0a461979df
This adds a granular policy checking framework for placement based on nova.policy but with a lot of the legacy cruft removed, like the is_admin and context_is_admin rules. A new PlacementPolicyFixture is added along with a new configuration option, [placement]/policy_file, which is needed because the default policy file that gets used in config is from [oslo_policy]/policy_file which is being used as the nova policy file. As far as I can tell, oslo.policy doesn't allow for multiple policy files with different names unless I'm misunderstanding how the policy_dirs option works. With these changes, we can have something like: /etc/nova/policy.json - for nova policy rules /etc/nova/placement-policy.yaml - for placement rules The docs are also updated to include the placement policy sample along with a tox builder for the sample. This starts by adding granular rules for CRUD operations on the /resource_providers and /resource_providers/{uuid} routes which use the same descriptions from the placement API reference. Subsequent patches will add new granular rules for the other routes. Part of blueprint granular-placement-policy Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
1.8 KiB
1.8 KiB
Configuration Guide
The static configuration for nova lives in two main files:
nova.conf
and policy.json
. These are described
below. For a bigger picture view on configuring nova to solve specific
problems, refer to the Nova Admin
Guide </admin/index>
.
Configuration
Configuration Guide </admin/configuration/index>
: Detailed configuration guides for various parts of you Nova system. Helpful reference for setting up specific hypervisor backends.Config Reference <config>
: A complete reference of all configuration options available in thenova.conf
file.Sample Config File <sample-config>
: A sample config file with inline documentation.
Nova Policy
Nova, like most OpenStack projects, uses a policy language to restrict permissions on REST API actions.
Policy Reference <policy>
: A complete reference of all policy points in nova and what they impact.Sample Policy File <sample-policy>
: A sample nova policy file with inline documentation.
Placement Policy
Placement, like most OpenStack projects, uses a policy language to restrict permissions on REST API actions.
Policy Reference <placement-policy>
: A complete reference of all policy points in placement and what they impact.Sample Policy File <sample-placement-policy>
: A sample placement policy file with inline documentation.
config sample-config policy sample-policy placement-policy sample-placement-policy