openstack
/
nova
Code Issues Proposed changes

Merge "Remove 'create_rule_default'"

This commit is contained in:
Jenkins 2017-07-15 04:25:15 +00:00 committed by Gerrit Code Review
parent 2b4c0f54ac 145b3cc7f0
commit be20530146
72 changed files with 318 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nova/policies/admin_actions.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-admin-actions:%s'
admin_actions_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'reset_state',
base.RULE_ADMIN_API,
"Reset the state of a given server",
@ -30,7 +32,7 @@ admin_actions_policies = [
'path': '/servers/{server_id}/action (os-resetState)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'inject_network_info',
base.RULE_ADMIN_API,
"Inject network information into the server",
@ -40,7 +42,7 @@ admin_actions_policies = [
'path': '/servers/{server_id}/action (injectNetworkInfo)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'reset_network',
base.RULE_ADMIN_API,
"Reset networking on a server",

4
nova/policies/admin_password.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-admin-password'
admin_password_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Change the administrative password for a server",

26
nova/policies/agents.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-agents'
agents_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Create, list, update, and delete guest agent builds
@ -28,10 +30,24 @@ agents_policies = [
This is XenAPI driver specific. It is used to force the upgrade of the
XenAPI guest agent on instance boot.
""",
[{'path': '/os-agents', 'method': 'GET'},
{'path': '/os-agents', 'method': 'POST'},
{'path': '/os-agents/{agent_build_id}', 'method': 'PUT'},
{'path': '/os-agents/{agent_build_id}', 'method': 'DELETE'}]),
[
{
'path': '/os-agents',
'method': 'GET'
},
{
'path': '/os-agents',
'method': 'POST'
},
{
'path': '/os-agents/{agent_build_id}',
'method': 'PUT'
},
{
'path': '/os-agents/{agent_build_id}',
'method': 'DELETE'
}
]),
]

18
nova/policies/aggregates.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-aggregates:%s'
aggregates_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'set_metadata',
base.RULE_ADMIN_API,
"Create or replace metadata for an aggregate",
@ -30,7 +32,7 @@ aggregates_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'add_host',
base.RULE_ADMIN_API,
"Add a host to an aggregate.",
@ -40,7 +42,7 @@ aggregates_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_API,
"Create an aggregate",
@ -50,7 +52,7 @@ aggregates_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'remove_host',
base.RULE_ADMIN_API,
"Remove a host from an aggregate",
@ -60,7 +62,7 @@ aggregates_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
"Update name and/or availability zone for an aggregate",
@ -70,7 +72,7 @@ aggregates_policies = [
'method': 'PUT'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_API,
"List all aggregates",
@ -80,7 +82,7 @@ aggregates_policies = [
'method': 'GET'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
"Delete an aggregate",
@ -90,7 +92,7 @@ aggregates_policies = [
'method': 'DELETE'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_API,
"Show details for an aggregate.",

6
nova/policies/assisted_volume_snapshots.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-assisted-volume-snapshots:%s'
assisted_volume_snapshots_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_API,
"Create an assisted volume snapshot",
@ -30,7 +32,7 @@ assisted_volume_snapshots_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
"Delete an assisted volume snapshot",

8
nova/policies/attach_interfaces.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s'
attach_interfaces_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"List port interfaces or show details of a port \
@ -36,7 +38,7 @@ interface attached to a server",
'path': '/servers/{server_id}/os-interface/{port_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_OR_OWNER,
'Attach an interface to a server',
@ -46,7 +48,7 @@ interface attached to a server",
'path': '/servers/{server_id}/os-interface'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_OR_OWNER,
'Detach an interface from a server',

6
nova/policies/availability_zone.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-availability-zone:%s'
availability_zone_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'list',
base.RULE_ADMIN_OR_OWNER,
"Lists availability zone information without host information",
@ -30,7 +32,7 @@ availability_zone_policies = [
'path': 'os-availability-zone'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'detail',
base.RULE_ADMIN_API,
"Lists detailed availability zone information with host information",

4
nova/policies/baremetal_nodes.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-baremetal-nodes'
baremetal_nodes_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""List and show details of bare metal nodes.

6
nova/policies/base.py
View File

@ -28,11 +28,5 @@ rules = [
]
# TODO(johngarbutt) we can remove this now
def create_rule_default(name, check_str, description, operations):
return policy.DocumentedRuleDefault(name, check_str,
description, operations)
def list_rules():
return rules

12
nova/policies/cells.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-cells:%s'
cells_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
'Update an existing cell',
@ -31,7 +33,7 @@ cells_policies = [
'path': '/os-cells/{cell_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_API,
'Create a new cell',
@ -41,7 +43,7 @@ cells_policies = [
'path': '/os-cells'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
'List and get detailed info of a given cell or all cells',
@ -67,7 +69,7 @@ cells_policies = [
'path': '/os-cells/{cell_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'sync_instances',
base.RULE_ADMIN_API,
'Sync instances info in all cells',
@ -77,7 +79,7 @@ cells_policies = [
'path': '/os-cells/sync_instances'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
'Remove a cell',

4
nova/policies/config_drive.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-config-drive'
config_drive_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Add 'config_drive' attribute in the server response.""",

4
nova/policies/console_auth_tokens.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-auth-tokens'
console_auth_tokens_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
'Show console connection information for a given console \

4
nova/policies/console_output.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-output'
console_output_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
'Show console output for a server',

10
nova/policies/consoles.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-consoles:%s'
consoles_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_OR_OWNER,
'Create a console for a server instance',
@ -30,7 +32,7 @@ consoles_policies = [
'path': '/servers/{server_id}/consoles'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
'Show console details for a server instance',
@ -40,7 +42,7 @@ consoles_policies = [
'path': '/servers/{server_id}/consoles/{console_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_OR_OWNER,
'Delete a console for a server instance',
@ -50,7 +52,7 @@ consoles_policies = [
'path': '/servers/{server_id}/consoles/{console_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
'List all consoles for a server instance',

4
nova/policies/create_backup.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-create-backup'
create_backup_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
'Create a back up of a server',

4
nova/policies/deferred_delete.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete'
deferred_delete_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
'Restore a soft deleted server or force delete a server before \

4
nova/policies/evacuate.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-evacuate'
evacuate_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"Evacuate a server from a failed host to a new host",

4
nova/policies/extended_availability_zone.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-availability-zone'
extended_availability_zone_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Add `OS-EXT-AZ:availability_zone` into the server response.",

4
nova/policies/extended_server_attributes.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-server-attributes'
extended_server_attributes_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Return extended attributes for server.

4
nova/policies/extended_status.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-status'
extended_status_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Return extended status in the response of server.

4
nova/policies/extended_volumes.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-volumes'
extended_volumes_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Return 'os-extended-volumes:volumes_attached' in the response of "

4
nova/policies/extensions.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:extensions'
extensions_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Lists available extensions and shows information for an extension "

4
nova/policies/fixed_ips.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-fixed-ips'
fixed_ips_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Shows details for, reserve and unreserve a fixed IP address.

8
nova/policies/flavor_access.py
View File

@ -14,6 +14,8 @@
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -22,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s'
flavor_access_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'add_tenant_access',
base.RULE_ADMIN_API,
"Add flavor access to a tenant",
@ -32,7 +34,7 @@ flavor_access_policies = [
'path': '/flavors/{flavor_id}/action (addTenantAccess)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'remove_tenant_access',
base.RULE_ADMIN_API,
"Remove flavor access from a tenant",
@ -42,7 +44,7 @@ flavor_access_policies = [
'path': '/flavors/{flavor_id}/action (removeTenantAccess)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Allow the listing of flavor access information

12
nova/policies/flavor_extra_specs.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-extra-specs:%s'
flavor_extra_specs_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Show an extra spec for a flavor",
@ -32,7 +34,7 @@ flavor_extra_specs_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_API,
"Create extra specs for a flavor",
@ -43,7 +45,7 @@ flavor_extra_specs_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
"Update an extra spec for a flavor",
@ -55,7 +57,7 @@ flavor_extra_specs_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
"Delete an extra spec for a flavor",
@ -67,7 +69,7 @@ flavor_extra_specs_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
"List extra specs for a flavor",

4
nova/policies/flavor_manage.py
View File

@ -14,6 +14,8 @@
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage'
flavor_manage_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"Create and delete Flavors",

4
nova/policies/flavor_rxtx.py
View File

@ -14,6 +14,8 @@
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx'
flavor_rxtx_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Adds the rxtx_factor key into some Flavor APIs",

8
nova/policies/floating_ip_dns.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-floating-ip-dns:%s'
floating_ip_dns_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""List registered DNS domains, and CRUD actions on domain names.
@ -49,7 +51,7 @@ Note this only works with nova-network and this API is deprecated.""",
'path': '/os-floating-ip-dns/{domain}/entries/{name}'
},
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'domain:update',
base.RULE_ADMIN_API,
"Create or update a DNS domain.",
@ -59,7 +61,7 @@ Note this only works with nova-network and this API is deprecated.""",
'path': '/os-floating-ip-dns/{domain}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'domain:delete',
base.RULE_ADMIN_API,
"Delete a DNS domain.",

4
nova/policies/floating_ip_pools.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools'
floating_ip_pools_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"List floating IP pools. This API is deprecated.",

4
nova/policies/floating_ips.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips'
floating_ips_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Manage a project's floating IPs. These APIs are all deprecated.",

4
nova/policies/floating_ips_bulk.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips-bulk'
floating_ips_bulk_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"Bulk-create, delete, and list floating IPs. API is deprecated.",

6
nova/policies/fping.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-fping:%s'
fping_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'all_tenants',
base.RULE_ADMIN_API,
"""Pings instances for all projects and reports which instances
@ -35,7 +37,7 @@ which itself is deprecated.""",
'path': '/os-fping?all_tenants=true'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Pings instances, particular instance and reports which instances

4
nova/policies/hide_server_addresses.py
View File

@ -13,13 +13,13 @@
# License for the specific language governing permissions and limitations
# under the License.
from nova.policies import base
from oslo_policy import policy
BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses'
hide_server_addresses_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
'is_admin:False',
"""Hide server's 'addresses' key in the server response.

4
nova/policies/hosts.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hosts'
hosts_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""List, Show and Manage physical hosts.

4
nova/policies/hypervisors.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hypervisors'
hypervisors_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Policy rule for hypervisor related APIs.

4
nova/policies/image_size.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:image-size'
image_size_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.""",

6
nova/policies/instance_actions.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-instance-actions:%s'
instance_actions_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'events',
base.RULE_ADMIN_API,
"""Add events details in action details for a server.
@ -34,7 +36,7 @@ os_compute_api:os-instance-actions passes""",
'path': '/servers/{server_id}/os-instance-actions/{request_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""List actions and show action details for a server.""",

4
nova/policies/instance_usage_audit_log.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log'
instance_usage_audit_log_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Lists all usage audits and that occurred before a specified time

6
nova/policies/ips.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:ips:%s'
ips_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"""Shows IP addresses details for a network label of a server.""",
@ -30,7 +32,7 @@ ips_policies = [
'path': '/servers/{server_id}/ips/{network_label}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
"""Lists IP addresses that are assigned to a server.""",

12
nova/policies/keypairs.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-keypairs:%s'
keypairs_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
'rule:admin_api or user_id:%(user_id)s',
"List all keypairs",
@ -31,7 +33,7 @@ keypairs_policies = [
'method': 'GET'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
'rule:admin_api or user_id:%(user_id)s',
"Create a keypair",
@ -41,7 +43,7 @@ keypairs_policies = [
'method': 'POST'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
'rule:admin_api or user_id:%(user_id)s',
"Delete a keypair",
@ -51,7 +53,7 @@ keypairs_policies = [
'method': 'DELETE'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
'rule:admin_api or user_id:%(user_id)s',
"Show details of a keypair",
@ -61,7 +63,7 @@ keypairs_policies = [
'method': 'GET'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Return 'key_name' in the response of server.",

4
nova/policies/limits.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:limits'
limits_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Shows rate and absolute limits for the project.""",

8
nova/policies/lock_server.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-lock-server:%s'
lock_server_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'lock',
base.RULE_ADMIN_OR_OWNER,
"Lock a server",
@ -31,7 +33,7 @@ lock_server_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'unlock',
base.RULE_ADMIN_OR_OWNER,
"Unlock a server",
@ -42,7 +44,7 @@ lock_server_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'unlock:unlock_override',
base.RULE_ADMIN_API,
"""Unlock a server, regardless who locked the server.

6
nova/policies/migrate_server.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrate-server:%s'
migrate_server_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'migrate',
base.RULE_ADMIN_API,
"Cold migrate a server to a host",
@ -30,7 +32,7 @@ migrate_server_policies = [
'path': '/servers/{server_id}/action (migrate)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'migrate_live',
base.RULE_ADMIN_API,
"Live migrate a server to a new host without a reboot",

4
nova/policies/migrations.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrations:%s'
migrations_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_API,
"List migrations",

4
nova/policies/multinic.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-multinic'
multinic_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Adds or Removes a fixed IP address from a server.

6
nova/policies/networks.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-networks:%s'
networks_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Create and delete a network, add and disassociate a network
@ -46,7 +48,7 @@ These APIs are only available with nova-network which is deprecated.""",
'path': '/os-networks/{network_id}/action (disassociate)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'view',
base.RULE_ADMIN_OR_OWNER,
"""List networks for the project and show details for a network.

4
nova/policies/networks_associate.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-networks-associate'
networks_associate_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Associates and Disassociates a network from a host or project.

6
nova/policies/pause_server.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-pause-server:%s'
pause_server_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'pause',
base.RULE_ADMIN_OR_OWNER,
"Pause a server.",
@ -31,7 +33,7 @@ pause_server_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'unpause',
base.RULE_ADMIN_OR_OWNER,
"Unpause a paused server.",

6
nova/policies/quota_class_sets.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-class-sets:%s'
quota_class_sets_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
'is_admin:True or quota_class:%(quota_class)s',
"List quotas for specific quota classs",
@ -30,7 +32,7 @@ quota_class_sets_policies = [
'path': '/os-quota-class-sets/{quota_class}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
'Update quotas for specific quota class',

12
nova/policies/quota_sets.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-sets:%s'
quota_sets_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
"Update the quotas",
@ -30,7 +32,7 @@ quota_sets_policies = [
'path': '/os-quota-sets/{tenant_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'defaults',
base.RULE_ANY,
"List default quotas",
@ -40,7 +42,7 @@ quota_sets_policies = [
'path': '/os-quota-sets/{tenant_id}/defaults'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Show a quota",
@ -50,7 +52,7 @@ quota_sets_policies = [
'path': '/os-quota-sets/{tenant_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
"Revert quotas to defaults",
@ -60,7 +62,7 @@ quota_sets_policies = [
'path': '/os-quota-sets/{tenant_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'detail',
base.RULE_ADMIN_API,
"Show the detail of quota",

4
nova/policies/remote_consoles.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-remote-consoles'
remote_consoles_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Generates a URL to access remove server console",

4
nova/policies/rescue.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-rescue'
rescue_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Rescue/unrescue a server",

4
nova/policies/security_group_default_rules.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules'
security_group_default_rules_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Lists, shows information for, creates and deletes default security

4
nova/policies/security_groups.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-groups'
security_groups_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""This policy checks permission on security groups related APIs.

4
nova/policies/server_diagnostics.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-diagnostics'
server_diagnostics_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"Shows the usage data for a server",

4
nova/policies/server_external_events.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-external-events:%s'
server_external_events_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_API,
"Creates one or more external events",

8
nova/policies/server_groups.py
View File

@ -29,7 +29,7 @@ server_groups_policies = [
name=BASE_POLICY_NAME,
check_str=base.RULE_ADMIN_OR_OWNER,
description='Deprecated in Pike and will be removed in next release'),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
BASE_POLICY_RULE,
"Create a new server group",
@ -40,7 +40,7 @@ server_groups_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
BASE_POLICY_RULE,
"Delete a server group",
@ -51,7 +51,7 @@ server_groups_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
BASE_POLICY_RULE,
"List all server groups",
@ -62,7 +62,7 @@ server_groups_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
BASE_POLICY_RULE,
"Show details of a server group",

14
nova/policies/server_metadata.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:server-metadata:%s'
server_metadata_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
"List all metadata of a server",
@ -31,7 +33,7 @@ server_metadata_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Show metadata for a server",
@ -42,7 +44,7 @@ server_metadata_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_OR_OWNER,
"Create metadata for a server",
@ -53,7 +55,7 @@ server_metadata_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update_all',
base.RULE_ADMIN_OR_OWNER,
"Replace metadata for a server",
@ -64,7 +66,7 @@ server_metadata_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_OR_OWNER,
"Update metadata from a server",
@ -75,7 +77,7 @@ server_metadata_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_OR_OWNER,
"Delete metadata from a server",

4
nova/policies/server_password.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-password'
server_password_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Show and clear the encrypted administrative password of a server",

14
nova/policies/server_tags.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-tags:%s'
server_tags_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete_all',
base.RULE_ADMIN_OR_OWNER,
"Delete all the server tags",
@ -30,7 +32,7 @@ server_tags_policies = [
'path': '/servers/{server_id}/tags'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
"List all tags for given server",
@ -40,7 +42,7 @@ server_tags_policies = [
'path': '/servers/{server_id}/tags'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update_all',
base.RULE_ADMIN_OR_OWNER,
"Replace all tags on specified server with the new set of tags.",
@ -51,7 +53,7 @@ server_tags_policies = [
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_OR_OWNER,
"Delete a single tag from the specified server",
@ -62,7 +64,7 @@ server_tags_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_OR_OWNER,
"Add a single tag to the server if server has no specified tag",
@ -73,7 +75,7 @@ server_tags_policies = [
}
]
),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Check tag existence on the server.",

4
nova/policies/server_usage.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-usage'
server_usage_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Add 'OS-SRV-USG:launched_at' & 'OS-SRV-USG:terminated_at' attribute

46
nova/policies/servers.py
View File

@ -11,6 +11,8 @@
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -18,7 +20,7 @@ RULE_AOO = base.RULE_ADMIN_OR_OWNER
SERVERS = 'os_compute_api:servers:%s'
rules = [
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'index',
RULE_AOO,
"List all servers",
@ -28,7 +30,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'detail',
RULE_AOO,
"List all servers with detailed information",
@ -38,7 +40,7 @@ rules = [
'path': '/servers/detail'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'index:get_all_tenants',
base.RULE_ADMIN_API,
"List all servers for all projects",
@ -48,7 +50,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'detail:get_all_tenants',
base.RULE_ADMIN_API,
"List all servers with detailed information for all projects",
@ -58,7 +60,7 @@ rules = [
'path': '/servers/detail'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'show',
RULE_AOO,
"Show a server",
@ -70,7 +72,7 @@ rules = [
]),
# the details in host_status are pretty sensitive, only admins
# should do that by default.
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'show:host_status',
base.RULE_ADMIN_API,
"Show a server with additional host status information",
@ -84,7 +86,7 @@ rules = [
'path': '/servers/detail'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create',
RULE_AOO,
"Create a server",
@ -94,7 +96,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create:forced_host',
base.RULE_ADMIN_API,
"Create a server on the specified host",
@ -104,7 +106,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create:attach_volume',
RULE_AOO,
"Create a server with the requested volume attached to it",
@ -114,7 +116,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create:attach_network',
RULE_AOO,
"Create a server with the requested network attached to it",
@ -124,7 +126,7 @@ rules = [
'path': '/servers'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'delete',
RULE_AOO,
"Delete a server",
@ -134,7 +136,7 @@ rules = [
'path': '/servers/{server_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'update',
RULE_AOO,
"Update a server",
@ -144,7 +146,7 @@ rules = [
'path': '/servers/{server_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'confirm_resize',
RULE_AOO,
"Confirm a server resize",
@ -154,7 +156,7 @@ rules = [
'path': '/servers/{server_id}/action (confirmResize)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'revert_resize',
RULE_AOO,
"Revert a server resize",
@ -164,7 +166,7 @@ rules = [
'path': '/servers/{server_id}/action (revertResize)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'reboot',
RULE_AOO,
"Reboot a server",
@ -174,7 +176,7 @@ rules = [
'path': '/servers/{server_id}/action (reboot)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'resize',
RULE_AOO,
"Resize a server",
@ -184,7 +186,7 @@ rules = [
'path': '/servers/{server_id}/action (resize)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'rebuild',
RULE_AOO,
"Rebuild a server",
@ -194,7 +196,7 @@ rules = [
'path': '/servers/{server_id}/action (rebuild)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create_image',
RULE_AOO,
"Create an image from a server",
@ -204,7 +206,7 @@ rules = [
'path': '/servers/{server_id}/action (createImage)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'create_image:allow_volume_backed',
RULE_AOO,
"Create an image from a volume backed server",
@ -214,7 +216,7 @@ rules = [
'path': '/servers/{server_id}/action (createImage)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'start',
RULE_AOO,
"Start a server",
@ -224,7 +226,7 @@ rules = [
'path': '/servers/{server_id}/action (os-start)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'stop',
RULE_AOO,
"Stop a server",
@ -234,7 +236,7 @@ rules = [
'path': '/servers/{server_id}/action (os-stop)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
SERVERS % 'trigger_crash_dump',
RULE_AOO,
"Trigger crash dump in a server",

10
nova/policies/servers_migrations.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:servers:migrations:%s'
servers_migrations_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_API,
"Show details for an in-progress live migration for a given server",
@ -30,7 +32,7 @@ servers_migrations_policies = [
'path': '/servers/{server_id}/migrations/{migration_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'force_complete',
base.RULE_ADMIN_API,
"Force an in-progress live migration for a given server to complete",
@ -41,7 +43,7 @@ servers_migrations_policies = [
'/action (force_complete)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_API,
"Delete(Abort) an in-progress live migration",
@ -51,7 +53,7 @@ servers_migrations_policies = [
'path': '/servers/{server_id}/migrations/{migration_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_API,
"Lists in-progress live migrations for a given server",

4
nova/policies/services.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-services'
services_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Lists all running Compute services in a region, enables \

8
nova/policies/shelve.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-shelve:%s'
shelve_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'shelve',
base.RULE_ADMIN_OR_OWNER,
"Shelve Server",
@ -30,7 +32,7 @@ shelve_policies = [
'path': '/servers/{server_id}/action (shelve)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'unshelve',
base.RULE_ADMIN_OR_OWNER,
"Unshelve (Restore) Shelved Server",
@ -40,7 +42,7 @@ shelve_policies = [
'path': '/servers/{server_id}/action (unshelve)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'shelve_offload',
base.RULE_ADMIN_API,
"Shelf-Offload (Remove) Server",

6
nova/policies/simple_tenant_usage.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-simple-tenant-usage:%s'
simple_tenant_usage_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Show usage statistics for a specific tenant.",
@ -30,7 +32,7 @@ simple_tenant_usage_policies = [
'path': '/os-simple-tenant-usage/{tenant_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'list',
base.RULE_ADMIN_API,
"List per tenant usage statistics for all tenants.",

6
nova/policies/suspend_server.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-suspend-server:%s'
suspend_server_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'resume',
base.RULE_ADMIN_OR_OWNER,
"Resume suspended server",
@ -30,7 +32,7 @@ suspend_server_policies = [
'path': '/servers/{server_id}/action (resume)'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'suspend',
base.RULE_ADMIN_OR_OWNER,
"Suspend server",

4
nova/policies/tenant_networks.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-tenant-networks'
tenant_networks_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Creates, lists, shows information for, and deletes

4
nova/policies/used_limits.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -22,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-used-limits'
used_limits_policies = [
# TODO(aunnam): Remove this rule after we separate the scope check from
# policies, as this is only checking the scope.
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"""Shows rate and absolute limits for the project.

4
nova/policies/virtual_interfaces.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-virtual-interfaces'
virtual_interfaces_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""List Virtual Interfaces.

4
nova/policies/volumes.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-volumes'
volumes_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Manages volumes for use with the Compute API.

12
nova/policies/volumes_attachments.py
View File

@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-volumes-attachments:%s'
volumes_attachments_policies = [
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'index',
base.RULE_ADMIN_OR_OWNER,
"List volume attachments for an instance",
@ -29,7 +31,7 @@ volumes_attachments_policies = [
'path': '/servers/{server_id}/os-volume_attachments'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'create',
base.RULE_ADMIN_OR_OWNER,
"Attach a volume to an instance",
@ -39,7 +41,7 @@ volumes_attachments_policies = [
'path': '/servers/{server_id}/os-volume_attachments'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'show',
base.RULE_ADMIN_OR_OWNER,
"Show details of a volume attachment",
@ -50,7 +52,7 @@ volumes_attachments_policies = [
'/servers/{server_id}/os-volume_attachments/{attachment_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'update',
base.RULE_ADMIN_API,
"Update a volume attachment",
@ -61,7 +63,7 @@ volumes_attachments_policies = [
'/servers/{server_id}/os-volume_attachments/{attachment_id}'
}
]),
base.create_rule_default(
policy.DocumentedRuleDefault(
POLICY_ROOT % 'delete',
base.RULE_ADMIN_OR_OWNER,
"Detach a volume from an instance",