summaryrefslogtreecommitdiff
path: root/etc/glance-cache.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/glance-cache.conf')
-rw-r--r--etc/glance-cache.conf46
1 files changed, 18 insertions, 28 deletions
diff --git a/etc/glance-cache.conf b/etc/glance-cache.conf
index 9aeabff98..62c90638d 100644
--- a/etc/glance-cache.conf
+++ b/etc/glance-cache.conf
@@ -429,32 +429,6 @@
# * [DEFAULT]/node_staging_uri (list value)
#enabled_import_methods = [glance-direct,web-download,copy-image]
-# DEPRECATED:
-# Enforce API access based on common persona definitions used across OpenStack.
-# Enabling this option formalizes project-specific read/write operations, like
-# creating private images or updating the status of shared image, behind the
-# `member` role. It also formalizes a read-only variant useful for
-# project-specific API operations, like listing private images in a project,
-# behind the `reader` role.
-#
-# Operators should take an opportunity to understand glance's new image
-# policies,
-# audit assignments in their deployment, and update permissions using the
-# default
-# roles in keystone (e.g., `admin`, `member`, and `reader`).
-#
-# Related options:
-# * [oslo_policy]/enforce_new_defaults
-# (boolean value)
-# This option is deprecated for removal since Wallaby.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option has been introduced to require operators to opt into enforcing
-# authorization based on common RBAC personas, which is EXPERIMENTAL as of the
-# Wallaby release. This behavior will be the default and STABLE in a future
-# release, allowing this option to be removed.
-#enforce_secure_rbac = false
-
#
# The URL to this worker.
#
@@ -1558,6 +1532,22 @@
#s3_store_host = <None>
#
+# The S3 region name.
+#
+# This parameter will set the region_name used by boto.
+# If this parameter is not set, we we will try to compute it from the
+# s3_store_host.
+#
+# Possible values:
+# * A valid region name
+#
+# Related Options:
+# * s3_store_host
+#
+# (string value)
+#s3_store_region_name =
+
+#
# The S3 query token access key.
#
# This configuration option takes the access key for authenticating with the
@@ -2468,7 +2458,7 @@
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
# logged informing operators that policies are being invoked with mismatching
# scope. (boolean value)
-#enforce_scope = false
+#enforce_scope = true
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
@@ -2479,7 +2469,7 @@
# deprecated policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases with new
# policies, which is the default behavior. (boolean value)
-#enforce_new_defaults = false
+#enforce_new_defaults = true
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
View Lorry Controller Status