Merge "Remove 'create_rule_default'"
This commit is contained in:
commit
be20530146
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-admin-actions:%s'
|
|||
|
||||
|
||||
admin_actions_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'reset_state',
|
||||
base.RULE_ADMIN_API,
|
||||
"Reset the state of a given server",
|
||||
|
@ -30,7 +32,7 @@ admin_actions_policies = [
|
|||
'path': '/servers/{server_id}/action (os-resetState)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'inject_network_info',
|
||||
base.RULE_ADMIN_API,
|
||||
"Inject network information into the server",
|
||||
|
@ -40,7 +42,7 @@ admin_actions_policies = [
|
|||
'path': '/servers/{server_id}/action (injectNetworkInfo)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'reset_network',
|
||||
base.RULE_ADMIN_API,
|
||||
"Reset networking on a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-admin-password'
|
|||
|
||||
|
||||
admin_password_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Change the administrative password for a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-agents'
|
|||
|
||||
|
||||
agents_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Create, list, update, and delete guest agent builds
|
||||
|
@ -28,10 +30,24 @@ agents_policies = [
|
|||
This is XenAPI driver specific. It is used to force the upgrade of the
|
||||
XenAPI guest agent on instance boot.
|
||||
""",
|
||||
[{'path': '/os-agents', 'method': 'GET'},
|
||||
{'path': '/os-agents', 'method': 'POST'},
|
||||
{'path': '/os-agents/{agent_build_id}', 'method': 'PUT'},
|
||||
{'path': '/os-agents/{agent_build_id}', 'method': 'DELETE'}]),
|
||||
[
|
||||
{
|
||||
'path': '/os-agents',
|
||||
'method': 'GET'
|
||||
},
|
||||
{
|
||||
'path': '/os-agents',
|
||||
'method': 'POST'
|
||||
},
|
||||
{
|
||||
'path': '/os-agents/{agent_build_id}',
|
||||
'method': 'PUT'
|
||||
},
|
||||
{
|
||||
'path': '/os-agents/{agent_build_id}',
|
||||
'method': 'DELETE'
|
||||
}
|
||||
]),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-aggregates:%s'
|
|||
|
||||
|
||||
aggregates_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'set_metadata',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create or replace metadata for an aggregate",
|
||||
|
@ -30,7 +32,7 @@ aggregates_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'add_host',
|
||||
base.RULE_ADMIN_API,
|
||||
"Add a host to an aggregate.",
|
||||
|
@ -40,7 +42,7 @@ aggregates_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create an aggregate",
|
||||
|
@ -50,7 +52,7 @@ aggregates_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'remove_host',
|
||||
base.RULE_ADMIN_API,
|
||||
"Remove a host from an aggregate",
|
||||
|
@ -60,7 +62,7 @@ aggregates_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
"Update name and/or availability zone for an aggregate",
|
||||
|
@ -70,7 +72,7 @@ aggregates_policies = [
|
|||
'method': 'PUT'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_API,
|
||||
"List all aggregates",
|
||||
|
@ -80,7 +82,7 @@ aggregates_policies = [
|
|||
'method': 'GET'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete an aggregate",
|
||||
|
@ -90,7 +92,7 @@ aggregates_policies = [
|
|||
'method': 'DELETE'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_API,
|
||||
"Show details for an aggregate.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-assisted-volume-snapshots:%s'
|
|||
|
||||
|
||||
assisted_volume_snapshots_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create an assisted volume snapshot",
|
||||
|
@ -30,7 +32,7 @@ assisted_volume_snapshots_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete an assisted volume snapshot",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s'
|
|||
|
||||
|
||||
attach_interfaces_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List port interfaces or show details of a port \
|
||||
|
@ -36,7 +38,7 @@ interface attached to a server",
|
|||
'path': '/servers/{server_id}/os-interface/{port_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Attach an interface to a server',
|
||||
|
@ -46,7 +48,7 @@ interface attached to a server",
|
|||
'path': '/servers/{server_id}/os-interface'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Detach an interface from a server',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-availability-zone:%s'
|
|||
|
||||
|
||||
availability_zone_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'list',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Lists availability zone information without host information",
|
||||
|
@ -30,7 +32,7 @@ availability_zone_policies = [
|
|||
'path': 'os-availability-zone'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'detail',
|
||||
base.RULE_ADMIN_API,
|
||||
"Lists detailed availability zone information with host information",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-baremetal-nodes'
|
|||
|
||||
|
||||
baremetal_nodes_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""List and show details of bare metal nodes.
|
||||
|
|
|
@ -28,11 +28,5 @@ rules = [
|
|||
]
|
||||
|
||||
|
||||
# TODO(johngarbutt) we can remove this now
|
||||
def create_rule_default(name, check_str, description, operations):
|
||||
return policy.DocumentedRuleDefault(name, check_str,
|
||||
description, operations)
|
||||
|
||||
|
||||
def list_rules():
|
||||
return rules
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-cells:%s'
|
|||
|
||||
|
||||
cells_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
'Update an existing cell',
|
||||
|
@ -31,7 +33,7 @@ cells_policies = [
|
|||
'path': '/os-cells/{cell_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
'Create a new cell',
|
||||
|
@ -41,7 +43,7 @@ cells_policies = [
|
|||
'path': '/os-cells'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
'List and get detailed info of a given cell or all cells',
|
||||
|
@ -67,7 +69,7 @@ cells_policies = [
|
|||
'path': '/os-cells/{cell_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'sync_instances',
|
||||
base.RULE_ADMIN_API,
|
||||
'Sync instances info in all cells',
|
||||
|
@ -77,7 +79,7 @@ cells_policies = [
|
|||
'path': '/os-cells/sync_instances'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
'Remove a cell',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-config-drive'
|
|||
|
||||
|
||||
config_drive_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Add 'config_drive' attribute in the server response.""",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-auth-tokens'
|
|||
|
||||
|
||||
console_auth_tokens_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
'Show console connection information for a given console \
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-output'
|
|||
|
||||
|
||||
console_output_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Show console output for a server',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-consoles:%s'
|
|||
|
||||
|
||||
consoles_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Create a console for a server instance',
|
||||
|
@ -30,7 +32,7 @@ consoles_policies = [
|
|||
'path': '/servers/{server_id}/consoles'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Show console details for a server instance',
|
||||
|
@ -40,7 +42,7 @@ consoles_policies = [
|
|||
'path': '/servers/{server_id}/consoles/{console_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Delete a console for a server instance',
|
||||
|
@ -50,7 +52,7 @@ consoles_policies = [
|
|||
'path': '/servers/{server_id}/consoles/{console_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'List all consoles for a server instance',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-create-backup'
|
|||
|
||||
|
||||
create_backup_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Create a back up of a server',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete'
|
|||
|
||||
|
||||
deferred_delete_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Restore a soft deleted server or force delete a server before \
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-evacuate'
|
|||
|
||||
|
||||
evacuate_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Evacuate a server from a failed host to a new host",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-availability-zone'
|
|||
|
||||
|
||||
extended_availability_zone_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Add `OS-EXT-AZ:availability_zone` into the server response.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-server-attributes'
|
|||
|
||||
|
||||
extended_server_attributes_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Return extended attributes for server.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-status'
|
|||
|
||||
|
||||
extended_status_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Return extended status in the response of server.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-volumes'
|
|||
|
||||
|
||||
extended_volumes_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Return 'os-extended-volumes:volumes_attached' in the response of "
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:extensions'
|
|||
|
||||
|
||||
extensions_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Lists available extensions and shows information for an extension "
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-fixed-ips'
|
|||
|
||||
|
||||
fixed_ips_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Shows details for, reserve and unreserve a fixed IP address.
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -22,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s'
|
|||
|
||||
|
||||
flavor_access_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'add_tenant_access',
|
||||
base.RULE_ADMIN_API,
|
||||
"Add flavor access to a tenant",
|
||||
|
@ -32,7 +34,7 @@ flavor_access_policies = [
|
|||
'path': '/flavors/{flavor_id}/action (addTenantAccess)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'remove_tenant_access',
|
||||
base.RULE_ADMIN_API,
|
||||
"Remove flavor access from a tenant",
|
||||
|
@ -42,7 +44,7 @@ flavor_access_policies = [
|
|||
'path': '/flavors/{flavor_id}/action (removeTenantAccess)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Allow the listing of flavor access information
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-extra-specs:%s'
|
|||
|
||||
|
||||
flavor_extra_specs_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show an extra spec for a flavor",
|
||||
|
@ -32,7 +34,7 @@ flavor_extra_specs_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create extra specs for a flavor",
|
||||
|
@ -43,7 +45,7 @@ flavor_extra_specs_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
"Update an extra spec for a flavor",
|
||||
|
@ -55,7 +57,7 @@ flavor_extra_specs_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete an extra spec for a flavor",
|
||||
|
@ -67,7 +69,7 @@ flavor_extra_specs_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List extra specs for a flavor",
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage'
|
|||
|
||||
|
||||
flavor_manage_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Create and delete Flavors",
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx'
|
|||
|
||||
|
||||
flavor_rxtx_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Adds the rxtx_factor key into some Flavor APIs",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-floating-ip-dns:%s'
|
|||
|
||||
|
||||
floating_ip_dns_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""List registered DNS domains, and CRUD actions on domain names.
|
||||
|
@ -49,7 +51,7 @@ Note this only works with nova-network and this API is deprecated.""",
|
|||
'path': '/os-floating-ip-dns/{domain}/entries/{name}'
|
||||
},
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'domain:update',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create or update a DNS domain.",
|
||||
|
@ -59,7 +61,7 @@ Note this only works with nova-network and this API is deprecated.""",
|
|||
'path': '/os-floating-ip-dns/{domain}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'domain:delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete a DNS domain.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools'
|
|||
|
||||
|
||||
floating_ip_pools_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List floating IP pools. This API is deprecated.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips'
|
|||
|
||||
|
||||
floating_ips_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Manage a project's floating IPs. These APIs are all deprecated.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips-bulk'
|
|||
|
||||
|
||||
floating_ips_bulk_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Bulk-create, delete, and list floating IPs. API is deprecated.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-fping:%s'
|
|||
|
||||
|
||||
fping_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'all_tenants',
|
||||
base.RULE_ADMIN_API,
|
||||
"""Pings instances for all projects and reports which instances
|
||||
|
@ -35,7 +37,7 @@ which itself is deprecated.""",
|
|||
'path': '/os-fping?all_tenants=true'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Pings instances, particular instance and reports which instances
|
||||
|
|
|
@ -13,13 +13,13 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from nova.policies import base
|
||||
from oslo_policy import policy
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses'
|
||||
|
||||
|
||||
hide_server_addresses_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
'is_admin:False',
|
||||
"""Hide server's 'addresses' key in the server response.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hosts'
|
|||
|
||||
|
||||
hosts_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""List, Show and Manage physical hosts.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hypervisors'
|
|||
|
||||
|
||||
hypervisors_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Policy rule for hypervisor related APIs.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:image-size'
|
|||
|
||||
|
||||
image_size_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.""",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-instance-actions:%s'
|
|||
|
||||
|
||||
instance_actions_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'events',
|
||||
base.RULE_ADMIN_API,
|
||||
"""Add events details in action details for a server.
|
||||
|
@ -34,7 +36,7 @@ os_compute_api:os-instance-actions passes""",
|
|||
'path': '/servers/{server_id}/os-instance-actions/{request_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""List actions and show action details for a server.""",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log'
|
|||
|
||||
|
||||
instance_usage_audit_log_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists all usage audits and that occurred before a specified time
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:ips:%s'
|
|||
|
||||
|
||||
ips_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Shows IP addresses details for a network label of a server.""",
|
||||
|
@ -30,7 +32,7 @@ ips_policies = [
|
|||
'path': '/servers/{server_id}/ips/{network_label}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Lists IP addresses that are assigned to a server.""",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-keypairs:%s'
|
|||
|
||||
|
||||
keypairs_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
'rule:admin_api or user_id:%(user_id)s',
|
||||
"List all keypairs",
|
||||
|
@ -31,7 +33,7 @@ keypairs_policies = [
|
|||
'method': 'GET'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
'rule:admin_api or user_id:%(user_id)s',
|
||||
"Create a keypair",
|
||||
|
@ -41,7 +43,7 @@ keypairs_policies = [
|
|||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
'rule:admin_api or user_id:%(user_id)s',
|
||||
"Delete a keypair",
|
||||
|
@ -51,7 +53,7 @@ keypairs_policies = [
|
|||
'method': 'DELETE'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
'rule:admin_api or user_id:%(user_id)s',
|
||||
"Show details of a keypair",
|
||||
|
@ -61,7 +63,7 @@ keypairs_policies = [
|
|||
'method': 'GET'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Return 'key_name' in the response of server.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:limits'
|
|||
|
||||
|
||||
limits_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Shows rate and absolute limits for the project.""",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-lock-server:%s'
|
|||
|
||||
|
||||
lock_server_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'lock',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Lock a server",
|
||||
|
@ -31,7 +33,7 @@ lock_server_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unlock',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Unlock a server",
|
||||
|
@ -42,7 +44,7 @@ lock_server_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unlock:unlock_override',
|
||||
base.RULE_ADMIN_API,
|
||||
"""Unlock a server, regardless who locked the server.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrate-server:%s'
|
|||
|
||||
|
||||
migrate_server_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'migrate',
|
||||
base.RULE_ADMIN_API,
|
||||
"Cold migrate a server to a host",
|
||||
|
@ -30,7 +32,7 @@ migrate_server_policies = [
|
|||
'path': '/servers/{server_id}/action (migrate)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'migrate_live',
|
||||
base.RULE_ADMIN_API,
|
||||
"Live migrate a server to a new host without a reboot",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrations:%s'
|
|||
|
||||
|
||||
migrations_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_API,
|
||||
"List migrations",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-multinic'
|
|||
|
||||
|
||||
multinic_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Adds or Removes a fixed IP address from a server.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-networks:%s'
|
|||
|
||||
|
||||
networks_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Create and delete a network, add and disassociate a network
|
||||
|
@ -46,7 +48,7 @@ These APIs are only available with nova-network which is deprecated.""",
|
|||
'path': '/os-networks/{network_id}/action (disassociate)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'view',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""List networks for the project and show details for a network.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-networks-associate'
|
|||
|
||||
|
||||
networks_associate_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Associates and Disassociates a network from a host or project.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-pause-server:%s'
|
|||
|
||||
|
||||
pause_server_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'pause',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Pause a server.",
|
||||
|
@ -31,7 +33,7 @@ pause_server_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unpause',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Unpause a paused server.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-class-sets:%s'
|
|||
|
||||
|
||||
quota_class_sets_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
'is_admin:True or quota_class:%(quota_class)s',
|
||||
"List quotas for specific quota classs",
|
||||
|
@ -30,7 +32,7 @@ quota_class_sets_policies = [
|
|||
'path': '/os-quota-class-sets/{quota_class}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
'Update quotas for specific quota class',
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-sets:%s'
|
|||
|
||||
|
||||
quota_sets_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
"Update the quotas",
|
||||
|
@ -30,7 +32,7 @@ quota_sets_policies = [
|
|||
'path': '/os-quota-sets/{tenant_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'defaults',
|
||||
base.RULE_ANY,
|
||||
"List default quotas",
|
||||
|
@ -40,7 +42,7 @@ quota_sets_policies = [
|
|||
'path': '/os-quota-sets/{tenant_id}/defaults'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show a quota",
|
||||
|
@ -50,7 +52,7 @@ quota_sets_policies = [
|
|||
'path': '/os-quota-sets/{tenant_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Revert quotas to defaults",
|
||||
|
@ -60,7 +62,7 @@ quota_sets_policies = [
|
|||
'path': '/os-quota-sets/{tenant_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'detail',
|
||||
base.RULE_ADMIN_API,
|
||||
"Show the detail of quota",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-remote-consoles'
|
|||
|
||||
|
||||
remote_consoles_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Generates a URL to access remove server console",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-rescue'
|
|||
|
||||
|
||||
rescue_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Rescue/unrescue a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules'
|
|||
|
||||
|
||||
security_group_default_rules_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists, shows information for, creates and deletes default security
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-groups'
|
|||
|
||||
|
||||
security_groups_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""This policy checks permission on security groups related APIs.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-diagnostics'
|
|||
|
||||
|
||||
server_diagnostics_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Shows the usage data for a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-external-events:%s'
|
|||
|
||||
|
||||
server_external_events_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
"Creates one or more external events",
|
||||
|
|
|
@ -29,7 +29,7 @@ server_groups_policies = [
|
|||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='Deprecated in Pike and will be removed in next release'),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
BASE_POLICY_RULE,
|
||||
"Create a new server group",
|
||||
|
@ -40,7 +40,7 @@ server_groups_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
BASE_POLICY_RULE,
|
||||
"Delete a server group",
|
||||
|
@ -51,7 +51,7 @@ server_groups_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
BASE_POLICY_RULE,
|
||||
"List all server groups",
|
||||
|
@ -62,7 +62,7 @@ server_groups_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
BASE_POLICY_RULE,
|
||||
"Show details of a server group",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:server-metadata:%s'
|
|||
|
||||
|
||||
server_metadata_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List all metadata of a server",
|
||||
|
@ -31,7 +33,7 @@ server_metadata_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show metadata for a server",
|
||||
|
@ -42,7 +44,7 @@ server_metadata_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Create metadata for a server",
|
||||
|
@ -53,7 +55,7 @@ server_metadata_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update_all',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Replace metadata for a server",
|
||||
|
@ -64,7 +66,7 @@ server_metadata_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Update metadata from a server",
|
||||
|
@ -75,7 +77,7 @@ server_metadata_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Delete metadata from a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-password'
|
|||
|
||||
|
||||
server_password_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show and clear the encrypted administrative password of a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-tags:%s'
|
|||
|
||||
|
||||
server_tags_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete_all',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Delete all the server tags",
|
||||
|
@ -30,7 +32,7 @@ server_tags_policies = [
|
|||
'path': '/servers/{server_id}/tags'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List all tags for given server",
|
||||
|
@ -40,7 +42,7 @@ server_tags_policies = [
|
|||
'path': '/servers/{server_id}/tags'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update_all',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Replace all tags on specified server with the new set of tags.",
|
||||
|
@ -51,7 +53,7 @@ server_tags_policies = [
|
|||
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Delete a single tag from the specified server",
|
||||
|
@ -62,7 +64,7 @@ server_tags_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Add a single tag to the server if server has no specified tag",
|
||||
|
@ -73,7 +75,7 @@ server_tags_policies = [
|
|||
}
|
||||
]
|
||||
),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Check tag existence on the server.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-usage'
|
|||
|
||||
|
||||
server_usage_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Add 'OS-SRV-USG:launched_at' & 'OS-SRV-USG:terminated_at' attribute
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -18,7 +20,7 @@ RULE_AOO = base.RULE_ADMIN_OR_OWNER
|
|||
SERVERS = 'os_compute_api:servers:%s'
|
||||
|
||||
rules = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'index',
|
||||
RULE_AOO,
|
||||
"List all servers",
|
||||
|
@ -28,7 +30,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'detail',
|
||||
RULE_AOO,
|
||||
"List all servers with detailed information",
|
||||
|
@ -38,7 +40,7 @@ rules = [
|
|||
'path': '/servers/detail'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'index:get_all_tenants',
|
||||
base.RULE_ADMIN_API,
|
||||
"List all servers for all projects",
|
||||
|
@ -48,7 +50,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'detail:get_all_tenants',
|
||||
base.RULE_ADMIN_API,
|
||||
"List all servers with detailed information for all projects",
|
||||
|
@ -58,7 +60,7 @@ rules = [
|
|||
'path': '/servers/detail'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'show',
|
||||
RULE_AOO,
|
||||
"Show a server",
|
||||
|
@ -70,7 +72,7 @@ rules = [
|
|||
]),
|
||||
# the details in host_status are pretty sensitive, only admins
|
||||
# should do that by default.
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'show:host_status',
|
||||
base.RULE_ADMIN_API,
|
||||
"Show a server with additional host status information",
|
||||
|
@ -84,7 +86,7 @@ rules = [
|
|||
'path': '/servers/detail'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create',
|
||||
RULE_AOO,
|
||||
"Create a server",
|
||||
|
@ -94,7 +96,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create:forced_host',
|
||||
base.RULE_ADMIN_API,
|
||||
"Create a server on the specified host",
|
||||
|
@ -104,7 +106,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create:attach_volume',
|
||||
RULE_AOO,
|
||||
"Create a server with the requested volume attached to it",
|
||||
|
@ -114,7 +116,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create:attach_network',
|
||||
RULE_AOO,
|
||||
"Create a server with the requested network attached to it",
|
||||
|
@ -124,7 +126,7 @@ rules = [
|
|||
'path': '/servers'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'delete',
|
||||
RULE_AOO,
|
||||
"Delete a server",
|
||||
|
@ -134,7 +136,7 @@ rules = [
|
|||
'path': '/servers/{server_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'update',
|
||||
RULE_AOO,
|
||||
"Update a server",
|
||||
|
@ -144,7 +146,7 @@ rules = [
|
|||
'path': '/servers/{server_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'confirm_resize',
|
||||
RULE_AOO,
|
||||
"Confirm a server resize",
|
||||
|
@ -154,7 +156,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (confirmResize)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'revert_resize',
|
||||
RULE_AOO,
|
||||
"Revert a server resize",
|
||||
|
@ -164,7 +166,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (revertResize)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'reboot',
|
||||
RULE_AOO,
|
||||
"Reboot a server",
|
||||
|
@ -174,7 +176,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (reboot)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'resize',
|
||||
RULE_AOO,
|
||||
"Resize a server",
|
||||
|
@ -184,7 +186,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (resize)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'rebuild',
|
||||
RULE_AOO,
|
||||
"Rebuild a server",
|
||||
|
@ -194,7 +196,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (rebuild)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create_image',
|
||||
RULE_AOO,
|
||||
"Create an image from a server",
|
||||
|
@ -204,7 +206,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (createImage)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'create_image:allow_volume_backed',
|
||||
RULE_AOO,
|
||||
"Create an image from a volume backed server",
|
||||
|
@ -214,7 +216,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (createImage)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'start',
|
||||
RULE_AOO,
|
||||
"Start a server",
|
||||
|
@ -224,7 +226,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (os-start)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'stop',
|
||||
RULE_AOO,
|
||||
"Stop a server",
|
||||
|
@ -234,7 +236,7 @@ rules = [
|
|||
'path': '/servers/{server_id}/action (os-stop)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
SERVERS % 'trigger_crash_dump',
|
||||
RULE_AOO,
|
||||
"Trigger crash dump in a server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:servers:migrations:%s'
|
|||
|
||||
|
||||
servers_migrations_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_API,
|
||||
"Show details for an in-progress live migration for a given server",
|
||||
|
@ -30,7 +32,7 @@ servers_migrations_policies = [
|
|||
'path': '/servers/{server_id}/migrations/{migration_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'force_complete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Force an in-progress live migration for a given server to complete",
|
||||
|
@ -41,7 +43,7 @@ servers_migrations_policies = [
|
|||
'/action (force_complete)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_API,
|
||||
"Delete(Abort) an in-progress live migration",
|
||||
|
@ -51,7 +53,7 @@ servers_migrations_policies = [
|
|||
'path': '/servers/{server_id}/migrations/{migration_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_API,
|
||||
"Lists in-progress live migrations for a given server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-services'
|
|||
|
||||
|
||||
services_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists all running Compute services in a region, enables \
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-shelve:%s'
|
|||
|
||||
|
||||
shelve_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'shelve',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Shelve Server",
|
||||
|
@ -30,7 +32,7 @@ shelve_policies = [
|
|||
'path': '/servers/{server_id}/action (shelve)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unshelve',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Unshelve (Restore) Shelved Server",
|
||||
|
@ -40,7 +42,7 @@ shelve_policies = [
|
|||
'path': '/servers/{server_id}/action (unshelve)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'shelve_offload',
|
||||
base.RULE_ADMIN_API,
|
||||
"Shelf-Offload (Remove) Server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-simple-tenant-usage:%s'
|
|||
|
||||
|
||||
simple_tenant_usage_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show usage statistics for a specific tenant.",
|
||||
|
@ -30,7 +32,7 @@ simple_tenant_usage_policies = [
|
|||
'path': '/os-simple-tenant-usage/{tenant_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'list',
|
||||
base.RULE_ADMIN_API,
|
||||
"List per tenant usage statistics for all tenants.",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-suspend-server:%s'
|
|||
|
||||
|
||||
suspend_server_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'resume',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Resume suspended server",
|
||||
|
@ -30,7 +32,7 @@ suspend_server_policies = [
|
|||
'path': '/servers/{server_id}/action (resume)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'suspend',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Suspend server",
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-tenant-networks'
|
|||
|
||||
|
||||
tenant_networks_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Creates, lists, shows information for, and deletes
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -22,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-used-limits'
|
|||
used_limits_policies = [
|
||||
# TODO(aunnam): Remove this rule after we separate the scope check from
|
||||
# policies, as this is only checking the scope.
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Shows rate and absolute limits for the project.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-virtual-interfaces'
|
|||
|
||||
|
||||
virtual_interfaces_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""List Virtual Interfaces.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-volumes'
|
|||
|
||||
|
||||
volumes_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Manages volumes for use with the Compute API.
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
|
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-volumes-attachments:%s'
|
|||
|
||||
|
||||
volumes_attachments_policies = [
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List volume attachments for an instance",
|
||||
|
@ -29,7 +31,7 @@ volumes_attachments_policies = [
|
|||
'path': '/servers/{server_id}/os-volume_attachments'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Attach a volume to an instance",
|
||||
|
@ -39,7 +41,7 @@ volumes_attachments_policies = [
|
|||
'path': '/servers/{server_id}/os-volume_attachments'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show details of a volume attachment",
|
||||
|
@ -50,7 +52,7 @@ volumes_attachments_policies = [
|
|||
'/servers/{server_id}/os-volume_attachments/{attachment_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'update',
|
||||
base.RULE_ADMIN_API,
|
||||
"Update a volume attachment",
|
||||
|
@ -61,7 +63,7 @@ volumes_attachments_policies = [
|
|||
'/servers/{server_id}/os-volume_attachments/{attachment_id}'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Detach a volume from an instance",
|
||||
|
|
Loading…
Reference in New Issue