Merge "Add enforce_scope setting support for Glance"
This commit is contained in:
commit
a5ed116814
12
lib/glance
12
lib/glance
@ -86,6 +86,12 @@ GLANCE_TASKS_DIR=${GLANCE_MULTISTORE_FILE_IMAGE_DIR:=$DATA_DIR/os_glance_tasks_s
|
|||||||
GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
|
GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
|
||||||
GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
|
GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
|
||||||
|
|
||||||
|
# Flag to set the oslo_policy.enforce_scope. This is used to switch
|
||||||
|
# the Image API policies to start checking the scope of token. By Default,
|
||||||
|
# this flag is False.
|
||||||
|
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
|
||||||
|
GLANCE_ENFORCE_SCOPE=$(trueorfalse False GLANCE_ENFORCE_SCOPE)
|
||||||
|
|
||||||
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
|
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
|
||||||
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
|
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
|
||||||
GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
|
GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
|
||||||
@ -417,6 +423,12 @@ function configure_glance {
|
|||||||
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
|
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
|
||||||
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
|
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$GLANCE_ENFORCE_SCOPE" == True ]] ; then
|
||||||
|
iniset $GLANCE_API_CONF oslo_policy enforce_scope true
|
||||||
|
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
|
||||||
|
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# create_glance_accounts() - Set up common required glance accounts
|
# create_glance_accounts() - Set up common required glance accounts
|
||||||
|
@ -606,6 +606,7 @@ function configure_tempest {
|
|||||||
iniset $TEMPEST_CONFIG auth admin_system 'all'
|
iniset $TEMPEST_CONFIG auth admin_system 'all'
|
||||||
iniset $TEMPEST_CONFIG auth admin_project_name ''
|
iniset $TEMPEST_CONFIG auth admin_project_name ''
|
||||||
fi
|
fi
|
||||||
|
iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
|
||||||
|
|
||||||
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
|
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user