Run the command line oslopolicy-checker
to check policy against the
OpenStack Identity API access information.
Command-line arguments:
--policy POLICY
path to policy file.--access ACCESS
path to access token file.--rule RULE
(optional) rule to test. If omitted, tests all rules.--is_admin IS_ADMIN
(optional) set is_admin=True on the credentials.Sample access tokens are provided in the sample_data
directory.
Test all of Nova’s policy with an admin token
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json
--access sample_data/auth_v3_token_admin.json
Test the compute_extension:flavorextraspecs:index
rule in Nova’s policy
with the admin member token and is_admin
set to True
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json \
--access sample_data/auth_v3_token_admin.json \
--is_admin=true --rule compute_extension:flavorextraspecs:index
Test the compute_extension:flavorextraspecs:index
rule in Nova’s policy
with the plain member token
tox -e venv -- oslopolicy-checker \
--policy /opt/stack/nova/etc/nova/policy.json \
--access sample_data/auth_v3_token_member.json \
--rule compute_extension:flavorextraspecs:index
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.