diff options
Diffstat (limited to 'etc/glance-cache.conf')
-rw-r--r-- | etc/glance-cache.conf | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/etc/glance-cache.conf b/etc/glance-cache.conf index 9aeabff98..62c90638d 100644 --- a/etc/glance-cache.conf +++ b/etc/glance-cache.conf @@ -429,32 +429,6 @@ # * [DEFAULT]/node_staging_uri (list value) #enabled_import_methods = [glance-direct,web-download,copy-image] -# DEPRECATED: -# Enforce API access based on common persona definitions used across OpenStack. -# Enabling this option formalizes project-specific read/write operations, like -# creating private images or updating the status of shared image, behind the -# `member` role. It also formalizes a read-only variant useful for -# project-specific API operations, like listing private images in a project, -# behind the `reader` role. -# -# Operators should take an opportunity to understand glance's new image -# policies, -# audit assignments in their deployment, and update permissions using the -# default -# roles in keystone (e.g., `admin`, `member`, and `reader`). -# -# Related options: -# * [oslo_policy]/enforce_new_defaults -# (boolean value) -# This option is deprecated for removal since Wallaby. -# Its value may be silently ignored in the future. -# Reason: -# This option has been introduced to require operators to opt into enforcing -# authorization based on common RBAC personas, which is EXPERIMENTAL as of the -# Wallaby release. This behavior will be the default and STABLE in a future -# release, allowing this option to be removed. -#enforce_secure_rbac = false - # # The URL to this worker. # @@ -1558,6 +1532,22 @@ #s3_store_host = <None> # +# The S3 region name. +# +# This parameter will set the region_name used by boto. +# If this parameter is not set, we we will try to compute it from the +# s3_store_host. +# +# Possible values: +# * A valid region name +# +# Related Options: +# * s3_store_host +# +# (string value) +#s3_store_region_name = + +# # The S3 query token access key. # # This configuration option takes the access key for authenticating with the @@ -2468,7 +2458,7 @@ # ``InvalidScope`` exception will be raised. If ``False``, a message will be # logged informing operators that policies are being invoked with mismatching # scope. (boolean value) -#enforce_scope = false +#enforce_scope = true # This option controls whether or not to use old deprecated defaults when # evaluating policies. If ``True``, the old deprecated defaults are not going to @@ -2479,7 +2469,7 @@ # deprecated policy check string is logically OR'd with the new policy check # string, allowing for a graceful upgrade experience between releases with new # policies, which is the default behavior. (boolean value) -#enforce_new_defaults = false +#enforce_new_defaults = true # The relative or absolute path of a file that maps roles to permissions for a # given service. Relative paths must be specified in relation to the |