Merge "Add note about protected properties in glance"

This commit is contained in:
Jenkins 2014-05-08 17:24:34 +00:00 committed by Gerrit Code Review
commit 78035f31b4

View File

@ -4,23 +4,30 @@
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="glance-property-protection"> xml:id="glance-property-protection">
<title>Image property protection</title> <title>Image property protection</title>
<para>There are currently two types of properties in the Image <para>An image property is a key and value pair that is attached to
Service: "core properties," which are defined by the system, and OpenStack Image Service image.</para>
"additional properties," which are arbitrary key/value pairs that <para>Core properties, such as the image name, are defined and set
can be set on an image.</para> by the cloud administrator. Additional properties, such as
<para>Any such property can be protected licensing and billing information, are defined and set by the
through configuration. When you put protections on a property, it cloud administrator and the image owner.</para>
limits the users who can perform CRUD operations on the property <para>The cloud administrator can configure any property as
based on their user role. The use case is to enable the cloud <glossterm baseform="protected property">protected</glossterm>,
provider to maintain extra properties on images. Typically this which limits which user roles can perform CRUD operations on that
would be performed by an administrator who has access to protected property. Protected properties are generally extra properties to
properties, managed in the <filename>policy.json</filename> file. which only cloud administrators have access.</para>
The extra property could be licensing information or billing information, <para>For unprotected image properties, the cloud administrator can
for example.</para> manage core properties and the image owner can manage additional
<para>Properties that don't have protections defined for them will properties.</para>
act as they do now: the administrator can control core properties, <procedure>
with the image owner having control over additional properties.</para> <title>To configure property protection</title>
<para>Property protection can be set in <step>
<filename>/etc/glance/property-protections.conf</filename>, using <para>Define roles in the <filename>policy.json</filename>
roles found in <filename>policy.json</filename>.</para> file.</para>
</step>
<step>
<para>Define which roles can manage which properties in the
<filename>/etc/glance/property-protections.conf</filename>
file.</para>
</step>
</procedure>
</section> </section>