume:get_all_snapshots":"",
"volume_extension:types_manage":"rule:admin_api",
"volume_extension:types_extra_specs":"rule:admin_api",
"volume_extension:volume_admin_actions:reset_status":"rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status":"rule:admin_api",
"volume_extension:volume_admin_actions:force_delete":"rule:admin_api",
"network:get_all":"",
"network:get":"",
"network:create":"",
"network:delete":"",
"network:associate":"",
"network:disassociate":"",
"network:get_vifs_by_instance":"",
"network:allocate_for_instance":"",
"network:deallocate_for_instance":"",
"network:validate_networks":"",
"network:get_instance_uuids_by_ip_filter":"",
"network:get_instance_id_by_floating_address":"",
"network:setup_networks_on_host":"",
"network:get_backdoor_port":"",
"network:get_floating_ip":"",
"network:get_floating_ip_pools":"",
"network:get_floating_ip_by_address":"",
"network:get_floating_ips_by_project":"",
"network:get_floating_ips_by_fixed_address":"",
"network:allocate_floating_ip":"",
"network:deallocate_floating_ip":"",
"network:associate_floating_ip":"",
"network:disassociate_floating_ip":"",
"network:release_floating_ip":"",
"network:migrate_instance_start":"",
"network:migrate_instance_finish":"",
"network:get_fixed_ip":"",
"network:get_fixed_ip_by_address":"",
"network:add_fixed_ip_to_instance":"",
"network:remove_fixed_ip_from_instance":"",
"network:add_network_to_project":"",
"network:get_instance_nw_info":"",
"network:get_dns_domains":"",
"network:add_dns_entry":"",
"network:modify_dns_entry":"",
"network:delete_dns_entry":"",
"network:get_dns_entries_by_address":"",
"network:get_dns_entries_by_name":"",
"network:create_private_dns_domain":"",
"network:create_public_dns_domain":"",
"network:delete_dns_domain":""
}

1
doc/config-reference/ch_dashboardconfigure.xml
View File

@ -8,4 +8,5 @@
dashboard with Apache web server.</para>
<xi:include href="../common/section_dashboard-configure.xml"/>
<xi:include href="../common/section_dashboard_customizing.xml"/>
<xi:include href="dashboard/section_dashboard-sample-configuration-files.xml"/>
</chapter>

33
doc/config-reference/dashboard/section_dashboard-sample-configuration-files.xml Normal file
View File

@ -0,0 +1,33 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_dashboard-sample-configuration-files">
<title>Additional sample configuration files</title>
<para>Find the following files in <systemitem>/etc/openstack-dashboard</systemitem>.</para>
<section xml:id="section_dashboard-keystone_policy.json">
<title>keystone_policy.json</title>
<para>The <filename>keystone_policy.json</filename> file
defines additional access controls for the dashboard that
apply to the Identity Service.</para>
<note>
<para>The <filename>keystone_policy.json</filename> file
must match the Identity Service
<filename>/etc/keystone/policy.json</filename>
policy file.</para>
</note>
<programlisting language="json"><xi:include parse="text" href="../../common/samples/dashboard-keystone_policy.json"/></programlisting>
</section>
<section xml:id="section_dashboard-nova_policy.json">
<title>nova_policy.json</title>
<para>The <filename>nova_policy.json</filename> file defines
additional access controls for the dashboard that apply to
the Compute service.</para>
<note>
<para>The <filename>nova_policy.json</filename> file must
match the Compute <filename>/etc/nova/policy.json</filename>
policy file.</para>
</note>
<programlisting language="json"><xi:include parse="text" href="../../common/samples/dashboard-nova_policy.json"/></programlisting>
</section>
</section>