Merge "Remove sample policy config from docs generation"
This commit is contained in:
commit
e76746f805
@ -35,9 +35,6 @@ model Cinder employs and how it can be modified by adjusting policies.
|
||||
run Cinder with a custom policy configuration, however, you'll need to write
|
||||
your changes into a policy file.
|
||||
|
||||
* Elsewhere in this documentation, you can find a copy of the :doc:`sample
|
||||
policy file <./samples/policy.yaml>` that contains all the default settings.
|
||||
|
||||
* Instructions for generating a sample ``policy.yaml`` file directly from the
|
||||
Cinder source code can be found in the file ``README-policy.generate.md``
|
||||
in the ``etc/cinder`` directory in the Cinder `source code repository
|
||||
@ -134,8 +131,8 @@ of policy file configuration.
|
||||
|
||||
"context_is_admin"
|
||||
This defines the administrative context in Cinder. You'll notice that it's
|
||||
defined once at the beginning of the :doc:`sample policy file
|
||||
<./samples/policy.yaml>` and isn't referred to anywhere else in that file.
|
||||
defined once at the beginning of the sample policy file
|
||||
and isn't referred to anywhere else in that file.
|
||||
To understand what this does, it's helpful to know something about the API
|
||||
implementation.
|
||||
|
||||
|
@ -7,9 +7,7 @@ Policy configuration
|
||||
Configuration
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
The following is an overview of all available policies in Cinder. For
|
||||
information on how to write a custom policy file to modify these policies,
|
||||
see :ref:`policy-file` in the Cinder configuration documentation.
|
||||
The following is an overview of all available policies in Cinder.
|
||||
|
||||
.. show-policy::
|
||||
:config-file: tools/config/cinder-policy-generator.conf
|
||||
|
@ -11,5 +11,4 @@ All the files in this section can be found in ``/etc/cinder``.
|
||||
|
||||
cinder.conf.rst
|
||||
api-paste.ini.rst
|
||||
policy.yaml.rst
|
||||
rootwrap.conf.rst
|
||||
|
@ -1,54 +0,0 @@
|
||||
.. _policy-file:
|
||||
|
||||
===========
|
||||
policy.yaml
|
||||
===========
|
||||
|
||||
The ``policy.yaml`` file defines additional access controls that apply
|
||||
to the Block Storage service.
|
||||
|
||||
Prior to Cinder 12.0.0 (the Queens release), a JSON policy file was required to
|
||||
run Cinder. From the Queens release onward, the following hold:
|
||||
|
||||
* It is possible to run Cinder safely without a policy file, as sensible
|
||||
default values are defined in the code.
|
||||
|
||||
* If you wish to run Cinder with policies different from the default, you may
|
||||
write a policy file.
|
||||
|
||||
* Given that JSON does not allow comments, we recommend using YAML to write
|
||||
a custom policy file. (Also, see next item.)
|
||||
|
||||
* OpenStack has deprecated the use of a JSON policy file since the Wallaby
|
||||
release (Cinder 18.0.0). If you are still using the JSON format, there
|
||||
is a `oslopolicy-convert-json-to-yaml`__ tool that will migrate your
|
||||
existing JSON-formatted policy file to YAML in a backward-compatible way.
|
||||
|
||||
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
|
||||
|
||||
* If you supply a custom policy file, you only need to supply entries for the
|
||||
policies you wish to change from their default values. For instance, if you
|
||||
want to change the default value of "volume:create", you only need to keep
|
||||
this single rule in your policy config file.
|
||||
|
||||
* The default policy file location is ``/etc/cinder/policy.yaml``. You may
|
||||
override this by specifying a different file location as the value of the
|
||||
``policy_file`` configuration option in the ``[oslo_policy]`` section of the
|
||||
the Cinder configuration file.
|
||||
|
||||
* Instructions for generating a sample ``policy.yaml`` file directly from the
|
||||
Cinder source code can be found in the file ``README-policy.generate.md``
|
||||
in the ``etc/cinder`` directory in the Cinder `source code repository
|
||||
<https://opendev.org/openstack/cinder>`_ (or its `github mirror
|
||||
<https://github.com/openstack/cinder>`_).
|
||||
|
||||
The following provides a listing of the default policies. It is not recommended
|
||||
to copy this file into ``/etc/cinder`` unless you are planning on providing a
|
||||
different policy for an operation that is not the default.
|
||||
|
||||
.. only:: html
|
||||
|
||||
The sample policy file can also be viewed in `file form
|
||||
<../../../_static/cinder.policy.yaml.sample>`_.
|
||||
|
||||
.. literalinclude:: ../../../_static/cinder.policy.yaml.sample
|
Loading…
Reference in New Issue
Block a user