Octavia policy management - it is possible to specify policy via pillar Prod-Related: PROD-34053 Change-Id: I0b3878c414195cca8495dcd7450ad5c1b1a4e8a5

commit: c0703b99c09434f31c36f98f25371628a3da1626 [log] [tgz]
author: Dzmitry Stremkouski <dstremkouski@mirantis.com> Fri Nov 15 22:58:38 2019 +0100
committer: Ivan Berezovskiy <iberezovskiy@mirantis.com> Thu Jan 16 17:07:13 2020 +0000
tree: 705d693162d488fd676dc43db43e8ce833c2677f
parent: 0a99e820b06c0e483dbf8dc322894b4af9ffc02a [diff] [blame]
diff --git a/README.rst b/README.rst
index 94a76c1..649b9a2 100644
--- a/README.rst
+++ b/README.rst

@@ -134,6 +134,21 @@
           user: octavia
           group: octavia
 
+Octavia policy rules:
+
+.. code-block:: yaml
+
+    octavia:
+      api:
+        policy:
+          context_is_admin: 'role:admin or role:load-balancer_admin'
+          admin_or_owner: 'is_admin:True or project_id:%(project_id)s'
+          load-balancer:read: 'rule:admin_or_owner'
+          load-balancer:read-global: 'is_admin:True'
+          load-balancer:write: 'rule:admin_or_owner'
+          load-balancer:read-quota: 'rule:admin_or_owner'
+          load-balancer:read-quota-global: 'is_admin:True'
+          load-balancer:write-quota: 'is_admin:True'
 
 Upgrades
 ========
commit	c0703b99c09434f31c36f98f25371628a3da1626	[log] [tgz]
author	Dzmitry Stremkouski <dstremkouski@mirantis.com>	Fri Nov 15 22:58:38 2019 +0100
committer	Ivan Berezovskiy <iberezovskiy@mirantis.com>	Thu Jan 16 17:07:13 2020 +0000
tree	705d693162d488fd676dc43db43e8ce833c2677f
parent	0a99e820b06c0e483dbf8dc322894b4af9ffc02a [diff] [blame]