e4aac82b07
A standard pre-release patch, looking for any obsolete text to remove, and references to newly unsupported releases to remove. Feel free to update the patch if you find other things. Review request: this patch touches many files in a small way. Please try and focus on the small changes, and not the rest of the file ... since many of them do need an edit ;) Change-Id: I383c51acf149bb6553ddfd33cad382f5dd15fe62
27 lines
1.4 KiB
XML
27 lines
1.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
|
xml:id="glance-property-protection">
|
|
<title>Image property protection</title>
|
|
<para>There are currently two types of properties in the Image
|
|
Service: "core properties," which are defined by the system, and
|
|
"additional properties," which are arbitrary key/value pairs that
|
|
can be set on an image.</para>
|
|
<para>Any such property can be protected
|
|
through configuration. When you put protections on a property, it
|
|
limits the users who can perform CRUD operations on the property
|
|
based on their user role. The use case is to enable the cloud
|
|
provider to maintain extra properties on images. Typically this
|
|
would be performed by an administrator who has access to protected
|
|
properties, managed in the <filename>policy.json</filename> file.
|
|
The extra property could be licensing information or billing information,
|
|
for example.</para>
|
|
<para>Properties that don't have protections defined for them will
|
|
act as they do now: the administrator can control core properties,
|
|
with the image owner having control over additional properties.</para>
|
|
<para>Property protection can be set in
|
|
<filename>/etc/glance/property-protections.conf</filename>, using
|
|
roles found in <filename>policy.json</filename>.</para>
|
|
</section>
|