Felipe Monteiro | 8a5f69a | 2017-07-14 20:12:33 +0100 | [diff] [blame] | 1 | .. _patrole-sampleconf: |
| 2 | |
| 3 | Sample Configuration File |
| 4 | ========================== |
| 5 | |
| 6 | The following is a sample Patrole configuration for adaptation and use. |
| 7 | |
| 8 | .. code-block:: ini |
| 9 | |
| 10 | [rbac] |
| 11 | |
| 12 | # The role that you want the RBAC tests to use for RBAC testing |
| 13 | # This needs to be edited to run the test as a different role. |
| 14 | rbac_test_role = Member |
| 15 | |
| 16 | # Enables RBAC Tempest tests if set to True. Otherwise, they are |
| 17 | # skipped. |
| 18 | enable_rbac = True |
| 19 | |
| 20 | # If set to True, tests throw a RbacParsingException for policies |
| 21 | # not found in the policy file. Otherwise, they throw a skipException. |
| 22 | strict_policy_check = False |
| 23 | |
| 24 | # List of the paths to search for policy files. Each policy path assumes that |
| 25 | # the service name is included in the path once. Also assumes Patrole is on the |
| 26 | # same host as the policy files. The paths should be ordered by precedence, |
| 27 | # with high-priority paths before low-priority paths. The first path that is |
| 28 | # found to contain the service's policy file will be used. |
| 29 | custom_policy_files = /etc/nova/policy.json,/etc/neutron/policy.json |
| 30 | |
| 31 | # This option determines whether Patrole should run against a |
| 32 | # `custom_requirements_file` which defines RBAC requirements. The |
| 33 | # purpose of setting this flag to True is to verify that RBAC policy |
| 34 | # is in accordance to requirements. The idea is that the |
| 35 | # `custom_requirements_file` perfectly defines what the RBAC requirements |
| 36 | # are. |
| 37 | test_custom_requirements = False |
| 38 | |
gaozx | 4360a29 | 2017-08-08 10:24:38 +0800 | [diff] [blame] | 39 | # File path of the yaml file that defines your RBAC requirements. This |
Felipe Monteiro | 8a5f69a | 2017-07-14 20:12:33 +0100 | [diff] [blame] | 40 | # file must be located on the same host that Patrole runs on. The yaml |
| 41 | # file should be written as follows: |
| 42 | custom_requirements_file = patrole/requirements.txt |
| 43 | |
| 44 | # DEPRECATED: The following config options set the location of the service's |
| 45 | # policy file. For services that have their policy in code (e.g., Nova), |
| 46 | # this would be the location of a custom policy.json, if one exists. |
| 47 | cinder_policy_file = /etc/cinder/policy.json |
| 48 | glance_policy_file = /etc/glance/policy.json |
| 49 | keystone_policy_file = /etc/keystone/policy.json |
| 50 | neutron_policy_file = /etc/neutron/policy.json |
| 51 | nova_policy_file = /etc/nova/policy.json |