cpe-deployments/resources/nova.yaml

# default rules
# https://docs.openstack.org/nova/ussuri/configuration/policy.html

context_is_tenantLead: role:tenantLead

os_compute_api:os-admin-actions:reset_state: rule:context_is_tenantLead or rule:system_admin_api
os_compute_api:os-aggregates:index: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-aggregates:show: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-availability-zone:detail: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-extended-server-attributes: rule:context_is_tenantLead or rule:system_admin_api
os_compute_api:os-hosts: rule:context_is_tenantLead or rule:admin_api
os_compute_api:os-hypervisors:servers: rule:context_is_tenantLead or rule:system_reader_api
Update deployment for granularity * Add nova policy override for mimic * fine tuning of keystone override * segregate lma and landscape applications/relations * Add workaround for altname for interfaces * Update focal overlay to update and mimic * Add hosts file for addtion to local host 2022-11-01 20:51:17 +00:00			`# default rules`
			`# https://docs.openstack.org/nova/ussuri/configuration/policy.html`

			`context_is_tenantLead: role:tenantLead`
more fine tuning * Add the other hosts * Update keystone policy override to mimic default plus addition * nova policy extra line 2022-11-03 07:56:38 +00:00
Update deployment for granularity * Add nova policy override for mimic * fine tuning of keystone override * segregate lma and landscape applications/relations * Add workaround for altname for interfaces * Update focal overlay to update and mimic * Add hosts file for addtion to local host 2022-11-01 20:51:17 +00:00			`os_compute_api:os-admin-actions:reset_state: rule:context_is_tenantLead or rule:system_admin_api`
			`os_compute_api:os-aggregates:index: rule:context_is_tenantLead or rule:system_reader_api`
			`os_compute_api:os-aggregates:show: rule:context_is_tenantLead or rule:system_reader_api`
			`os_compute_api:os-availability-zone:detail: rule:context_is_tenantLead or rule:system_reader_api`
			`os_compute_api:os-extended-server-attributes: rule:context_is_tenantLead or rule:system_admin_api`
			`os_compute_api:os-hosts: rule:context_is_tenantLead or rule:admin_api`
			`os_compute_api:os-hypervisors:servers: rule:context_is_tenantLead or rule:system_reader_api`