Docs: Add RBAC overview documentation
This patchset adds an RBAC overview documentation section dedicated
to:
* Defining what RBAC is
* Policy in code and validation info related to it
* Custom policies and validation info related to it
* Multiple policies and validation info related to it
* Error codes
* Glossary
This way, users can learn about what RBAC is from a high level
and how Patrole uses validation to validate that it is working
correctly.
Change-Id: Ib411e4d06210135f7bd1cb90d5b6d59da2e5d076
diff --git a/README.rst b/README.rst
index e9c03c8..2028536 100644
--- a/README.rst
+++ b/README.rst
@@ -31,6 +31,8 @@
* Bugs: https://bugs.launchpad.net/patrole
* Release notes: https://docs.openstack.org/releasenotes/patrole/
+.. _design-principles:
+
Design Principles
-----------------
@@ -59,6 +61,9 @@
Realistically this is not always possible because some services have
not yet moved to policy in code.
+* *Customizable*. Patrole should be able to validate custom policy overrides to
+ ensure that those overrides enhance rather than undermine the cloud's RBAC
+ configuration. In addition, Patrole should be able to validate any role.
* *Self-cleaning*. Patrole should attempt to clean up after itself; whenever
possible we should tear down resources when done.