File: policy-sample-defaults-changed-b5eea1daeb305251.yaml

package info (click to toggle)
nova 2:14.0.0-4+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 33,804 kB
  • sloc: python: 315,557; sh: 1,317; xml: 1,184; pascal: 1,168; makefile: 126; sql: 43
file content (16 lines) | stat: -rw-r--r-- 693 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
---
other:

  - The default API policy shipped with Nova contained many policies set to
    ""(allow all) which was not the proper default for many of those checks. It
    was also a source of confusion as some people thought "" meant to use the
    default rule. These empty policies have been updated to be explicit in all
    cases.

    Many of them were changed to match the default rule of "admin_or_owner"
    which is a more restrictive policy check but does not change the
    restrictiveness of the API calls overall because there are similar checks
    in the database already.

    This does not affect any existing deployment, just the default policy used
    by new deployments.