summaryrefslogtreecommitdiffstats
path: root/environments/nova-api-policy.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'environments/nova-api-policy.yaml')
-rw-r--r--environments/nova-api-policy.yaml10
1 files changed, 10 insertions, 0 deletions
diff --git a/environments/nova-api-policy.yaml b/environments/nova-api-policy.yaml
new file mode 100644
index 00000000..681bd010
--- /dev/null
+++ b/environments/nova-api-policy.yaml
@@ -0,0 +1,10 @@
+# A Heat environment file which can be used to configure access policies for
+# Nova API resources. It is here for example and doesn't cover all services
+# but just Nova here.
+# While recipes for editing policy.json files is supported, modifying the
+# policy can have unexpected side effects and is not encouraged.
+
+parameter_defaults:
+ # The target is "compute:get_all", the "list all instances" API of the Compute service.
+ # The rule is an empty string meaning "always". This policy allows anybody to list instances.
+ NovaApiPolicies: { nova-context_is_admin: { key: 'compute:get_all', value: '' } }