5bffac0186
Supplying a policy.json file is no longer necessary. Change-Id: I33b84c4d68e8077271447bcbdea4b7052eb01204 Depends-On: https://review.opendev.org/694386
40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
# property-protections-policies.conf.sample
|
|
#
|
|
# This file is an example config file for when
|
|
# property_protection_rule_format=policies is enabled.
|
|
#
|
|
# Specify regular expression for which properties will be protected in []
|
|
# For each section, specify CRUD permissions.
|
|
#
|
|
# The permissions specified may refer to policies defined in a policy file.
|
|
# The name of this file may be specified as the value of the policy_file
|
|
# option in the [oslo_policy] section of the glance-api.conf file. The
|
|
# format of this file may be JSON or YAML.
|
|
#
|
|
# The property rules will be applied in the order specified. Once
|
|
# a match is found the remaining property rules will not be applied.
|
|
#
|
|
# WARNING:
|
|
# * If the reg ex specified below does not compile, then
|
|
# the glance-api service fails to start. (Guide for reg ex python compiler
|
|
# used:
|
|
# http://docs.python.org/2/library/re.html#regular-expression-syntax)
|
|
# * If an operation(create, read, update, delete) is not specified or misspelt
|
|
# then the glance-api service fails to start.
|
|
# So, remember, with GREAT POWER comes GREAT RESPONSIBILITY!
|
|
#
|
|
# NOTE: Only one policy can be specified per action. If multiple policies are
|
|
# specified, then the glance-api service fails to start.
|
|
|
|
[^x_.*]
|
|
create = default
|
|
read = default
|
|
update = default
|
|
delete = default
|
|
|
|
[.*]
|
|
create = context_is_admin
|
|
read = context_is_admin
|
|
update = context_is_admin
|
|
delete = context_is_admin
|