On 2/23/2017 3:20 PM, David Medberry wrote:
and the 'nova-policy' command was introduced at the same time....
finally found the right release notes:
ref: https://docs.openstack.org/releasenotes/nova/newton.html
The nova-policy command line is implemented as a tool to experience the
under-development feature policy discovery. User can input the
credentials infomation and the instance info, the tool will return a
list of API which can be allowed to invoke. There isn’t any contract for
the interface of the tool due to the feature still under-development.
and
The API policy defaults are now defined in code like configuration
options. Because of this, the sample policy.json file that is shipped
with Nova is empty and should only be necessary if you want to override
the API policy from the defaults in the code. To generate the policy
file you can run:
oslopolicy-sample-generator --config-file=etc/nova/nova-policy-generator.conf
Yeah this happened in Newton, here is the spec [1].
The default policy is built into the docs [2] (note that is the policy
from current master).
The various policy specs John Garbutt is proposing, which we talked
about at the PTG, are linked here [3].
[1]
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/policy-in-code.html
[2] https://docs.openstack.org/developer/nova/sample_policy.html
[3] https://etherpad.openstack.org/p/pike-ptg-keystone-policy
--
Thanks,
Matt Riedemann
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
