openstack/openstack-manuals
Code Issues Proposed changes

Add doc on glance property protection

Browse Source 
In Havana, glance added a new feature: protection over
the properties on images. This adds a basic document
explaining it to the config reference.

Change-Id: Ifabc4d53f302c020bfcd87322d31a8d094a4abe8
Closes-Bug: 1217974
This commit is contained in:
Tom Fifield 2013-12-20 12:22:05 +08:00 committed by annegentle
parent b339aac910
commit a22972ef9f
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/config-reference/ch_imageservice.xml
View File

@ -47,5 +47,5 @@
<xi:include href="../common/tables/glance-swift.xml"/>
<xi:include href="../common/tables/glance-testing.xml"/>
<xi:include href="../common/tables/glance-wsgi.xml"/>
<xi:include href="image/section_glance-property-protection.xml"/>
</chapter>

26
doc/config-reference/image/section_glance-property-protection.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="glance-property-protection">
<title>Image property protection</title>
<para>There are currently two types of properties in the Image
Service: "core properties," which are defined by the system, and
"additional properties," which are arbitrary key/value pairs that
can be set on an image.</para>
<para>With the Havana release, any such property can be protected
through configuration. When you put protections on a property, it
limits the users who can perform CRUD operations on the property
based on their user role. The use case is to enable the cloud
provider to maintain extra properties on images so typically this
would be an administrator who has access to protected properties,
managed with <filename>policy.json</filename>. The extra property
could be licensing information or billing information, for
example.</para>
<para>Properties that don't have protections defined for them will
act as they do now: the administrator can control core properties,
with the image owner having control over additional properties.</para>
<para>Property protection can be set in
<filename>/etc/glance/property-protections.conf</filename>, using
roles found in <filename>policy.json</filename>.</para>
</section>