policy: Add defaults in code (part 2)
Partially-Implements: bp policy-in-code Change-Id: I09ba2381a9f365a163012f6bae495838ff11acbe
This commit is contained in:
parent
eacdbc3d8e
commit
51b3fefaac
|
@ -14,45 +14,8 @@
|
|||
"os_compute_api:servers:discoverable": "@",
|
||||
"os_compute_api:servers:migrations:index": "rule:admin_api",
|
||||
"os_compute_api:servers:migrations:show": "rule:admin_api",
|
||||
"os_compute_api:os-cells": "rule:admin_api",
|
||||
"os_compute_api:os-cells:create": "rule:admin_api",
|
||||
"os_compute_api:os-cells:delete": "rule:admin_api",
|
||||
"os_compute_api:os-cells:update": "rule:admin_api",
|
||||
"os_compute_api:os-cells:sync_instances": "rule:admin_api",
|
||||
"os_compute_api:os-cells:discoverable": "@",
|
||||
"os_compute_api:os-certificates:create": "rule:admin_or_owner",
|
||||
"os_compute_api:os-certificates:show": "rule:admin_or_owner",
|
||||
"os_compute_api:os-certificates:discoverable": "@",
|
||||
"os_compute_api:os-cloudpipe": "rule:admin_api",
|
||||
"os_compute_api:os-cloudpipe:discoverable": "@",
|
||||
"os_compute_api:os-config-drive": "rule:admin_or_owner",
|
||||
"os_compute_api:os-config-drive:discoverable": "@",
|
||||
"os_compute_api:os-consoles:discoverable": "@",
|
||||
"os_compute_api:os-consoles:create": "rule:admin_or_owner",
|
||||
"os_compute_api:os-consoles:delete": "rule:admin_or_owner",
|
||||
"os_compute_api:os-consoles:index": "rule:admin_or_owner",
|
||||
"os_compute_api:os-consoles:show": "rule:admin_or_owner",
|
||||
"os_compute_api:os-console-output:discoverable": "@",
|
||||
"os_compute_api:os-console-output": "rule:admin_or_owner",
|
||||
"os_compute_api:os-remote-consoles": "rule:admin_or_owner",
|
||||
"os_compute_api:os-remote-consoles:discoverable": "@",
|
||||
"os_compute_api:os-create-backup:discoverable": "@",
|
||||
"os_compute_api:os-create-backup": "rule:admin_or_owner",
|
||||
"os_compute_api:os-deferred-delete": "rule:admin_or_owner",
|
||||
"os_compute_api:os-deferred-delete:discoverable": "@",
|
||||
"os_compute_api:os-evacuate": "rule:admin_api",
|
||||
"os_compute_api:os-evacuate:discoverable": "@",
|
||||
"os_compute_api:os-extended-server-attributes": "rule:admin_api",
|
||||
"os_compute_api:os-extended-server-attributes:discoverable": "@",
|
||||
"os_compute_api:os-extended-status": "rule:admin_or_owner",
|
||||
"os_compute_api:os-extended-status:discoverable": "@",
|
||||
"os_compute_api:os-extended-availability-zone": "rule:admin_or_owner",
|
||||
"os_compute_api:os-extended-availability-zone:discoverable": "@",
|
||||
"os_compute_api:extensions": "rule:admin_or_owner",
|
||||
"os_compute_api:extensions:discoverable": "@",
|
||||
"os_compute_api:extension_info:discoverable": "@",
|
||||
"os_compute_api:os-extended-volumes": "rule:admin_or_owner",
|
||||
"os_compute_api:os-extended-volumes:discoverable": "@",
|
||||
"os_compute_api:os-fixed-ips": "rule:admin_api",
|
||||
"os_compute_api:os-fixed-ips:discoverable": "@",
|
||||
"os_compute_api:os-flavor-access": "rule:admin_or_owner",
|
||||
|
@ -199,8 +162,6 @@
|
|||
"os_compute_api:os-used-limits:discoverable": "@",
|
||||
"os_compute_api:os-migrations:index": "rule:admin_api",
|
||||
"os_compute_api:os-migrations:discoverable": "@",
|
||||
"os_compute_api:os-console-auth-tokens": "rule:admin_api",
|
||||
"os_compute_api:os-console-auth-tokens:discoverable": "@",
|
||||
"os_compute_api:os-server-external-events:create": "rule:admin_api",
|
||||
"os_compute_api:os-server-external-events:discoverable": "@"
|
||||
}
|
||||
|
|
|
@ -24,6 +24,22 @@ from nova.policies import availability_zone
|
|||
from nova.policies import baremetal_nodes
|
||||
from nova.policies import base
|
||||
from nova.policies import block_device_mapping_v1
|
||||
from nova.policies import cells
|
||||
from nova.policies import certificates
|
||||
from nova.policies import cloudpipe
|
||||
from nova.policies import config_drive
|
||||
from nova.policies import console_auth_tokens
|
||||
from nova.policies import console_output
|
||||
from nova.policies import consoles
|
||||
from nova.policies import create_backup
|
||||
from nova.policies import deferred_delete
|
||||
from nova.policies import evacuate
|
||||
from nova.policies import extended_availability_zone
|
||||
from nova.policies import extended_server_attributes
|
||||
from nova.policies import extended_status
|
||||
from nova.policies import extended_volumes
|
||||
from nova.policies import extension_info
|
||||
from nova.policies import extensions
|
||||
from nova.policies import servers
|
||||
|
||||
|
||||
|
@ -40,5 +56,21 @@ def list_rules():
|
|||
baremetal_nodes.list_rules(),
|
||||
base.list_rules(),
|
||||
block_device_mapping_v1.list_rules(),
|
||||
cells.list_rules(),
|
||||
certificates.list_rules(),
|
||||
cloudpipe.list_rules(),
|
||||
config_drive.list_rules(),
|
||||
console_auth_tokens.list_rules(),
|
||||
console_output.list_rules(),
|
||||
consoles.list_rules(),
|
||||
create_backup.list_rules(),
|
||||
deferred_delete.list_rules(),
|
||||
evacuate.list_rules(),
|
||||
extended_availability_zone.list_rules(),
|
||||
extended_server_attributes.list_rules(),
|
||||
extended_status.list_rules(),
|
||||
extended_volumes.list_rules(),
|
||||
extension_info.list_rules(),
|
||||
extensions.list_rules(),
|
||||
servers.list_rules()
|
||||
)
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-cells'
|
||||
POLICY_ROOT = 'os_compute_api:os-cells:%s'
|
||||
|
||||
|
||||
cells_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'update',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'create',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'sync_instances',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'delete',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return cells_policies
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:os-certificates:%s'
|
||||
|
||||
|
||||
certificates_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'create',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'show',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return certificates_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-cloudpipe'
|
||||
POLICY_ROOT = 'os_compute_api:os-cloudpipe:%s'
|
||||
|
||||
|
||||
cloudpipe_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return cloudpipe_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-config-drive'
|
||||
POLICY_ROOT = 'os_compute_api:os-config-drive:%s'
|
||||
|
||||
|
||||
config_drive_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return config_drive_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-console-auth-tokens'
|
||||
POLICY_ROOT = 'os_compute_api:os-console-auth-tokens:%s'
|
||||
|
||||
|
||||
console_auth_tokens_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return console_auth_tokens_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-console-output'
|
||||
POLICY_ROOT = 'os_compute_api:os-console-output:%s'
|
||||
|
||||
|
||||
console_output_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return console_output_policies
|
|
@ -0,0 +1,44 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:os-consoles:%s'
|
||||
|
||||
|
||||
consoles_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'create',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'show',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'delete',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'index',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return consoles_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-create-backup'
|
||||
POLICY_ROOT = 'os_compute_api:os-create-backup:%s'
|
||||
|
||||
|
||||
create_backup_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return create_backup_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete'
|
||||
POLICY_ROOT = 'os_compute_api:os-deferred-delete:%s'
|
||||
|
||||
|
||||
deferred_delete_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return deferred_delete_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-evacuate'
|
||||
POLICY_ROOT = 'os_compute_api:os-evacuate:%s'
|
||||
|
||||
|
||||
evacuate_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return evacuate_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-extended-availability-zone'
|
||||
POLICY_ROOT = 'os_compute_api:os-extended-availability-zone:%s'
|
||||
|
||||
|
||||
extended_availability_zone_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extended_availability_zone_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-extended-server-attributes'
|
||||
POLICY_ROOT = 'os_compute_api:os-extended-server-attributes:%s'
|
||||
|
||||
|
||||
extended_server_attributes_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extended_server_attributes_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-extended-status'
|
||||
POLICY_ROOT = 'os_compute_api:os-extended-status:%s'
|
||||
|
||||
|
||||
extended_status_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extended_status_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-extended-volumes'
|
||||
POLICY_ROOT = 'os_compute_api:os-extended-volumes:%s'
|
||||
|
||||
|
||||
extended_volumes_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extended_volumes_policies
|
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:extension_info:%s'
|
||||
|
||||
|
||||
extension_info_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extension_info_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:extensions'
|
||||
POLICY_ROOT = 'os_compute_api:extensions:%s'
|
||||
|
||||
|
||||
extensions_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return extensions_policies
|
Loading…
Reference in New Issue