keystone.access_rules_config.backends.json module¶
-
class
keystone.access_rules_config.backends.json.AccessRulesConfig[source]¶ Bases:
keystone.access_rules_config.backends.base.AccessRulesConfigDriverBaseThis backend reads the access rules from a JSON file on disk.
The format of the file is a mapping from service type to rules for that service type. For example:
{ "identity": [ { "path": "/v3/users", "method": "GET" }, { "path": "/v3/users", "method": "POST" }, { "path": "/v3/users/*", "method": "GET" }, { "path": "/v3/users/*", "method": "PATCH" }, { "path": "/v3/users/*", "method": "DELETE" } ... ], "image": [ { "path": "/v2/images", "method": "GET" }, ... ], ... }
This will be transmuted in memory to a hash map that looks like this:
{ "identity": { "GET": [ { "path": "/v3/users" }, { "path": "/v3/users/*" } ... ], "POST": [ ... ] }, ... }
The path may include a wildcard like ‘*’ or ‘**’ or a named wildcard like {server_id}. An application credential access rule validation request for a path like “/v3/users/uuid” will match with a configured access rule like “/v3/users/” or “/v3/users/{user_id}”, and a request for a path like “/v3/users/uuid/application_credentials/uuid” will match with a configured access rule like “/v3/users/*”.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.