openstack/cinder
Code Issues Proposed changes

Merge "Make VolumeTypeExtraSpecsController policy more granular"

Browse Source
This commit is contained in:
Jenkins 2017-08-15 21:17:15 +00:00 committed by Gerrit Code Review
commit 2a3df6bce8
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
releasenotes/notes/type-extra-spec-policies-b7742b0ac2732864.yaml Normal file
View File

@ -0,0 +1,16 @@
---
upgrade:
- |
When managing volume types an OpenStack provider is now given more control to grant
access to for different storage type operations. The provider can now customize access
to type create, delete, update, list, and show using new entries in the cinder policy file.
As an example one provider may have roles called viewer, admin, type_viewer, and say
type_admin. Admin and type_admin can create, delete, update types. Everyone can list
the storage types. Admin, type_viewer, and type_admin can view the extra_specs.
"volume_extension:types_extra_specs:create": "rule:admin or rule:type_admin",
"volume_extension:types_extra_specs:delete": "rule:admin or rule:type_admin",
"volume_extension:types_extra_specs:index": "",
"volume_extension:types_extra_specs:show": "rule:admin or rule:type_admin or rule:type_viewer",
"volume_extension:types_extra_specs:update": "rule:admin or rule:type_admin"