91053af09d
For both containers and classic deployments, allow to configure policy.json for all OpenStack APIs with new parameters (hash, empty by default). Example of new parameter: NovaApiPolicies. See environments/nova-api-policy.yaml for how the feature can be used. Note: use it with extreme caution. Partial-implement: blueprint modify-policy-json Change-Id: I1144f339da3836c3e8c8ae4e5567afc4d1a83e95
11 lines
605 B
YAML
11 lines
605 B
YAML
# A Heat environment file which can be used to configure access policies for
|
|
# Nova API resources. It is here for example and doesn't cover all services
|
|
# but just Nova here.
|
|
# While recipes for editing policy.json files is supported, modifying the
|
|
# policy can have unexpected side effects and is not encouraged.
|
|
|
|
parameter_defaults:
|
|
# The target is "compute:get_all", the "list all instances" API of the Compute service.
|
|
# The rule is an empty string meaning "always". This policy allows anybody to list instances.
|
|
NovaApiPolicies: { nova-context_is_admin: { key: 'compute:get_all', value: '' } }
|