Merge "Add enforce_scope setting support for Cinder"
This commit is contained in:
commit
015622115e
11
lib/cinder
11
lib/cinder
@ -144,6 +144,12 @@ CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
|
|||||||
# enable the cache for all cinder backends.
|
# enable the cache for all cinder backends.
|
||||||
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
|
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
|
||||||
|
|
||||||
|
# Flag to set the oslo_policy.enforce_scope. This is used to switch
|
||||||
|
# the Volume API policies to start checking the scope of token. by default,
|
||||||
|
# this flag is False.
|
||||||
|
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
|
||||||
|
CINDER_ENFORCE_SCOPE=$(trueorfalse False CINDER_ENFORCE_SCOPE)
|
||||||
|
|
||||||
# Functions
|
# Functions
|
||||||
# ---------
|
# ---------
|
||||||
|
|
||||||
@ -347,6 +353,11 @@ function configure_cinder {
|
|||||||
elif is_service_enabled etcd3; then
|
elif is_service_enabled etcd3; then
|
||||||
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
|
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$CINDER_ENFORCE_SCOPE" == True ]] ; then
|
||||||
|
iniset $CINDER_CONF oslo_policy enforce_scope true
|
||||||
|
iniset $CINDER_CONF oslo_policy enforce_new_defaults true
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# create_cinder_accounts() - Set up common required cinder accounts
|
# create_cinder_accounts() - Set up common required cinder accounts
|
||||||
|
@ -607,6 +607,8 @@ function configure_tempest {
|
|||||||
iniset $TEMPEST_CONFIG auth admin_project_name ''
|
iniset $TEMPEST_CONFIG auth admin_project_name ''
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
|
||||||
|
|
||||||
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
|
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
|
||||||
# libvirt-lxc does not support boot from volume or attaching volumes
|
# libvirt-lxc does not support boot from volume or attaching volumes
|
||||||
# so basically anything with cinder is out of the question.
|
# so basically anything with cinder is out of the question.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user