Add policies for API access control to watcher project.

Change-Id: Ibdbe494c636dfaeca9cf2ef8724d0dade1f19c7f blueprint: watcher-policies
2016-06-25 19:43:42 +08:00
parent 6f2c82316c
commit bc06a7d419
22 changed files with 693 additions and 104 deletions
--- a/etc/watcher/policy.json
+++ b/etc/watcher/policy.json
@@ -1,5 +1,37 @@
 {
    "admin_api": "role:admin or role:administrator",
    "show_password": "!",
-    "default": "rule:admin_api"
+    "default": "rule:admin_api",
+
+    "action:detail": "rule:default",
+    "action:get": "rule:default",
+    "action:get_all": "rule:default",
+
+    "action_plan:delete": "rule:default",
+    "action_plan:detail": "rule:default",
+    "action_plan:get": "rule:default",
+    "action_plan:get_all": "rule:default",
+    "action_plan:update": "rule:default",
+
+    "audit:create": "rule:default",
+    "audit:delete": "rule:default",
+    "audit:detail": "rule:default",
+    "audit:get": "rule:default",
+    "audit:get_all": "rule:default",
+    "audit:update": "rule:default",
+
+    "audit_template:create": "rule:default",
+    "audit_template:delete": "rule:default",
+    "audit_template:detail": "rule:default",
+    "audit_template:get": "rule:default",
+    "audit_template:get_all": "rule:default",
+    "audit_template:update": "rule:default",
+
+    "goal:detail": "rule:default",
+    "goal:get": "rule:default",
+    "goal:get_all": "rule:default",
+
+    "strategy:detail": "rule:default",
+    "strategy:get": "rule:default",
+    "strategy:get_all": "rule:default"
 }