This commit uses the existing policy-in-code module to move all
default policies for magnum service and stat into code. This commit
also adds helpful documentation about each API those policies protect,
which will be generated in sample policy files and completely remove
usage of policy.json file.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I01a8ce964bf8bd569d4aa4e899cbcd9855281835
This commit uses the existing policy-in-code module to move all
default policies for certificates into code. This commit also adds
helpful documentation about each API those policies protect,
which will be generated in sample policy files.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I1abc75441d7984497739194a273d8bda63f832a0
This commit uses the existing policy-in-code module to move all
default policies for quotas into code. This commit also adds
helpful documentation about each API those policies protect,
which will be generated in sample policy files.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I2fbd7577545ed08dee10064d321e8c6941324b5d
This commit uses the existing policy-in-code module to move all
default policies for cluster templates into code. This commit also adds
helpful documentation about each API those policies protect,
which will be generated in sample policy files.
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
Change-Id: I9a8176ea20e3c925441473d1d84db3a73edca7a5
This commit uses the existing policy-in-code module to move all
default policies for clusters into code. This commit also adds
helpful documetation about each API those policies protect,
which will be generated in sample policy files.
Change-Id: I36e69fe930505c2777f4376be1f6ddf17016998f
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This commit uses the existing policy-in-code module to move all
default policies for baymodels into code. This commit also adds
helpful documetation about each API those policies protect, which
will be generated in sample policy files.
Change-Id: Ia4409ff712d0e64985d9565e11671b33c8ac9ddf
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This commit uses the existing policy-in-code module to move all
default policies for bays into code. This commit also adds helpful
documetation about each API those policies protect, which will be
generated in sample policy files.
Change-Id: I4221ed56146ed952781f5f38bc4344d8a0d07881
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This change prepares the magnum project to start implementing
policies in code. Subsequent patches will register more magnum
policies in code and remove the corresponding entry from the
policy file maintained in source.
This is part of a community effort to provide better user
experience for those having to maintain RBAC policy. More
information on this effort can be found below:
https://governance.openstack.org/tc/goals/queens/policy-in-code.html
Change-Id: I0e2b34067ea1e4d5868df544a9f65ae3f1944c43
Co-authored-By: Dai Dang-Van <daidv@vn.fujitsu.com>
Implements: blueprint policy-in-code
This change introduces a new /stats REST endpoint that
provide the following basic information;
1) Total number of clusters and nodes for the given tenant.
2) Total number of clusters and nodes across all the tenants.
Follow-up patches include more stats.
Change-Id: Iac0bf9343549de31654545d5b1fd7601e56142a7
Partially Implements blueprint magnum-stats-api
rename bay to cluster, baymodel to clustertemplate,
i think it is better to add policy rule to fack_policy.py.
certificate and magnum-service need be added, too.
Change-Id: I3bbfc01547c512f990e2ea15f2c2dac149eec5dc
Magnum have removed the k8s rc apis, but have not removed it from
policy.json. The patch (https://review.openstack.org/#/c/384064/)
remove rc from etc/magnum/policy.json.
And we should remove rc from tests/fake_policy.py.
Change-Id: Ia98e1637f2e3a5919be3784322a55005970d4da8
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the container object, drop the db table and remove references to
the container object. The docker_conductor has also been removed as this
was used for managing containers using Magnum objects.
Change-Id: I288fa7a9717519b1ae8195820975676d99b4d6d2
Partially-Implements: blueprint delete-container-endpoint
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the service object, drop the db table and remove references to
the service object.
Change-Id: I4f06bb779caa0ad369a2b96b4714e1bf2db8acc6
Partially-Implements: blueprint delete-container-endpoint
Following on from removing the k8s specific APIs in
I1f6f04a35dfbb39f217487fea104ded035b75569 the objects associated with
these APIs need removal.
Remove the pod object, drop the db table and remove references to the
pod object.
Change-Id: I8c2499ccb97aae39d80868ce02fbef292d762c10
Partially-Implements: blueprint delete-container-endpoint
The node object represents either a bare metal or virtual machine
node that is provisioned with an OS to run the containers, or
alternatively, run kubernetes. Magnum use Heat to deploy the nodes,
so it is unnecessary to maintain node object in Magnum. Heat can do
the work for us. The code about node object is useless now, so let's
remove it from Magnum.
Closes-Bug: #1540790
Change-Id: If8761b06a364127683099afb4dc51ea551be6f89
Magnum API's magnum_service:get_all is enforced by admin_api.
Modifying the rule to use context_is_admin. Also changing the to_dict()
call to include change in roles.
Change-Id: I44dda27857945dfd3ad43fa28ea458ce2966388c
Closes-Bug: #1503402
The code is copied from ironic. Ironic has no policy in Juno
, so it need the code to test. But it is not needed in magnum.
Change-Id: Ib066d953993b92c7c96d661cfcb7f2d3ef888659
Closes-Bug: #1482023