summaryrefslogtreecommitdiff
path: root/etc/glance-scrubber.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/glance-scrubber.conf')
-rw-r--r--etc/glance-scrubber.conf51
1 files changed, 23 insertions, 28 deletions
diff --git a/etc/glance-scrubber.conf b/etc/glance-scrubber.conf
index a71cb2907..b2d80567f 100644
--- a/etc/glance-scrubber.conf
+++ b/etc/glance-scrubber.conf
@@ -429,32 +429,6 @@
# * [DEFAULT]/node_staging_uri (list value)
#enabled_import_methods = [glance-direct,web-download,copy-image]
-# DEPRECATED:
-# Enforce API access based on common persona definitions used across OpenStack.
-# Enabling this option formalizes project-specific read/write operations, like
-# creating private images or updating the status of shared image, behind the
-# `member` role. It also formalizes a read-only variant useful for
-# project-specific API operations, like listing private images in a project,
-# behind the `reader` role.
-#
-# Operators should take an opportunity to understand glance's new image
-# policies,
-# audit assignments in their deployment, and update permissions using the
-# default
-# roles in keystone (e.g., `admin`, `member`, and `reader`).
-#
-# Related options:
-# * [oslo_policy]/enforce_new_defaults
-# (boolean value)
-# This option is deprecated for removal since Wallaby.
-# Its value may be silently ignored in the future.
-# Reason:
-# This option has been introduced to require operators to opt into enforcing
-# authorization based on common RBAC personas, which is EXPERIMENTAL as of the
-# Wallaby release. This behavior will be the default and STABLE in a future
-# release, allowing this option to be removed.
-#enforce_secure_rbac = false
-
#
# The URL to this worker.
#
@@ -789,6 +763,11 @@
# (string value)
#mysql_sql_mode = TRADITIONAL
+# For Galera only, configure wsrep_sync_wait causality checks on new
+# connections. Default is None, meaning don't configure any setting. (integer
+# value)
+#mysql_wsrep_sync_wait = <None>
+
# DEPRECATED: If True, transparently enables support for handling MySQL Cluster
# (NDB). (boolean value)
# This option is deprecated for removal since 12.1.0.
@@ -1655,6 +1634,22 @@
#s3_store_host = <None>
#
+# The S3 region name.
+#
+# This parameter will set the region_name used by boto.
+# If this parameter is not set, we we will try to compute it from the
+# s3_store_host.
+#
+# Possible values:
+# * A valid region name
+#
+# Related Options:
+# * s3_store_host
+#
+# (string value)
+#s3_store_region_name =
+
+#
# The S3 query token access key.
#
# This configuration option takes the access key for authenticating with the
@@ -2581,7 +2576,7 @@
# ``InvalidScope`` exception will be raised. If ``False``, a message will be
# logged informing operators that policies are being invoked with mismatching
# scope. (boolean value)
-#enforce_scope = false
+#enforce_scope = true
# This option controls whether or not to use old deprecated defaults when
# evaluating policies. If ``True``, the old deprecated defaults are not going to
@@ -2592,7 +2587,7 @@
# deprecated policy check string is logically OR'd with the new policy check
# string, allowing for a graceful upgrade experience between releases with new
# policies, which is the default behavior. (boolean value)
-#enforce_new_defaults = false
+#enforce_new_defaults = true
# The relative or absolute path of a file that maps roles to permissions for a
# given service. Relative paths must be specified in relation to the
View Lorry Controller Status