3.2.5. oslo_policy

enforce_scope = False

boolean value

This option controls whether or not to enforce scope when evaluating policies. If True, the scope of the token used in the request is compared to the scope_types of the policy being enforced. If the scopes do not match, an InvalidScope exception will be raised. If False, a message will be logged informing operators that policies are being invoked with mismatching scope.

policy_default_rule = default

string value

Default rule. Enforced when a requested rule is not found.

policy_dirs = ['policy.d']

multi valued

Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

policy_file = policy.json

string value

The relative or absolute path of a file that maps roles to permissions for a given service. Relative paths must be specified in relation to the configuration file setting this option.

remote_content_type = application/x-www-form-urlencoded

string value

Content Type to send and receive data for REST based policy check

remote_ssl_ca_crt_file = None

string value

Absolute path to ca cert file for REST based policy check

remote_ssl_client_crt_file = None

string value

Absolute path to client cert for REST based policy check

remote_ssl_client_key_file = None

string value

Absolute path client key file REST based policy check

remote_ssl_verify_server_crt = False

boolean value

server identity verification for REST based policy check