[Doc] Policy support to copy unowned images
Change-Id: If0fd74d9f2eecb21153493457c58d767f12ffdeb
This commit is contained in:
Abhishek Kekane
parent
16a5431c66
commit
52eaa56e40
@ -284,6 +284,11 @@ If you are using the ``copy-image`` import method:
|
||||
the user. In case of a partial success, the locations added to the
|
||||
image will be the stores where the data has been correctly uploaded.
|
||||
|
||||
- By default, you may perform the copy-image operation only on images that
|
||||
you own. This action is governed by policy, so some users may be granted
|
||||
permission to copy unowned images. Consult your cloud's local
|
||||
documentation for details.
|
||||
|
||||
**Synchronous Postconditions**
|
||||
|
||||
- With correct permissions, you can see the image status as
|
||||
|
||||
@ -214,7 +214,12 @@ Configuring the copy-image method
|
||||
|
||||
For the ``copy-image`` method, make sure that ``copy-image`` is included
|
||||
in the list specified by your ``enabled_import_methods`` setting as well
|
||||
as you have multiple glance backends configured in your environment.
|
||||
as you have multiple glance backends configured in your environment. To
|
||||
allow copy-image operation to be performed by users on images they do
|
||||
not own, you can set the `copy_image` policy to something other than
|
||||
the default, for example::
|
||||
|
||||
"copy_image": "'public':%(visibility)s"
|
||||
|
||||
.. _iir_plugins:
|
||||
|
||||
@ -223,6 +228,13 @@ Copying existing-image in multiple stores
|
||||
Starting with Ussuri release, it is possible to copy existing image data
|
||||
into multiple stores using interoperable image import workflow.
|
||||
|
||||
Basically user will be able to copy only those images which are
|
||||
owned by him. Unless the copying of unowned images are allowed by
|
||||
cloud operator by enforcing policy check, user will get Forbidden
|
||||
(Operation not permitted response) for such copy operations. Even if
|
||||
copying of unowned images is allowed by enforcing policy, ownership of
|
||||
the image remains unchanged.
|
||||
|
||||
Operator or end user can either copy the existing image by specifying
|
||||
``all_stores`` as True in request body or by passing list of desired
|
||||
stores in request body. If ``all_stores`` is specified and image data
|
||||
|
||||
Loading…
Reference in New Issue
Block a user