Merge "Deprecate show_multiple_locations option"

2016-08-30 18:22:04 +00:00 · 2016-08-30 18:22:04 +00:00 · 797a12361f
commit 797a12361f
parent a3ef4b466a dbfc121072
2 changed files with 36 additions and 1 deletions
--- a/glance/common/config.py
+++ b/glance/common/config.py
@ -159,7 +159,16 @@ Related options:
                       'in image properties. Revealing storage location can '
                       'be a security risk, so use this setting with '
                       'caution!')),
-    cfg.BoolOpt('show_multiple_locations', default=False,
+    # NOTE(flaper87): The policy.json file should be updated and the locaiton
    # related rules set to admin only once this option is finally removed.
    cfg.BoolOpt('show_multiple_locations',
                default=False, deprecated_for_removal=True,
                deprecated_reason=_('This option will be removed in the Ocata '
                                    'release because the same functionality '
                                    'can be achieved with greater granularity '
                                    'by using policies. Please see the Newton '
                                    'release notes for more information.'),
                deprecated_since='Newton',
                help=_('Whether to include the backend image locations '
                       'in image properties. '
                       'For example, if using the file system store a URL of '
--- a/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
+++ b/releasenotes/notes/deprecate-show-multiple-location-9890a1e961def2f6.yaml
@ -0,0 +1,26 @@
 ---
 prelude: >
    Deprecate the ``show_multiple_locations`` configuration
    option in favor of the existing Role Based Access
    Control (RBAC) for Image locations which uses
    ``policy.json`` file to define the appropriate rules.
    Maintaining two different ways to configure, enable
    and/or disable a feature is painful for developers and
    operators, so the less granular means of controlling
    this feature will be eliminated in the **Ocata**
    release. Please read upgrade section for more details.
 upgrade:
  - For the Newton release, this option will still be
    honored. However, it is important to update
    ``policy.json`` file for glance-api nodes. In
    particular, please consider updating the policies
    ``delete_image_location``, ``get_image_location`` and
    ``set_image_location`` as per your requirements. As this
    is an advanced option and prone to expose some risks,
    please check the policies to ensure security and privacy
    of your cloud.
  - Future releases will ignore this option and just
    follow the policy rules. It is recommended that this
    option is disabled for public endpoints and is being
    only used internally for service-to-service
    communication.