d4579bbebb
Tacker v1 API policies adopted the RBAC new defaults and this document try to explain the changes and how operator can use those. Also, adding the migration plan to move from old default to new default. Adding release notes also. Implement blueprint implement-project-personas Change-Id: Ib37cf65b79451a98e58b470726214e69624751a3
2.4 KiB
2.4 KiB
Tacker Configuration Guide
The static configuration for tacker lives in three main files:
api-paste.ini, tacker.conf and
policy.yaml. These are described below. For a bigger
picture view on configuring tacker to solve specific problems.
Configuration
API Paste ini <api-paste.ini>: A complete reference of api-paste.ini available in theapi-paste.inifile.Config Reference <config>: A complete reference of all configuration options available in thetacker.conffile.Sample Config File <sample_config>: A sample config file with inline documentation.
Policy
Tacker, like most OpenStack projects, uses a policy language to restrict permissions on REST API actions.
Policy Concepts <policy-concepts>: Starting in the Tacker 11.0.0 (OpenStack 2024.1 Caracal) release, Tacker API policy defines new default roles. These new changes improve the security level and manageability of Tacker API as they are richer in terms of handling ‘Read’ and ‘Write’ roles.
policy-concepts
Policy Reference <policy>: A complete reference of all policy points in tacker and what they impact.Sample Policy File <sample_policy>: A sample tacker policy file with inline documentation.Enhanced Tacker Policy <enhanced_policy>: A document describes how to use Enhanced Tacker Policy in Tacker.
api-paste.ini policy sample_policy config sample_config enhanced_policy