Atom feed of this document
  
 

 Image property protection

There are currently two types of properties in the Image Service: "core properties," which are defined by the system, and "additional properties," which are arbitrary key/value pairs that can be set on an image.

Any such property can be protected through configuration. When you put protections on a property, it limits the users who can perform CRUD operations on the property based on their user role. The use case is to enable the cloud provider to maintain extra properties on images. Typically this would be performed by an administrator who has access to protected properties, managed in the policy.json file. The extra property could be licensing information or billing information, for example.

Properties that don't have protections defined for them will act as they do now: the administrator can control core properties, with the image owner having control over additional properties.

Property protection can be set in /etc/glance/property-protections.conf, using roles found in policy.json.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...