diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-03-30 05:29:22 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-03-30 05:29:22 +0000 |
| commit | 313ece74cd7dd7a715f345038dbe78ec107a9afd (patch) | |
| tree | 51676d6121f238f1a0886a7fe4e6c1eacc2e30f4 /environments | |
| parent | 0ae9d9b346f1c5d7e29b8f281474577eca260670 (diff) | |
| parent | 91053af09dace8dba65c9e5b72eb7de15fd69522 (diff) | |
Merge "Allow to configure policy.json for OpenStack projects"
Diffstat (limited to 'environments')
| -rw-r--r-- | environments/nova-api-policy.yaml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/environments/nova-api-policy.yaml b/environments/nova-api-policy.yaml new file mode 100644 index 00000000..681bd010 --- /dev/null +++ b/environments/nova-api-policy.yaml @@ -0,0 +1,10 @@ +# A Heat environment file which can be used to configure access policies for +# Nova API resources. It is here for example and doesn't cover all services +# but just Nova here. +# While recipes for editing policy.json files is supported, modifying the +# policy can have unexpected side effects and is not encouraged. + +parameter_defaults: + # The target is "compute:get_all", the "list all instances" API of the Compute service. + # The rule is an empty string meaning "always". This policy allows anybody to list instances. + NovaApiPolicies: { nova-context_is_admin: { key: 'compute:get_all', value: '' } } |