32988c0ae8
This patch fixes the sample keystone_default_roles-policy.yaml file to use admin instead of reader for the system-reader role. Change-Id: I914aaa2eb57cf4c7206909e8ea17af1033c54965 |
||
|---|---|---|
| .. | ||
| admin_or_owner-policy.yaml | ||
| keystone_default_roles_scoped-policy.yaml | ||
| keystone_default_roles-policy.yaml | ||
| octavia-policy-generator.conf | ||
| README.rst | ||
Octavia Sample Policy Files
The sample policy.yaml files described here can be copied into /etc/octavia/policy.yaml to override the default RBAC policy for Octavia.
See the Octavia Policy Guide for more information about these policy override files.
admin_or_owner-policy.yaml
This policy file disables the requirement for load-balancer service users to have one of the load-balancer:* roles. It provides a similar policy to legacy OpenStack policies where any user or admin has access to load-balancer resources that they own. Users with the admin role has access to all load-balancer resources, whether they own them or not.
keystone_default_roles-policy.yaml
This policy file disables the requirement for load-balancer service users to have one of the load-balancer:* roles.
This policy will honor the following Keystone default roles in the Octavia API:
- Admin
- Project scoped - Reader
- Project scoped - Member
keystone_default_roles_scoped-policy.yaml ----------------------------------This policy file disables the requirement for load-balancer service users to have one of the load-balancer:* roles.
This policy will honor the following Keystone default roles and scopes in the Octavia API:
- System scoped - Admin
- System scoped - Reader
- Project scoped - Reader
- Project scoped - Member