Configuration Options¶

oslo.policy uses oslo.config to define and manage configuration options to allow the deployer to control where the policy files are located and the default rule to apply when policy etc.

enforce_scope¶

Type:	boolean
Default:	false

This option controls whether or not to enforce scope when evaluating policies. If True, the scope of the token used in the request is compared to the scope_types of the policy being enforced. If the scopes do not match, an InvalidScope exception will be raised. If False, a message will be logged informing operators that policies are being invoked with mismatching scope.

policy_file¶

Type:	string
Default:	policy.json

The file that defines policies.

Deprecated Variations¶

Group	Name
DEFAULT	policy_file

policy_default_rule¶

Type:	string
Default:	default

Default rule. Enforced when a requested rule is not found.

Deprecated Variations¶

Group	Name
DEFAULT	policy_default_rule

policy_dirs¶

Type:	multi-valued
Default:	policy.d

Directories where policy configuration files are stored. They can be relative to any directory in the search path defined by the config_dir option, or absolute paths. The file defined by policy_file must exist for these directories to be searched. Missing or empty directories are ignored.

Deprecated Variations¶

Group	Name
DEFAULT	policy_dirs

remote_content_type¶

Type:	string
Default:	application/x-www-form-urlencoded
Valid Values:	application/x-www-form-urlencoded, application/json

Content Type to send and receive data for REST based policy check

remote_ssl_verify_server_crt¶

Type:	boolean
Default:	false

server identity verification for REST based policy check

remote_ssl_ca_crt_file¶

Type:	string
Default:	<None>

Absolute path to ca cert file for REST based policy check

remote_ssl_client_crt_file¶

Type:	string
Default:	<None>

Absolute path to client cert for REST based policy check

remote_ssl_client_key_file¶

Type:	string
Default:	<None>

Absolute path client key file REST based policy check