nova/doc/source/configuration/index.rst
Matt Riedemann 0a461979df Implement granular policy rules for placement
This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.

A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.

With these changes, we can have something like:

  /etc/nova/policy.json - for nova policy rules
  /etc/nova/placement-policy.yaml - for placement rules

The docs are also updated to include the placement
policy sample along with a tox builder for the sample.

This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.

Part of blueprint granular-placement-policy

Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
2018-05-17 11:12:16 -04:00

1.8 KiB

Configuration Guide

The static configuration for nova lives in two main files: nova.conf and policy.json. These are described below. For a bigger picture view on configuring nova to solve specific problems, refer to the Nova Admin Guide </admin/index>.

Configuration

  • Configuration Guide </admin/configuration/index>: Detailed configuration guides for various parts of you Nova system. Helpful reference for setting up specific hypervisor backends.
  • Config Reference <config>: A complete reference of all configuration options available in the nova.conf file.
  • Sample Config File <sample-config>: A sample config file with inline documentation.

Nova Policy

Nova, like most OpenStack projects, uses a policy language to restrict permissions on REST API actions.

  • Policy Reference <policy>: A complete reference of all policy points in nova and what they impact.
  • Sample Policy File <sample-policy>: A sample nova policy file with inline documentation.

Placement Policy

Placement, like most OpenStack projects, uses a policy language to restrict permissions on REST API actions.

  • Policy Reference <placement-policy>: A complete reference of all policy points in placement and what they impact.
  • Sample Policy File <sample-placement-policy>: A sample placement policy file with inline documentation.

config sample-config policy sample-policy placement-policy sample-placement-policy