openstack/tripleo-docs
Code Issues Proposed changes
Files
c3e8fe6082bd9e4a0ffe2bc8d08df93f63f8dd8b
tripleo-docs/doc/source/install/advanced_deployment/api_policies.rst
Emilien Macchi 6cd603610b Update docs structure 
The upstream docs structure is changing, so this change updates our
existing docs into contributor and install guide sections.

Change-Id: I37fabd25fdda6bc56fcfb331b74e3294e31e68bb
2017-07-07 20:04:52 +00:00

1003 B
Raw Blame History

Configuring API access policies

Each OpenStack service, has its own role-based access policies. They determine which user can access which resources in which way, and are defined in the services policy.json file.

Warning

While editing policy.json is supported, modifying the policy can have unexpected side effects and is not encouraged.

supports custom API access policies through parameters in TripleO Heat Templates. To enable this feature, you need to use some parameters to enable the custom policies on the services you want.

Creating an environment file and adding the following arguments to your openstack overcloud deploy command will do the trick:

$ cat ~/nova-policies.yaml
parameter_defaults:
  NovaApiPolicies: { nova-context_is_admin: { key: 'compute:get_all', value: '' } }

-e nova-policies.yaml

In this example, we allow anyone to list Nova instances, which is very insecure but can be done with this feature.