From 5d38069f66c8b35fec23374620ba1ce1138fc46c Mon Sep 17 00:00:00 2001 From: Lance Bragstad Date: Mon, 18 Mar 2019 21:10:19 +0000 Subject: [PATCH] Remove additional policy configuration details from policy doc This is removing additional details that were originally reviewed in: I263b2f72037a588623958baccacf78fb6a6be05d The policy and docs in code work that nova completed in Newton. Change-Id: I66105fa90036db50249b62fc34442b667a5ee1db --- doc/source/reference/policy-enforcement.rst | 25 --------------------- 1 file changed, 25 deletions(-) diff --git a/doc/source/reference/policy-enforcement.rst b/doc/source/reference/policy-enforcement.rst index db384be34854..5502bf72d14d 100644 --- a/doc/source/reference/policy-enforcement.rst +++ b/doc/source/reference/policy-enforcement.rst @@ -112,31 +112,6 @@ This will affect EC2 API and V2.1 API. For EC2 API, it need deployer update their policy config. For V2.1 API, there isn't any user yet, so there won't any effect. - -Group the policy rules into different policy files -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -After group the policy rules for different API, we can separate them into -different files. Then deployer will more clear for which rule he can set for -specific API. The rules can be grouped as below: - -* policy.json: It only contains the generic rule, like: :: - - "context_is_admin": "role:admin", - "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner", - -* policy.d/00-ec2-api.conf: It contains all the policy rules for EC2 API. - -* policy.d/00-v2-api.conf: It contains all the policy rules for nova V2 API. - -* policy.d/00-v2.1-api.conf: It contains all the policy rules for nova v2.1 - API. - -The prefix '00-' is used to order the configure file. All the files in -policy.d will be loaded by alphabetical order. '00-' means those files will -be loaded very early. - Existed Nova API being restricted ---------------------------------