Add note about protected properties in glance

Also add glossary term Closes-Bug: #1219863 Change-Id: Id30dcbd635d933c206b2a314344dce3d5102dec0 author: diane fleming
2014-05-07 13:25:11 -05:00 · 2014-05-07 13:25:11 -05:00 · b551c5669a
commit b551c5669a
parent 633694bde8
1 changed files with 30 additions and 23 deletions
--- a/doc/admin-guide-cloud/image/section_glance-property-protection.xml
+++ b/doc/admin-guide-cloud/image/section_glance-property-protection.xml
@ -1,26 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section xmlns="http://docbook.org/ns/docbook"
-    xmlns:xi="http://www.w3.org/2001/XInclude"
-    xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
-    xml:id="glance-property-protection">
-    <title>Image property protection</title>
- <para>There are currently two types of properties in the Image
-  Service: "core properties," which are defined by the system, and
-  "additional properties," which are arbitrary key/value pairs that
-  can be set on an image.</para>
- <para>Any such property can be protected
-  through configuration. When you put protections on a property, it
-  limits the users who can perform CRUD operations on the property
-  based on their user role. The use case is to enable the cloud
-  provider to maintain extra properties on images. Typically this
-  would be performed by an administrator who has access to protected
-  properties, managed in the <filename>policy.json</filename> file.
-  The extra property could be licensing information or billing information,
-  for example.</para>
-  <para>Properties that don't have protections defined for them will
-  act as they do now: the administrator can control core properties,
-  with the image owner having control over additional properties.</para>
- <para>Property protection can be set in
-   <filename>/etc/glance/property-protections.conf</filename>, using
-  roles found in <filename>policy.json</filename>.</para>
+  xmlns:xi="http://www.w3.org/2001/XInclude"
+  xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+  xml:id="glance-property-protection">
+  <title>Image property protection</title>
+  <para>An image property is a key and value pair that is attached to
+    OpenStack Image Service image.</para>
+  <para>Core properties, such as the image name, are defined and set
+    by the cloud administrator. Additional properties, such as
+    licensing and billing information, are defined and set by the
+    cloud administrator and the image owner.</para>
+  <para>The cloud administrator can configure any property as
+      <glossterm baseform="protected property">protected</glossterm>,
+    which limits which user roles can perform CRUD operations on that
+    property. Protected properties are generally extra properties to
+    which only cloud administrators have access.</para>
+  <para>For unprotected image properties, the cloud administrator can
+    manage core properties and the image owner can manage additional
+    properties.</para>
+  <procedure>
+    <title>To configure property protection</title>
+    <step>
+      <para>Define roles in the <filename>policy.json</filename>
+        file.</para>
+    </step>
+    <step>
+      <para>Define which roles can manage which properties in the
+          <filename>/etc/glance/property-protections.conf</filename>
+        file.</para>
+    </step>
+  </procedure>
 </section>