83467b8c68
The sample policy file was updated recently and this releasenote explains the changes for operators. A more narrowly scoped releasenote for a previous change along similar lines has been removed since it is covered under this note. Change-Id: I11bde778e9fe1f3a70d9fac213b40f05f07e7e47
17 lines
702 B
YAML
17 lines
702 B
YAML
---
|
|
other:
|
|
|
|
- The sample policy file shipped with Nova contained many policies set to
|
|
""(allow all) which was not the proper default for many of those checks. It
|
|
was also a source of confusion as some people thought "" meant to use the
|
|
default rule. These empty policies have been updated to be explicit in all
|
|
cases.
|
|
|
|
Many of them were changed to match the default rule of "admin_or_owner"
|
|
which is a more restrictive policy check but does not change the
|
|
restrictiveness of the API calls overall because there are similar checks
|
|
in the database already.
|
|
|
|
This does not affect any existing deployment, just the sample file included
|
|
for use by new deployments.
|