openstack
/
nova
Code Issues Proposed changes

Merge "Set scope for remaining placement policy rules"

This commit is contained in:
Zuul 2018-06-19 02:24:03 +00:00 committed by Gerrit Code Review
parent 1ed8a1e884 08edad6269
commit 8863b501b7
5 changed files with 37 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nova/api/openstack/placement/policies/base.py
View File

@ -33,7 +33,8 @@ rules = [
policy.RuleDefault(
"admin_api",
"role:admin",
description="Default rule for most placement APIs."),
description="Default rule for most placement APIs.",
scope_types=['system']),
]

15
nova/api/openstack/placement/policies/inventory.py
View File

@ -34,7 +34,8 @@ rules = [
'method': 'GET',
'path': BASE_PATH
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
CREATE,
base.RULE_ADMIN_API,
@ -44,7 +45,8 @@ rules = [
'method': 'POST',
'path': BASE_PATH
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
SHOW,
base.RULE_ADMIN_API,
@ -54,7 +56,8 @@ rules = [
'method': 'GET',
'path': BASE_PATH + '/{resource_class}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
UPDATE,
base.RULE_ADMIN_API,
@ -68,7 +71,8 @@ rules = [
'method': 'PUT',
'path': BASE_PATH + '/{resource_class}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
DELETE,
base.RULE_ADMIN_API,
@ -82,7 +86,8 @@ rules = [
'method': 'DELETE',
'path': BASE_PATH + '/{resource_class}'
}
]),
],
scope_types=['system']),
]

15
nova/api/openstack/placement/policies/resource_class.py
View File

@ -33,7 +33,8 @@ rules = [
'method': 'GET',
'path': '/resource_classes'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
CREATE,
base.RULE_ADMIN_API,
@ -43,7 +44,8 @@ rules = [
'method': 'POST',
'path': '/resource_classes'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
SHOW,
base.RULE_ADMIN_API,
@ -53,7 +55,8 @@ rules = [
'method': 'GET',
'path': '/resource_classes/{name}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
UPDATE,
base.RULE_ADMIN_API,
@ -63,7 +66,8 @@ rules = [
'method': 'PUT',
'path': '/resource_classes/{name}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
DELETE,
base.RULE_ADMIN_API,
@ -73,7 +77,8 @@ rules = [
'method': 'DELETE',
'path': '/resource_classes/{name}'
}
]),
],
scope_types=['system']),
]

15
nova/api/openstack/placement/policies/resource_provider.py
View File

@ -33,7 +33,8 @@ rules = [
'method': 'GET',
'path': '/resource_providers'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
CREATE,
base.RULE_ADMIN_API,
@ -43,7 +44,8 @@ rules = [
'method': 'POST',
'path': '/resource_providers'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
SHOW,
base.RULE_ADMIN_API,
@ -53,7 +55,8 @@ rules = [
'method': 'GET',
'path': '/resource_providers/{uuid}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
UPDATE,
base.RULE_ADMIN_API,
@ -63,7 +66,8 @@ rules = [
'method': 'PUT',
'path': '/resource_providers/{uuid}'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
DELETE,
base.RULE_ADMIN_API,
@ -73,7 +77,8 @@ rules = [
'method': 'DELETE',
'path': '/resource_providers/{uuid}'
}
]),
],
scope_types=['system']),
]

8
nova/api/openstack/placement/policies/usage.py
View File

@ -30,9 +30,10 @@ rules = [
'method': 'GET',
'path': '/resource_providers/{uuid}/usages'
}
]),
],
scope_types=['system']),
policy.DocumentedRuleDefault(
# TODO(mriedem): At some point we should set scope_types=['project']
# TODO(mriedem): At some point we might set scope_types=['project']
# so that non-admin project-scoped token users can query usages for
# their project. The context.can() target will need to change as well
# in the actual policy enforcement check in the handler code.
@ -44,7 +45,8 @@ rules = [
'method': 'GET',
'path': '/usages'
}
])
],
scope_types=['system'])
]