Browse Source

Add new parameter required for secure RBAC configuration

Glance has added support for project persona of secure RBAC as
an experimental feature where 'enforce_secure_rbac' has been introduced.

Adding support of 'enforce_secure_rbac' parameter here.

Partially Implements: blueprint secure-rbac

Change-Id: I1db7fa2694bc9a448a47e435cfd95264504086c6
(cherry picked from commit fdb2c555fd)
changes/41/787541/1
Pranali Deore 6 months ago
committed by Takashi Kajinami
parent
commit
d6ed637320
  1. 6
      manifests/api.pp
  2. 5
      releasenotes/notes/add_enforce_secure_rbac_for_rbac_support-35bcf4ef4e25e435.yaml
  3. 3
      spec/classes/glance_api_spec.rb

6
manifests/api.pp

@ -122,6 +122,10 @@
# (optional) CA certificate file to use to verify connecting clients
# Defaults to $::os_service_default
#
# [*enforce_secure_rbac*]
# (optional) Enabled enforcing authorization based on common RBAC personas.
# Defaults to $::os_service_default
#
# [*enabled_backends*]
# (optional) List of Key:Value pairs of store identifier and store type.
# Example: ['swift:swift', 'ceph1:ceph', 'ceph2:ceph']
@ -315,6 +319,7 @@ class glance::api(
$cert_file = $::os_service_default,
$key_file = $::os_service_default,
$ca_file = $::os_service_default,
$enforce_secure_rbac = $::os_service_default,
$enabled_backends = undef,
$default_backend = undef,
$container_formats = $::os_service_default,
@ -432,6 +437,7 @@ removed in a future realse. Use glance::api::db::database_max_overflow instead')
'DEFAULT/location_strategy': value => $location_strategy;
'DEFAULT/scrub_time': value => $scrub_time;
'DEFAULT/delayed_delete': value => $delayed_delete;
'DEFAULT/enforce_secure_rbac': value => $enforce_secure_rbac;
'DEFAULT/cache_prefetcher_interval': value => $cache_prefetcher_interval;
'DEFAULT/image_cache_dir': value => $image_cache_dir;
'DEFAULT/image_cache_stall_time': value => $image_cache_stall_time;

5
releasenotes/notes/add_enforce_secure_rbac_for_rbac_support-35bcf4ef4e25e435.yaml

@ -0,0 +1,5 @@
---
features:
- |
Add ``enforce_secure_rbac`` parameter to enable enforcing authorization
based on common RBAC personas.

3
spec/classes/glance_api_spec.rb

@ -23,6 +23,7 @@ describe 'glance::api' do
:purge_config => false,
:delayed_delete => '<SERVICE DEFAULT>',
:scrub_time => '<SERVICE DEFAULT>',
:enforce_secure_rbac => '<SERVICE DEFAULT>',
:image_cache_dir => '/var/lib/glance/image-cache',
:image_import_plugins => '<SERVICE DEFAULT>',
:image_conversion_output_format => '<SERVICE DEFAULT>',
@ -65,6 +66,7 @@ describe 'glance::api' do
:location_strategy => 'store_type',
:delayed_delete => 'true',
:scrub_time => '10',
:enforce_secure_rbac => 'true',
:image_cache_dir => '/tmp/glance',
:image_import_plugins => 'image_conversion',
:image_conversion_output_format => 'raw',
@ -125,6 +127,7 @@ describe 'glance::api' do
'location_strategy',
'delayed_delete',
'scrub_time',
'enforce_secure_rbac',
'image_cache_dir',
'image_cache_stall_time',
'image_cache_max_size',

Loading…
Cancel
Save