0a461979df
This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.
A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.
With these changes, we can have something like:
/etc/nova/policy.json - for nova policy rules
/etc/nova/placement-policy.yaml - for placement rules
The docs are also updated to include the placement
policy sample along with a tox builder for the sample.
This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.
Part of blueprint granular-placement-policy
Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
60 lines
1.8 KiB
ReStructuredText
60 lines
1.8 KiB
ReStructuredText
===================
|
|
Configuration Guide
|
|
===================
|
|
|
|
The static configuration for nova lives in two main files: ``nova.conf`` and
|
|
``policy.json``. These are described below. For a bigger picture view on
|
|
configuring nova to solve specific problems, refer to the :doc:`Nova Admin
|
|
Guide </admin/index>`.
|
|
|
|
Configuration
|
|
-------------
|
|
|
|
* :doc:`Configuration Guide </admin/configuration/index>`: Detailed
|
|
configuration guides for various parts of you Nova system. Helpful reference
|
|
for setting up specific hypervisor backends.
|
|
|
|
* :doc:`Config Reference <config>`: A complete reference of all
|
|
configuration options available in the ``nova.conf`` file.
|
|
|
|
* :doc:`Sample Config File <sample-config>`: A sample config
|
|
file with inline documentation.
|
|
|
|
Nova Policy
|
|
-----------
|
|
|
|
Nova, like most OpenStack projects, uses a policy language to restrict
|
|
permissions on REST API actions.
|
|
|
|
* :doc:`Policy Reference <policy>`: A complete reference of all
|
|
policy points in nova and what they impact.
|
|
|
|
* :doc:`Sample Policy File <sample-policy>`: A sample nova
|
|
policy file with inline documentation.
|
|
|
|
Placement Policy
|
|
----------------
|
|
|
|
Placement, like most OpenStack projects, uses a policy language to restrict
|
|
permissions on REST API actions.
|
|
|
|
* :doc:`Policy Reference <placement-policy>`: A complete
|
|
reference of all policy points in placement and what they impact.
|
|
|
|
* :doc:`Sample Policy File <sample-placement-policy>`: A sample
|
|
placement policy file with inline documentation.
|
|
|
|
|
|
.. # NOTE(mriedem): This is the section where we hide things that we don't
|
|
# actually want in the table of contents but sphinx build would fail if
|
|
# they aren't in the toctree somewhere.
|
|
.. toctree::
|
|
:hidden:
|
|
|
|
config
|
|
sample-config
|
|
policy
|
|
sample-policy
|
|
placement-policy
|
|
sample-placement-policy
|