Bug 947649 - [Docs] [Admin Guide] Update Documentation to list all possible actions that can be controlled by policy
Summary: [Docs] [Admin Guide] Update Documentation to list all possible actions that c...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 2.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: z1
: 7.0 (Kilo)
Assignee: Dan Macpherson
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-02 23:13 UTC by Graeme Gillies
Modified: 2017-08-31 05:27 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-31 05:27:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Graeme Gillies 2013-04-02 23:13:20 UTC 
At the moment the file

/etc/nova/policy.json

Does specify a decent default policy, and has a list of some of the categories that you can control via policy, but the list is not exhaustive.

The documentation should contain somewhere a definitive list of all possible options in the policy.json file that can be controlled via policy. This isn't just for nova, but for all components of openstack that have their own policy (glance, cinder, etc).
Comment 1 Alan Pevec 2013-04-03 12:03:26 UTC 
 From Eoghan:
> See this thread[1] on rhos-list for related info including a list
> of nova compute policies.

[1] https://www.redhat.com/archives/rhos-list/2013-March/msg00084.html


> The policy names are currently
> derived from function names on the nova.compute.api.API class (which are
> interpreted by a decorator responsible for enforcing the policy check).
Comment 2 Summer Long 2013-06-25 05:29:07 UTC 
Created the topic, #policy.json - Compute Parameters [19908]

Started work but now seeing that this will take longer than an 'easy fix'.
--There are rule differences between folsom and grizzly, and lots of bits just have no information. 
--The four services that use a policy.json file each need their own table (I thought about combining them, but believe this would be too confusing to the end user). Includes compute, image, block storage, and identity.
---There should be one how-to-configure topic which refers to the four tables.
Comment 3 Summer Long 2013-09-24 22:57:42 UTC 
Moving old install guide tasks over to you, Scott. thanks, Summer
Comment 7 Andrew Dahms 2015-07-21 01:09:48 UTC 
Assigning to Radek for review.

Radek - this is the policy bug we discussed, and will be a good candidate for us to review and close out after the OSP 7 GA.

Perhaps a good candidate for the Users and Identity guide?
Comment 8 Radek Bíba 2015-08-18 13:45:11 UTC 
I'm going to make changes to the docs that already mention the policy files; ie.:

https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/users-and-identity-management-guide#configure_role_access_control
https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/configuration-reference#policy-json-file
Comment 10 Andrew Dahms 2016-08-08 12:34:15 UTC 
Moving to the default assignee to be re-triaged as the schedule allows.
Comment 13 Lucy Bopf 2017-08-31 05:27:39 UTC 
I'm closing this bug.

We are now focusing our resources on RHOSP 12, and supporting 7 in a minimal maintenance capacity, in line with the life cycle policy.

If this RFE is applicable to more recent versions of RHOSP, and is still relevant, please raise a new bug.
Note You need to log in before you can comment on or make changes to this bug.