Merge "Add note about protected properties in glance"
This commit is contained in:
commit
78035f31b4
@ -4,23 +4,30 @@
|
|||||||
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
xml:id="glance-property-protection">
|
xml:id="glance-property-protection">
|
||||||
<title>Image property protection</title>
|
<title>Image property protection</title>
|
||||||
<para>There are currently two types of properties in the Image
|
<para>An image property is a key and value pair that is attached to
|
||||||
Service: "core properties," which are defined by the system, and
|
OpenStack Image Service image.</para>
|
||||||
"additional properties," which are arbitrary key/value pairs that
|
<para>Core properties, such as the image name, are defined and set
|
||||||
can be set on an image.</para>
|
by the cloud administrator. Additional properties, such as
|
||||||
<para>Any such property can be protected
|
licensing and billing information, are defined and set by the
|
||||||
through configuration. When you put protections on a property, it
|
cloud administrator and the image owner.</para>
|
||||||
limits the users who can perform CRUD operations on the property
|
<para>The cloud administrator can configure any property as
|
||||||
based on their user role. The use case is to enable the cloud
|
<glossterm baseform="protected property">protected</glossterm>,
|
||||||
provider to maintain extra properties on images. Typically this
|
which limits which user roles can perform CRUD operations on that
|
||||||
would be performed by an administrator who has access to protected
|
property. Protected properties are generally extra properties to
|
||||||
properties, managed in the <filename>policy.json</filename> file.
|
which only cloud administrators have access.</para>
|
||||||
The extra property could be licensing information or billing information,
|
<para>For unprotected image properties, the cloud administrator can
|
||||||
for example.</para>
|
manage core properties and the image owner can manage additional
|
||||||
<para>Properties that don't have protections defined for them will
|
properties.</para>
|
||||||
act as they do now: the administrator can control core properties,
|
<procedure>
|
||||||
with the image owner having control over additional properties.</para>
|
<title>To configure property protection</title>
|
||||||
<para>Property protection can be set in
|
<step>
|
||||||
<filename>/etc/glance/property-protections.conf</filename>, using
|
<para>Define roles in the <filename>policy.json</filename>
|
||||||
roles found in <filename>policy.json</filename>.</para>
|
file.</para>
|
||||||
|
</step>
|
||||||
|
<step>
|
||||||
|
<para>Define which roles can manage which properties in the
|
||||||
|
<filename>/etc/glance/property-protections.conf</filename>
|
||||||
|
file.</para>
|
||||||
|
</step>
|
||||||
|
</procedure>
|
||||||
</section>
|
</section>
|
||||||
|
Loading…
Reference in New Issue
Block a user