F #1872: Added examples to oned.conf on using the DEFAULT_ACL rules for VDC

2025-01-12 09:17:41 +03:00 · 2018-04-03 12:50:41 +02:00 · 2018-04-03 12:50:41 +02:00 · 95a86151f1
commit 95a86151f1
parent 434a2749ec
1 changed files with 51 additions and 22 deletions
--- a/share/etc/oned.conf
+++ b/share/etc/oned.conf
@ -921,6 +921,57 @@ VM_MANAGE_OPERATIONS = "undeploy, hold, release, stop, suspend, resume, reboot,

 VM_USE_OPERATIONS    = ""

+#*******************************************************************************
+# Default Permissions for VDC ACL rules
+#*******************************************************************************
+# Default ACL rules created when resource is added to a VDC. The following
+# attributes configures the permissions granted to the VDC group for each
+# resource types:
+#   DEFAULT_VDC_HOST_ACL: permissions granted on hosts added to a VDC.
+#   DEFAULT_VDC_NET_ACL: permissions granted on vnets added to a VDC.
+#   DEFAULT_VDC_DATASTORE_ACL: permissions granted on datastores to a VDC.
+#
+#   DEFAULT_VDC_CLUSTER_HOST_ACL: permissions granted to cluster hosts when a
+#   cluster is added to the VDC.
+#   DEFAULT_VDC_CLUSTER_NET_ACL: permissions granted to cluster vnets when a
+#   cluster is added to the VDC.
+#   DEFAULT_VDC_CLUSTER_DATASTORE_ACL: permissions granted to cluster datastores
+#   when a cluster is added to the VDC.
+#
+# When defining the permissions you can use "" or "-" to not add any rule to
+# that specific resource. Also you can combine several permissions with "+",
+# for exampl "MANAGE+USE". Valid permissions are USE, MANAGE or ADMIN.
+#
+# Example:
+# DEFAULT_VDC_HOST_ACL      = "MANAGE"
+# Adds @<gid> HOST/#<hid> MANAGE #<zid> when a host is added to the VDC,
+# eg. onevdc addhost <vdc> <zid> <hid>
+#
+# DEFAULT_VDC_NET_ACL       = "USE"
+# Adds @<gid> NET/#<vnetid> USE #<zid> when a vnet is added to the VDC,
+# eg. onevdc addvnet <vdc> <zid> <vnetid>
+#
+# DEFAULT_VDC_DATASTORE_ACL = "USE"
+# Adds @<gid> DATASTORE/#<dsid> USE #<zid> when a vnet is added to the VDC,
+# eg. onevdc adddatastore <vdc> <zid> <dsid>
+#
+# DEFAULT_VDC_CLUSTER_HOST_ACL      = "MANAGE"
+# DEFAULT_VDC_CLUSTER_NET_ACL       = "USE"
+# DEFAULT_VDC_CLUSTER_DATASTORE_ACL = "USE"
+# Adds:
+#   @<gid> HOST/%<cid> MANAGE #<zid>
+#   @<gid> DATASTORE+NET/%<cid> USE #<zid>
+# when a cluster is added to the VDC, e.g. onevdc addcluster <vdc> <zid> <cid>
+#*******************************************************************************
+
+DEFAULT_VDC_HOST_ACL      = "MANAGE"
+DEFAULT_VDC_NET_ACL       = "USE"
+DEFAULT_VDC_DATASTORE_ACL = "USE"
+
+DEFAULT_VDC_CLUSTER_HOST_ACL      = "MANAGE"
+DEFAULT_VDC_CLUSTER_NET_ACL       = "USE"
+DEFAULT_VDC_CLUSTER_DATASTORE_ACL = "USE"
+
 #*******************************************************************************
 # Restricted Attributes Configuration
 #*******************************************************************************
@ -1300,25 +1351,3 @@ AUTH_MAD_CONF = [
    MAX_TOKEN_TIME = "-1"
 ]

-#*******************************************************************************************
-# Default VDC mask
-#*******************************************************************************************
-# Can define which will be the mask when the user add a resource to a vdc.
-# Each command will use a different mask. Commands:
-#   onevdc addhost <vdc_id> <zone_id> <host_id>         : DEFAULT_VDC_HOST_ACL
-#   onevdc addvnet <vdc_id> <zone_id> <vnet_id>         : DEFAULT_VDC_NET_ACL
-#   onevdc adddatastore <vdc_id> <zone_id> <ds_id>      : DEFAULT_VDC_DATASTORE_ACL
-#   onevdc adddcluster <vdc_id> <zone_id> <cluster_id>  : DEFAULT_VDC_CLUSTER_HOST_ACL
-#                                                         DEFAULT_VDC_CLUSTER_VNET_ACL
-#                                                         DEFAULT_VDC_CLUSTER_DATASTORE_ACL
-# Can define which you want that will be the mask using the permissions (USE | MANAGE | ADMIN ).
-# You can concatenate this permissions with the character '+'. Example: "USE+MANAGE".
-# The value empty is "" or "-".
-#*******************************************************************************************
-DEFAULT_VDC_HOST_ACL = "MANAGE+USE"
-DEFAULT_VDC_NET_ACL = "USE+MANAGE"
-DEFAULT_VDC_DATASTORE_ACL = "USE"
-
-DEFAULT_VDC_CLUSTER_HOST_ACL = "MANAGE"
-DEFAULT_VDC_CLUSTER_NET_ACL = "USE"
-DEFAULT_VDC_CLUSTER_DATASTORE_ACL = "MANAGE"