Put a clear instruction not to expose S3 creds

Change-Id: Id2e9d4351513341b5ee41fa8a8d677aca6580fca
2021-07-07 11:31:51 +09:00 · 2021-07-07 11:31:51 +09:00 · b01a246a4d
parent a6dc972b09
commit b01a246a4d
2 changed files with 6 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -106,9 +106,12 @@ This S3 backend is supported for Ussuri release or later in the charm.
 The step below assumes an external and pre-existing S3 compatible server
 available.

-S3 server information can be passed via charm config options.
+S3 server information can be passed via charm config options, and you
+must set `expose-image-locations` as false not to expose S3 credentials
+through Glance API.

    juju config glance \
+        expose-image-locations=false \
        s3-store-host='http://my-object-storage.example.com:8080' \
        s3-store-access-key='ACCESS_KEY' \
        s3-store-secret-key='SECRET_KEY' \
--- a/config.yaml
+++ b/config.yaml
@ -541,7 +541,8 @@ options:
      http://my-object-storage.example.com:8080
      .
      NOTE: The S3 backend can be enabled only for Ussuri or later
-      releases with this charm.
+      releases with this charm. You must set expose-image-locations as
+      false not to expose S3 credentials through Glance API.
  s3-store-access-key:
    type: string
    default: