copper:use_cases
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Last revision Both sides next revision | ||
|
copper:use_cases [2015/05/05 21:16] Bryan Sullivan |
copper:use_cases [2015/05/05 21:22] Bryan Sullivan |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| ^ Policy ^ Description ^ Notes/Examples ^ | ^ Policy ^ Description ^ Notes/Examples ^ | ||
| - | | Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), neutron:network(network), | + | | Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), |
| - | nova:network(vm, network), neutron:private(network), | + | neutron:network(network), |
| - | nova:owner(vm, vm-own), neutron:owner(network, net-own), | + | nova:network(vm, network), |
| + | neutron:private(network), | ||
| + | nova:owner(vm, vm-own), | ||
| + | neutron:owner(network, net-own), | ||
| -same-group(vm-own, net-own) | -same-group(vm-own, net-own) | ||
| same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) </code> | | same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) </code> | | ||
| - | | Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), cinder:volumes(volume), nova:volume(vm, volume), nova:owner(vm, vm-own), neutron:owner(volume, vol-own), | + | | Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), cinder:volumes(volume), |
| + | nova:volume(vm, volume), | ||
| + | nova:owner(vm, vm-own), | ||
| + | neutron:owner(volume, vol-own), | ||
| -same-group(vm-own, vol-own) | -same-group(vm-own, vol-own) | ||
copper/use_cases.txt · Last modified: 2015/05/05 21:24 by Bryan Sullivan
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
