At the moment the file /etc/nova/policy.json Does specify a decent default policy, and has a list of some of the categories that you can control via policy, but the list is not exhaustive. The documentation should contain somewhere a definitive list of all possible options in the policy.json file that can be controlled via policy. This isn't just for nova, but for all components of openstack that have their own policy (glance, cinder, etc).
From Eoghan: > See this thread[1] on rhos-list for related info including a list > of nova compute policies. [1] https://www.redhat.com/archives/rhos-list/2013-March/msg00084.html > The policy names are currently > derived from function names on the nova.compute.api.API class (which are > interpreted by a decorator responsible for enforcing the policy check).
Created the topic, #policy.json - Compute Parameters [19908] Started work but now seeing that this will take longer than an 'easy fix'. --There are rule differences between folsom and grizzly, and lots of bits just have no information. --The four services that use a policy.json file each need their own table (I thought about combining them, but believe this would be too confusing to the end user). Includes compute, image, block storage, and identity. ---There should be one how-to-configure topic which refers to the four tables.
Moving old install guide tasks over to you, Scott. thanks, Summer
Assigning to Radek for review. Radek - this is the policy bug we discussed, and will be a good candidate for us to review and close out after the OSP 7 GA. Perhaps a good candidate for the Users and Identity guide?
I'm going to make changes to the docs that already mention the policy files; ie.: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/users-and-identity-management-guide#configure_role_access_control https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/configuration-reference#policy-json-file
Moving to the default assignee to be re-triaged as the schedule allows.
I'm closing this bug. We are now focusing our resources on RHOSP 12, and supporting 7 in a minimal maintenance capacity, in line with the life cycle policy. If this RFE is applicable to more recent versions of RHOSP, and is still relevant, please raise a new bug.