Add property protection configuration
Allows to configure property protection according to https://docs.openstack.org/glance/latest/admin/property-protections.html Change-Id: I9b4c0985969a4945ce8a1058206376b0347fbb27
This commit is contained in:
parent
f375f499c0
commit
e8de2a5f0b
|
@ -392,3 +392,20 @@ glance_pki_install_certificates:
|
||||||
# Define user-provided SSL certificates
|
# Define user-provided SSL certificates
|
||||||
# glance_user_ssl_cert: <path to cert on ansible deployment host>
|
# glance_user_ssl_cert: <path to cert on ansible deployment host>
|
||||||
# glance_user_ssl_key: <path to cert on ansible deployment host>
|
# glance_user_ssl_key: <path to cert on ansible deployment host>
|
||||||
|
|
||||||
|
# Glance property protection
|
||||||
|
glance_property_protection_file: "property-protection.conf"
|
||||||
|
glance_property_protection_rule_format: roles
|
||||||
|
# Expected dict structure example:
|
||||||
|
# glance_property_protection_file_overrides:
|
||||||
|
# protected_property1:
|
||||||
|
# create: admin,member
|
||||||
|
# read: admin,member,reader
|
||||||
|
# update: admin
|
||||||
|
# delete: admin
|
||||||
|
# .*:
|
||||||
|
# create: admin,member
|
||||||
|
# read: admin,member,reader
|
||||||
|
# update: admin,member
|
||||||
|
# delete: admin,member
|
||||||
|
glance_property_protection_file_overrides: {}
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added property protection configuration, managed with new variables:
|
||||||
|
``glance_property_protection_file_overrides`` (should be configured
|
||||||
|
for a configuration to run, look in Default variables for an example),
|
||||||
|
``glance_property_protection_rule_format``, ``glance_property_protection_file``.
|
|
@ -77,6 +77,21 @@
|
||||||
tags:
|
tags:
|
||||||
- glance-policy-override
|
- glance-policy-override
|
||||||
|
|
||||||
|
- name: Implement property protection
|
||||||
|
openstack.config_template.config_template:
|
||||||
|
dest: "{{ glance_etc_dir }}/{{ glance_property_protection_file }}"
|
||||||
|
config_type: "ini"
|
||||||
|
owner: "root"
|
||||||
|
group: "{{ glance_system_group_name }}"
|
||||||
|
mode: "0640"
|
||||||
|
config_overrides: "{{ glance_property_protection_file_overrides }}"
|
||||||
|
when: glance_property_protection_file_overrides | length > 0
|
||||||
|
tags:
|
||||||
|
- glance-property-protection
|
||||||
|
notify:
|
||||||
|
- Restart glance services
|
||||||
|
- Restart uwsgi services
|
||||||
|
|
||||||
- name: Deploy Glance image import configuration file
|
- name: Deploy Glance image import configuration file
|
||||||
template:
|
template:
|
||||||
src: "{{ glance_glance_image_import_conf_location }}"
|
src: "{{ glance_glance_image_import_conf_location }}"
|
||||||
|
|
|
@ -29,6 +29,10 @@ show_multiple_locations = {{ glance_show_multiple_locations }}
|
||||||
|
|
||||||
enabled_backends = {% for backend in glance_available_stores %}{{ backend['name'] }}:{{ backend['type'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
enabled_backends = {% for backend in glance_available_stores %}{{ backend['name'] }}:{{ backend['type'] }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
{% if glance_property_protection_file_overrides | length > 0 %}
|
||||||
|
property_protection_file = {{ glance_property_protection_file }}
|
||||||
|
property_protection_rule_format = {{ glance_property_protection_rule_format }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
[task]
|
[task]
|
||||||
task_executor = {{ glance_task_executor }}
|
task_executor = {{ glance_task_executor }}
|
||||||
|
|
Loading…
Reference in New Issue