github.com/mmatczuk/gohan@v0.0.0-20170206152520-30e45d9bdb69/examples/policy/README.md

github.com/mmatczuk/gohan@v0.0.0-20170206152520-30e45d9bdb69/examples/policy/README.md (about)

     1  Gohan Policy example
     2  ---------------------
     3  
     4  In this example, we show how we can use a policy for API.
     5  
     6  Fake Keystone server
     7  ---------------------
     8  
     9  Gohan provides you a fake keystone server for quick test.
    10  The fake keystone server has following resources.
    11  
    12  
    13  Tenant
    14  
    15  - demo
    16  
    17  Users ("gohan" is password for all)
    18  
    19  - admin ( demo tenant )
    20  - member (demo tenant )
    21  
    22  Policy
    23  -------
    24  
    25  We have "member_resource" and "admin_only_resource" schemas in this example.
    26  
    27  An admin user have all CRUD access for all resources.
    28  A member user can only see member_resources except
    29  admin_property.
    30  
    31  We can use this example policy to implement a policy above.
    32  
    33  ``` yaml
    34  policies:
    35  # Allow access for schemas
    36  - action: read # limit for only read
    37    effect: allow # allow access
    38    id: member_schema # unique id for this policy
    39    principal: Member # member role
    40    resource:
    41      path: /gohan/v0.1/schemas* # resource path
    42  # Allow access for member_resource
    43  - action: '*' # allow any action
    44    condition:
    45    - is_owner # access limited only if a member is owner of the resource
    46    effect: allow # allow access
    47    id: member_policy
    48    principal: Member
    49    resource:
    50      path: /v0.1/member_resources*
    51      properties: # limit properties here
    52      - id
    53      - name
    54      - description
    55      - tenant_id
    56      # admin_only_resource is excluded here
    57  ```