Add a Warning to Policy Enhanced Documentation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Pedro Monteiro Azevedo de Moura Almeida |
Bug Description
Brief Description
-----------------
There should be a warning on RBAC Enhanced Policies to let the user the overrides should be applied together, and using them separately may cause issues.
Severity
--------
Minor
Description
--------
The documentation about the RBAC Enhanced Policies (https:/
https:/
--------
Perhaps it would make sense to do something like:
About this task
The standard OpenStack RBAC roles and policies can be enhanced by updating policy configuration in individual OpenStack Services’ Helm charts. StarlingX provides an optional set of updated policy configurations for Nova, Neutron, Glance, Cinder, Keystone and Horizon services that introduce two new roles (‘project_admin’ and ‘project_readonly’) and modify the capabilities of the default ‘member’ role. A high-level summary of the new roles’ capabilities and the modified ‘default’ role capabilities are in the following table; a detailed description is provided at end of page.
>> It's important that all the overrides files get applied, some of the rules present in a policy from one service might depend on other services to work (e.g. nova commands might depend on glance/
description: | updated |
description: | updated |
description: | updated |
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
Changed in starlingx: | |
assignee: | nobody → Pedro Monteiro Azevedo de Moura Almeida (pmonteir) |
tags: | added: stx.distro.openstack |
Reviewed: https:/ /review. opendev. org/c/starlingx /openstack- armada- app/+/820038 /opendev. org/starlingx/ openstack- armada- app/commit/ 7b18c0ecbbd5583 5dd3225e0f46a89 32627f0312
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 7b18c0ecbbd5583 5dd3225e0f46a89 32627f0312
Author: Pedro Almeida <email address hidden>
Date: Wed Dec 1 11:47:01 2021 -0300
Update on enhanced-policies README
This is a small update to include a message to
warn that these overrides should not be used
separately.
Also including the --reuse-values parameter.
This makes sure that it keeps the current
configuration, adding the new override values.
Closes-Bug: #1953056 a3e4246a2061920 18b927f2c5a
Signed-off-by: Pedro Almeida <email address hidden>
Change-Id: I0e3595d4bc9839