openstack/cinder
Code Issues Proposed changes
cinder/doc/source/configuration/block-storage/samples/policy.yaml.rst
Brian Rosmaita e0335de8b9 Better workaround for policy file in PDF docs 
Follow up to cinder change Ic752048b3a1f87 with a more elegant
solution.

Credit: Elod Illes <elod.illes@est.tech> on manila change
I4f22fe7b453940.

Change-Id: I58cf850543c862c57d51b225fa928f3000accda8
2021-09-14 17:04:59 -04:00

2.6 KiB
Raw Blame History

policy.yaml

The policy.yaml file defines additional access controls that apply to the Block Storage service.

Prior to Cinder 12.0.0 (the Queens release), a JSON policy file was required to run Cinder. From the Queens release onward, the following hold:

  • It is possible to run Cinder safely without a policy file, as sensible default values are defined in the code.
  • If you wish to run Cinder with policies different from the default, you may write a policy file.
    • Given that JSON does not allow comments, we recommend using YAML to write a custom policy file. (Also, see next item.)
    • OpenStack has deprecated the use of a JSON policy file since the Wallaby release (Cinder 18.0.0). If you are still using the JSON format, there is a oslopolicy-convert-json-to-yaml__ tool that will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
  • If you supply a custom policy file, you only need to supply entries for the policies you wish to change from their default values. For instance, if you want to change the default value of "volume:create", you only need to keep this single rule in your policy config file.
  • The default policy file location is /etc/cinder/policy.yaml. You may override this by specifying a different file location as the value of the policy_file configuration option in the [oslo_policy] section of the the Cinder configuration file.
  • Instructions for generating a sample policy.yaml file directly from the Cinder source code can be found in the file README-policy.generate.md in the etc/cinder directory in the Cinder source code repository (or its github mirror).

html

The following provides a listing of the default policies. It is not recommended to copy this file into /etc/cinder unless you are planning on providing a different policy for an operation that is not the default.

The sample policy file can also be viewed in file form.

../../../_static/cinder.policy.yaml.sample

latex

A sample policy file is available in the online version of this documentation. Make sure you are looking at the sample file for the OpenStack release you are running as the available policy rules and their default values may change from release to release.