Merge "Refresh Glance example configs for epoxy m2"
This commit is contained in:
commit
8b7c393423
@ -739,11 +739,6 @@
|
||||
# backends should be separated using comma. (dict value)
|
||||
#enabled_backends = <None>
|
||||
|
||||
# This argument is used internally on Windows. Glance passes a pipe handle to
|
||||
# child processes, which is then used for inter-process communication. (string
|
||||
# value)
|
||||
#pipe_handle = <None>
|
||||
|
||||
# DEPRECATED:
|
||||
# The relative path to sqlite file database that will be used for image cache
|
||||
# management.
|
||||
@ -1758,6 +1753,14 @@
|
||||
# (string value)
|
||||
#slave_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the database.
|
||||
# (string value)
|
||||
#asyncio_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the slave
|
||||
# database. (string value)
|
||||
#asyncio_slave_connection = <None>
|
||||
|
||||
# The SQL mode to be used for MySQL sessions. This option, including the
|
||||
# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
|
||||
# the server configuration, set this to no value. Example: mysql_sql_mode=
|
||||
@ -2366,6 +2369,17 @@
|
||||
# (integer value)
|
||||
#s3_store_thread_pools = 10
|
||||
|
||||
#
|
||||
# The path to the CA cert bundle to use. The default value (an empty string)
|
||||
# forces the use of the default CA cert bundle used by botocore.
|
||||
#
|
||||
# Possible values:
|
||||
# * A path to the CA cert bundle to use
|
||||
# * An empty string to use the default CA cert bundle used by botocore
|
||||
#
|
||||
# (string value)
|
||||
#s3_store_cacert =
|
||||
|
||||
|
||||
[glance.store.swift.store]
|
||||
|
||||
@ -4112,6 +4126,17 @@
|
||||
# (integer value)
|
||||
#s3_store_thread_pools = 10
|
||||
|
||||
#
|
||||
# The path to the CA cert bundle to use. The default value (an empty string)
|
||||
# forces the use of the default CA cert bundle used by botocore.
|
||||
#
|
||||
# Possible values:
|
||||
# * A path to the CA cert bundle to use
|
||||
# * An empty string to use the default CA cert bundle used by botocore
|
||||
#
|
||||
# (string value)
|
||||
#s3_store_cacert =
|
||||
|
||||
#
|
||||
# Set verification of the server certificate.
|
||||
#
|
||||
@ -4891,6 +4916,10 @@
|
||||
# DisableByFilesPortsHealthcheck plugin. (list value)
|
||||
#disable_by_file_paths =
|
||||
|
||||
# Check the presence of files. Used by EnableByFilesHealthcheck plugin. (list
|
||||
# value)
|
||||
#enable_by_file_paths =
|
||||
|
||||
|
||||
[image_format]
|
||||
|
||||
@ -5165,6 +5194,21 @@
|
||||
# as locks should use the same directory. (string value)
|
||||
#lock_path = <None>
|
||||
|
||||
# Number of attempts for the multipath device to be ready for I/O after it was
|
||||
# created. Readiness is checked with ``multipath -C``. See related
|
||||
# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
|
||||
# value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_attempts = 4
|
||||
|
||||
# Interval value to wait for multipath device to be ready for I/O. Max number of
|
||||
# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
|
||||
# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
|
||||
# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
|
||||
# is no wait before first attempt. Default value is 1. (integer value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_interval = 1
|
||||
|
||||
|
||||
[oslo_concurrency]
|
||||
|
||||
@ -5191,6 +5235,25 @@
|
||||
# The service's endpoint id which is registered in Keystone. (string value)
|
||||
#endpoint_id = <None>
|
||||
|
||||
# Service name for endpoint discovery (string value)
|
||||
#endpoint_service_name = <None>
|
||||
|
||||
# Service type for endpoint discovery (string value)
|
||||
#endpoint_service_type = <None>
|
||||
|
||||
# Region to which the endpoint belongs (string value)
|
||||
#endpoint_region_name = <None>
|
||||
|
||||
# The interface for endpoint discovery (string value)
|
||||
# Possible values:
|
||||
# public - <No description provided>
|
||||
# publicURL - <No description provided>
|
||||
# internal - <No description provided>
|
||||
# internalURL - <No description provided>
|
||||
# admin - <No description provided>
|
||||
# adminURL - <No description provided>
|
||||
#endpoint_interface = publicURL
|
||||
|
||||
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# (string value)
|
||||
#cafile = <None>
|
||||
@ -5328,190 +5391,6 @@
|
||||
#retriable_status_codes = <None>
|
||||
|
||||
|
||||
[oslo_messaging_amqp]
|
||||
|
||||
#
|
||||
# From oslo.messaging
|
||||
#
|
||||
|
||||
# Name for the AMQP container. must be globally unique. Defaults to a generated
|
||||
# UUID (string value)
|
||||
#container_name = <None>
|
||||
|
||||
# Timeout for inactive connections (in seconds) (integer value)
|
||||
#idle_timeout = 0
|
||||
|
||||
# Debug: dump AMQP frames to stdout (boolean value)
|
||||
#trace = false
|
||||
|
||||
# Attempt to connect via SSL. If no other ssl-related parameters are given, it
|
||||
# will use the system's CA-bundle to verify the server's certificate. (boolean
|
||||
# value)
|
||||
#ssl = false
|
||||
|
||||
# CA certificate PEM file used to verify the server's certificate (string value)
|
||||
#ssl_ca_file =
|
||||
|
||||
# Self-identifying certificate PEM file for client authentication (string value)
|
||||
#ssl_cert_file =
|
||||
|
||||
# Private key PEM file used to sign ssl_cert_file certificate (optional) (string
|
||||
# value)
|
||||
#ssl_key_file =
|
||||
|
||||
# Password for decrypting ssl_key_file (if encrypted) (string value)
|
||||
#ssl_key_password = <None>
|
||||
|
||||
# By default SSL checks that the name in the server's certificate matches the
|
||||
# hostname in the transport_url. In some configurations it may be preferable to
|
||||
# use the virtual hostname instead, for example if the server uses the Server
|
||||
# Name Indication TLS extension (rfc6066) to provide a certificate per virtual
|
||||
# host. Set ssl_verify_vhost to True if the server's SSL certificate uses the
|
||||
# virtual host name instead of the DNS name. (boolean value)
|
||||
#ssl_verify_vhost = false
|
||||
|
||||
# Space separated list of acceptable SASL mechanisms (string value)
|
||||
#sasl_mechanisms =
|
||||
|
||||
# Path to directory that contains the SASL configuration (string value)
|
||||
#sasl_config_dir =
|
||||
|
||||
# Name of configuration file (without .conf suffix) (string value)
|
||||
#sasl_config_name =
|
||||
|
||||
# SASL realm to use if no realm present in username (string value)
|
||||
#sasl_default_realm =
|
||||
|
||||
# Seconds to pause before attempting to re-connect. (integer value)
|
||||
# Minimum value: 1
|
||||
#connection_retry_interval = 1
|
||||
|
||||
# Increase the connection_retry_interval by this many seconds after each
|
||||
# unsuccessful failover attempt. (integer value)
|
||||
# Minimum value: 0
|
||||
#connection_retry_backoff = 2
|
||||
|
||||
# Maximum limit for connection_retry_interval + connection_retry_backoff
|
||||
# (integer value)
|
||||
# Minimum value: 1
|
||||
#connection_retry_interval_max = 30
|
||||
|
||||
# Time to pause between re-connecting an AMQP 1.0 link that failed due to a
|
||||
# recoverable error. (integer value)
|
||||
# Minimum value: 1
|
||||
#link_retry_delay = 10
|
||||
|
||||
# The maximum number of attempts to re-send a reply message which failed due to
|
||||
# a recoverable error. (integer value)
|
||||
# Minimum value: -1
|
||||
#default_reply_retry = 0
|
||||
|
||||
# The deadline for an rpc reply message delivery. (integer value)
|
||||
# Minimum value: 5
|
||||
#default_reply_timeout = 30
|
||||
|
||||
# The deadline for an rpc cast or call message delivery. Only used when caller
|
||||
# does not provide a timeout expiry. (integer value)
|
||||
# Minimum value: 5
|
||||
#default_send_timeout = 30
|
||||
|
||||
# The deadline for a sent notification message delivery. Only used when caller
|
||||
# does not provide a timeout expiry. (integer value)
|
||||
# Minimum value: 5
|
||||
#default_notify_timeout = 30
|
||||
|
||||
# The duration to schedule a purge of idle sender links. Detach link after
|
||||
# expiry. (integer value)
|
||||
# Minimum value: 1
|
||||
#default_sender_link_timeout = 600
|
||||
|
||||
# Indicates the addressing mode used by the driver.
|
||||
# Permitted values:
|
||||
# 'legacy' - use legacy non-routable addressing
|
||||
# 'routable' - use routable addresses
|
||||
# 'dynamic' - use legacy addresses if the message bus does not support routing
|
||||
# otherwise use routable addressing (string value)
|
||||
#addressing_mode = dynamic
|
||||
|
||||
# Enable virtual host support for those message buses that do not natively
|
||||
# support virtual hosting (such as qpidd). When set to true the virtual host
|
||||
# name will be added to all message bus addresses, effectively creating a
|
||||
# private 'subnet' per virtual host. Set to False if the message bus supports
|
||||
# virtual hosting using the 'hostname' field in the AMQP 1.0 Open performative
|
||||
# as the name of the virtual host. (boolean value)
|
||||
#pseudo_vhost = true
|
||||
|
||||
# address prefix used when sending to a specific server (string value)
|
||||
#server_request_prefix = exclusive
|
||||
|
||||
# address prefix used when broadcasting to all servers (string value)
|
||||
#broadcast_prefix = broadcast
|
||||
|
||||
# address prefix when sending to any server in group (string value)
|
||||
#group_request_prefix = unicast
|
||||
|
||||
# Address prefix for all generated RPC addresses (string value)
|
||||
#rpc_address_prefix = openstack.org/om/rpc
|
||||
|
||||
# Address prefix for all generated Notification addresses (string value)
|
||||
#notify_address_prefix = openstack.org/om/notify
|
||||
|
||||
# Appended to the address prefix when sending a fanout message. Used by the
|
||||
# message bus to identify fanout messages. (string value)
|
||||
#multicast_address = multicast
|
||||
|
||||
# Appended to the address prefix when sending to a particular RPC/Notification
|
||||
# server. Used by the message bus to identify messages sent to a single
|
||||
# destination. (string value)
|
||||
#unicast_address = unicast
|
||||
|
||||
# Appended to the address prefix when sending to a group of consumers. Used by
|
||||
# the message bus to identify messages that should be delivered in a round-robin
|
||||
# fashion across consumers. (string value)
|
||||
#anycast_address = anycast
|
||||
|
||||
# Exchange name used in notification addresses.
|
||||
# Exchange name resolution precedence:
|
||||
# Target.exchange if set
|
||||
# else default_notification_exchange if set
|
||||
# else control_exchange if set
|
||||
# else 'notify' (string value)
|
||||
#default_notification_exchange = <None>
|
||||
|
||||
# Exchange name used in RPC addresses.
|
||||
# Exchange name resolution precedence:
|
||||
# Target.exchange if set
|
||||
# else default_rpc_exchange if set
|
||||
# else control_exchange if set
|
||||
# else 'rpc' (string value)
|
||||
#default_rpc_exchange = <None>
|
||||
|
||||
# Window size for incoming RPC Reply messages. (integer value)
|
||||
# Minimum value: 1
|
||||
#reply_link_credit = 200
|
||||
|
||||
# Window size for incoming RPC Request messages (integer value)
|
||||
# Minimum value: 1
|
||||
#rpc_server_credit = 100
|
||||
|
||||
# Window size for incoming Notification messages (integer value)
|
||||
# Minimum value: 1
|
||||
#notify_server_credit = 100
|
||||
|
||||
# Send messages of this type pre-settled.
|
||||
# Pre-settled messages will not receive acknowledgement
|
||||
# from the peer. Note well: pre-settled messages may be
|
||||
# silently discarded if the delivery fails.
|
||||
# Permitted values:
|
||||
# 'rpc-call' - send RPC Calls pre-settled
|
||||
# 'rpc-reply'- send RPC Replies pre-settled
|
||||
# 'rpc-cast' - Send RPC Casts pre-settled
|
||||
# 'notify' - Send Notifications pre-settled
|
||||
# (multi valued)
|
||||
#pre_settled = rpc-cast
|
||||
#pre_settled = rpc-reply
|
||||
|
||||
|
||||
[oslo_messaging_kafka]
|
||||
|
||||
#
|
||||
@ -5665,12 +5544,18 @@
|
||||
# be raised. (boolean value)
|
||||
#ssl_enforce_fips_mode = false
|
||||
|
||||
# Run the health check heartbeat thread through a native python thread by
|
||||
# default. If this option is equal to False then the health check heartbeat will
|
||||
# inherit the execution model from the parent process. For example if the parent
|
||||
# process has monkey patched the stdlib by using eventlet/greenlet then the
|
||||
# heartbeat will be run through a green thread. This option should be set to
|
||||
# True only for the wsgi services. (boolean value)
|
||||
# DEPRECATED: (DEPRECATED) It is recommend not to use this option anymore. Run
|
||||
# the health check heartbeat thread through a native python thread by default.
|
||||
# If this option is equal to False then the health check heartbeat will inherit
|
||||
# the execution model from the parent process. For example if the parent process
|
||||
# has monkey patched the stdlib by using eventlet/greenlet then the heartbeat
|
||||
# will be run through a green thread. This option should be set to True only for
|
||||
# the wsgi services. (boolean value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: The option is related to Eventlet which will be removed. In addition
|
||||
# this has never worked as expected with services using eventlet for core
|
||||
# service framework.
|
||||
#heartbeat_in_pthread = false
|
||||
|
||||
# How long to wait (in seconds) before reconnecting in response to an AMQP
|
||||
@ -5764,7 +5649,12 @@
|
||||
# The parameter affects only reply and fanout queues. Setting 0 as value will
|
||||
# disable the x-expires. If doing so, make sure you have a rabbitmq policy to
|
||||
# delete the queues or you deployment will create an infinite number of queue
|
||||
# over time. (integer value)
|
||||
# over time.In case rabbit_stream_fanout is set to True, this option will
|
||||
# control data retention policy (x-max-age) for messages in the fanout queue
|
||||
# rather then the queue duration itself. So the oldest data in the stream queue
|
||||
# will be discarded from it once reaching TTL Setting to 0 will disable x-max-
|
||||
# age for stream which make stream grow indefinitely filling up the diskspace
|
||||
# (integer value)
|
||||
# Minimum value: 0
|
||||
#rabbit_transient_queues_ttl = 1800
|
||||
|
||||
@ -5807,7 +5697,11 @@
|
||||
#hostname = node1.example.com
|
||||
|
||||
# Process name used by queue manager (string value)
|
||||
#processname = oslo-config-generator
|
||||
#
|
||||
# This option has a sample default set, which means that
|
||||
# its actual default value may vary from the one documented
|
||||
# below.
|
||||
#processname = nova-api
|
||||
|
||||
# Use stream queues in RabbitMQ (x-queue-type: stream). Streams are a new
|
||||
# persistent and replicated data structure ("queue type") in RabbitMQ which
|
||||
@ -5834,12 +5728,17 @@
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# This option controls whether or not to enforce scope when evaluating policies.
|
||||
# If ``True``, the scope of the token used in the request is compared to the
|
||||
# ``scope_types`` of the policy being enforced. If the scopes do not match, an
|
||||
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
|
||||
# logged informing operators that policies are being invoked with mismatching
|
||||
# scope. (boolean value)
|
||||
# DEPRECATED: This option controls whether or not to enforce scope when
|
||||
# evaluating policies. If ``True``, the scope of the token used in the request
|
||||
# is compared to the ``scope_types`` of the policy being enforced. If the scopes
|
||||
# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
|
||||
# message will be logged informing operators that policies are being invoked
|
||||
# with mismatching scope. (boolean value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This configuration was added temporarily to facilitate a smooth
|
||||
# transition to the new RBAC. OpenStack will always enforce scope checks. This
|
||||
# configuration option is deprecated and will be removed in the 2025.2 cycle.
|
||||
#enforce_scope = true
|
||||
|
||||
# This option controls whether or not to use old deprecated defaults when
|
||||
@ -5887,6 +5786,10 @@
|
||||
# Absolute path client key file REST based policy check (string value)
|
||||
#remote_ssl_client_key_file = <None>
|
||||
|
||||
# Timeout in seconds for REST based policy check (floating point value)
|
||||
# Minimum value: 0
|
||||
#remote_timeout = 60
|
||||
|
||||
|
||||
[oslo_reports]
|
||||
|
||||
|
@ -1733,6 +1733,17 @@
|
||||
# (integer value)
|
||||
#s3_store_thread_pools = 10
|
||||
|
||||
#
|
||||
# The path to the CA cert bundle to use. The default value (an empty string)
|
||||
# forces the use of the default CA cert bundle used by botocore.
|
||||
#
|
||||
# Possible values:
|
||||
# * A path to the CA cert bundle to use
|
||||
# * An empty string to use the default CA cert bundle used by botocore
|
||||
#
|
||||
# (string value)
|
||||
#s3_store_cacert =
|
||||
|
||||
#
|
||||
# Set verification of the server certificate.
|
||||
#
|
||||
@ -2486,6 +2497,21 @@
|
||||
# as locks should use the same directory. (string value)
|
||||
#lock_path = <None>
|
||||
|
||||
# Number of attempts for the multipath device to be ready for I/O after it was
|
||||
# created. Readiness is checked with ``multipath -C``. See related
|
||||
# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
|
||||
# value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_attempts = 4
|
||||
|
||||
# Interval value to wait for multipath device to be ready for I/O. Max number of
|
||||
# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
|
||||
# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
|
||||
# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
|
||||
# is no wait before first attempt. Default value is 1. (integer value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_interval = 1
|
||||
|
||||
|
||||
[oslo_policy]
|
||||
|
||||
@ -2493,12 +2519,17 @@
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# This option controls whether or not to enforce scope when evaluating policies.
|
||||
# If ``True``, the scope of the token used in the request is compared to the
|
||||
# ``scope_types`` of the policy being enforced. If the scopes do not match, an
|
||||
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
|
||||
# logged informing operators that policies are being invoked with mismatching
|
||||
# scope. (boolean value)
|
||||
# DEPRECATED: This option controls whether or not to enforce scope when
|
||||
# evaluating policies. If ``True``, the scope of the token used in the request
|
||||
# is compared to the ``scope_types`` of the policy being enforced. If the scopes
|
||||
# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
|
||||
# message will be logged informing operators that policies are being invoked
|
||||
# with mismatching scope. (boolean value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This configuration was added temporarily to facilitate a smooth
|
||||
# transition to the new RBAC. OpenStack will always enforce scope checks. This
|
||||
# configuration option is deprecated and will be removed in the 2025.2 cycle.
|
||||
#enforce_scope = true
|
||||
|
||||
# This option controls whether or not to use old deprecated defaults when
|
||||
@ -2545,3 +2576,7 @@
|
||||
|
||||
# Absolute path client key file REST based policy check (string value)
|
||||
#remote_ssl_client_key_file = <None>
|
||||
|
||||
# Timeout in seconds for REST based policy check (floating point value)
|
||||
# Minimum value: 0
|
||||
#remote_timeout = 60
|
||||
|
@ -186,6 +186,14 @@
|
||||
# (string value)
|
||||
#slave_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the database.
|
||||
# (string value)
|
||||
#asyncio_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the slave
|
||||
# database. (string value)
|
||||
#asyncio_slave_connection = <None>
|
||||
|
||||
# The SQL mode to be used for MySQL sessions. This option, including the
|
||||
# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
|
||||
# the server configuration, set this to no value. Example: mysql_sql_mode=
|
||||
|
@ -790,6 +790,14 @@
|
||||
# (string value)
|
||||
#slave_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the database.
|
||||
# (string value)
|
||||
#asyncio_connection = <None>
|
||||
|
||||
# The SQLAlchemy asyncio connection string to use to connect to the slave
|
||||
# database. (string value)
|
||||
#asyncio_slave_connection = <None>
|
||||
|
||||
# The SQL mode to be used for MySQL sessions. This option, including the
|
||||
# default, overrides any server-set SQL mode. To use whatever SQL mode is set by
|
||||
# the server configuration, set this to no value. Example: mysql_sql_mode=
|
||||
@ -1823,6 +1831,17 @@
|
||||
# (integer value)
|
||||
#s3_store_thread_pools = 10
|
||||
|
||||
#
|
||||
# The path to the CA cert bundle to use. The default value (an empty string)
|
||||
# forces the use of the default CA cert bundle used by botocore.
|
||||
#
|
||||
# Possible values:
|
||||
# * A path to the CA cert bundle to use
|
||||
# * An empty string to use the default CA cert bundle used by botocore
|
||||
#
|
||||
# (string value)
|
||||
#s3_store_cacert =
|
||||
|
||||
#
|
||||
# Set verification of the server certificate.
|
||||
#
|
||||
@ -2576,6 +2595,21 @@
|
||||
# as locks should use the same directory. (string value)
|
||||
#lock_path = <None>
|
||||
|
||||
# Number of attempts for the multipath device to be ready for I/O after it was
|
||||
# created. Readiness is checked with ``multipath -C``. See related
|
||||
# ``wait_mpath_device_interval`` config option. Default value is 4. (integer
|
||||
# value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_attempts = 4
|
||||
|
||||
# Interval value to wait for multipath device to be ready for I/O. Max number of
|
||||
# attempts is set in ``wait_mpath_device_attempts``. Time in seconds to wait for
|
||||
# each retry is ``base ^ attempt * interval``, so for 4 attempts (1 attempt 3
|
||||
# retries) and 1 second interval will yield: 2, 4 and 8 seconds. Note that there
|
||||
# is no wait before first attempt. Default value is 1. (integer value)
|
||||
# Minimum value: 1
|
||||
#wait_mpath_device_interval = 1
|
||||
|
||||
|
||||
[oslo_concurrency]
|
||||
|
||||
@ -2599,12 +2633,17 @@
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# This option controls whether or not to enforce scope when evaluating policies.
|
||||
# If ``True``, the scope of the token used in the request is compared to the
|
||||
# ``scope_types`` of the policy being enforced. If the scopes do not match, an
|
||||
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
|
||||
# logged informing operators that policies are being invoked with mismatching
|
||||
# scope. (boolean value)
|
||||
# DEPRECATED: This option controls whether or not to enforce scope when
|
||||
# evaluating policies. If ``True``, the scope of the token used in the request
|
||||
# is compared to the ``scope_types`` of the policy being enforced. If the scopes
|
||||
# do not match, an ``InvalidScope`` exception will be raised. If ``False``, a
|
||||
# message will be logged informing operators that policies are being invoked
|
||||
# with mismatching scope. (boolean value)
|
||||
# This option is deprecated for removal.
|
||||
# Its value may be silently ignored in the future.
|
||||
# Reason: This configuration was added temporarily to facilitate a smooth
|
||||
# transition to the new RBAC. OpenStack will always enforce scope checks. This
|
||||
# configuration option is deprecated and will be removed in the 2025.2 cycle.
|
||||
#enforce_scope = true
|
||||
|
||||
# This option controls whether or not to use old deprecated defaults when
|
||||
@ -2651,3 +2690,7 @@
|
||||
|
||||
# Absolute path client key file REST based policy check (string value)
|
||||
#remote_ssl_client_key_file = <None>
|
||||
|
||||
# Timeout in seconds for REST based policy check (floating point value)
|
||||
# Minimum value: 0
|
||||
#remote_timeout = 60
|
||||
|
Loading…
x
Reference in New Issue
Block a user