diff --git a/nova/policies/admin_actions.py b/nova/policies/admin_actions.py index c8d2564d6386..d4085810445a 100644 --- a/nova/policies/admin_actions.py +++ b/nova/policies/admin_actions.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-admin-actions:%s' admin_actions_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'reset_state', base.RULE_ADMIN_API, "Reset the state of a given server", @@ -30,7 +32,7 @@ admin_actions_policies = [ 'path': '/servers/{server_id}/action (os-resetState)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'inject_network_info', base.RULE_ADMIN_API, "Inject network information into the server", @@ -40,7 +42,7 @@ admin_actions_policies = [ 'path': '/servers/{server_id}/action (injectNetworkInfo)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'reset_network', base.RULE_ADMIN_API, "Reset networking on a server", diff --git a/nova/policies/admin_password.py b/nova/policies/admin_password.py index 3d8d2b790f2a..af8672910549 100644 --- a/nova/policies/admin_password.py +++ b/nova/policies/admin_password.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-admin-password' admin_password_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Change the administrative password for a server", diff --git a/nova/policies/agents.py b/nova/policies/agents.py index 3831370979ff..2f50422381ce 100644 --- a/nova/policies/agents.py +++ b/nova/policies/agents.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-agents' agents_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Create, list, update, and delete guest agent builds @@ -28,10 +30,24 @@ agents_policies = [ This is XenAPI driver specific. It is used to force the upgrade of the XenAPI guest agent on instance boot. """, - [{'path': '/os-agents', 'method': 'GET'}, - {'path': '/os-agents', 'method': 'POST'}, - {'path': '/os-agents/{agent_build_id}', 'method': 'PUT'}, - {'path': '/os-agents/{agent_build_id}', 'method': 'DELETE'}]), + [ + { + 'path': '/os-agents', + 'method': 'GET' + }, + { + 'path': '/os-agents', + 'method': 'POST' + }, + { + 'path': '/os-agents/{agent_build_id}', + 'method': 'PUT' + }, + { + 'path': '/os-agents/{agent_build_id}', + 'method': 'DELETE' + } + ]), ] diff --git a/nova/policies/aggregates.py b/nova/policies/aggregates.py index 7d801f52b829..39c7307bce2e 100644 --- a/nova/policies/aggregates.py +++ b/nova/policies/aggregates.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-aggregates:%s' aggregates_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'set_metadata', base.RULE_ADMIN_API, "Create or replace metadata for an aggregate", @@ -30,7 +32,7 @@ aggregates_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'add_host', base.RULE_ADMIN_API, "Add a host to an aggregate.", @@ -40,7 +42,7 @@ aggregates_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_API, "Create an aggregate", @@ -50,7 +52,7 @@ aggregates_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'remove_host', base.RULE_ADMIN_API, "Remove a host from an aggregate", @@ -60,7 +62,7 @@ aggregates_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, "Update name and/or availability zone for an aggregate", @@ -70,7 +72,7 @@ aggregates_policies = [ 'method': 'PUT' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_API, "List all aggregates", @@ -80,7 +82,7 @@ aggregates_policies = [ 'method': 'GET' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, "Delete an aggregate", @@ -90,7 +92,7 @@ aggregates_policies = [ 'method': 'DELETE' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_API, "Show details for an aggregate.", diff --git a/nova/policies/assisted_volume_snapshots.py b/nova/policies/assisted_volume_snapshots.py index 4c5ba1e32f58..ba997f0f37b3 100644 --- a/nova/policies/assisted_volume_snapshots.py +++ b/nova/policies/assisted_volume_snapshots.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-assisted-volume-snapshots:%s' assisted_volume_snapshots_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_API, "Create an assisted volume snapshot", @@ -30,7 +32,7 @@ assisted_volume_snapshots_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, "Delete an assisted volume snapshot", diff --git a/nova/policies/attach_interfaces.py b/nova/policies/attach_interfaces.py index 1d20fb3390bf..d0d42315c2bc 100644 --- a/nova/policies/attach_interfaces.py +++ b/nova/policies/attach_interfaces.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s' attach_interfaces_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "List port interfaces or show details of a port \ @@ -36,7 +38,7 @@ interface attached to a server", 'path': '/servers/{server_id}/os-interface/{port_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_OR_OWNER, 'Attach an interface to a server', @@ -46,7 +48,7 @@ interface attached to a server", 'path': '/servers/{server_id}/os-interface' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_OR_OWNER, 'Detach an interface from a server', diff --git a/nova/policies/availability_zone.py b/nova/policies/availability_zone.py index 281d8c675eea..872722b5245d 100644 --- a/nova/policies/availability_zone.py +++ b/nova/policies/availability_zone.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-availability-zone:%s' availability_zone_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'list', base.RULE_ADMIN_OR_OWNER, "Lists availability zone information without host information", @@ -30,7 +32,7 @@ availability_zone_policies = [ 'path': 'os-availability-zone' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'detail', base.RULE_ADMIN_API, "Lists detailed availability zone information with host information", diff --git a/nova/policies/baremetal_nodes.py b/nova/policies/baremetal_nodes.py index 80d3dec43bfe..6f52f44123a1 100644 --- a/nova/policies/baremetal_nodes.py +++ b/nova/policies/baremetal_nodes.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-baremetal-nodes' baremetal_nodes_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """List and show details of bare metal nodes. diff --git a/nova/policies/base.py b/nova/policies/base.py index 4c24c97e2178..234ffce21a04 100644 --- a/nova/policies/base.py +++ b/nova/policies/base.py @@ -28,11 +28,5 @@ rules = [ ] -# TODO(johngarbutt) we can remove this now -def create_rule_default(name, check_str, description, operations): - return policy.DocumentedRuleDefault(name, check_str, - description, operations) - - def list_rules(): return rules diff --git a/nova/policies/cells.py b/nova/policies/cells.py index 9d4a0ff5015b..b3e855d7f4a6 100644 --- a/nova/policies/cells.py +++ b/nova/policies/cells.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-cells:%s' cells_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, 'Update an existing cell', @@ -31,7 +33,7 @@ cells_policies = [ 'path': '/os-cells/{cell_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_API, 'Create a new cell', @@ -41,7 +43,7 @@ cells_policies = [ 'path': '/os-cells' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, 'List and get detailed info of a given cell or all cells', @@ -67,7 +69,7 @@ cells_policies = [ 'path': '/os-cells/{cell_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'sync_instances', base.RULE_ADMIN_API, 'Sync instances info in all cells', @@ -77,7 +79,7 @@ cells_policies = [ 'path': '/os-cells/sync_instances' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, 'Remove a cell', diff --git a/nova/policies/config_drive.py b/nova/policies/config_drive.py index 8bafe855c0f7..894d8baafbc2 100644 --- a/nova/policies/config_drive.py +++ b/nova/policies/config_drive.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-config-drive' config_drive_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Add 'config_drive' attribute in the server response.""", diff --git a/nova/policies/console_auth_tokens.py b/nova/policies/console_auth_tokens.py index 55ed91719fa3..b674a3295193 100644 --- a/nova/policies/console_auth_tokens.py +++ b/nova/policies/console_auth_tokens.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-auth-tokens' console_auth_tokens_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, 'Show console connection information for a given console \ diff --git a/nova/policies/console_output.py b/nova/policies/console_output.py index 3f9e98109f9a..1e6473b36074 100644 --- a/nova/policies/console_output.py +++ b/nova/policies/console_output.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-output' console_output_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, 'Show console output for a server', diff --git a/nova/policies/consoles.py b/nova/policies/consoles.py index 61fba0afd9b6..d81e315f1c6e 100644 --- a/nova/policies/consoles.py +++ b/nova/policies/consoles.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-consoles:%s' consoles_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_OR_OWNER, 'Create a console for a server instance', @@ -30,7 +32,7 @@ consoles_policies = [ 'path': '/servers/{server_id}/consoles' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, 'Show console details for a server instance', @@ -40,7 +42,7 @@ consoles_policies = [ 'path': '/servers/{server_id}/consoles/{console_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_OR_OWNER, 'Delete a console for a server instance', @@ -50,7 +52,7 @@ consoles_policies = [ 'path': '/servers/{server_id}/consoles/{console_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, 'List all consoles for a server instance', diff --git a/nova/policies/create_backup.py b/nova/policies/create_backup.py index 616ae99b4644..bc4c55f56ec9 100644 --- a/nova/policies/create_backup.py +++ b/nova/policies/create_backup.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-create-backup' create_backup_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, 'Create a back up of a server', diff --git a/nova/policies/deferred_delete.py b/nova/policies/deferred_delete.py index f2bf71fb2fe2..efb8fa2fe3fa 100644 --- a/nova/policies/deferred_delete.py +++ b/nova/policies/deferred_delete.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete' deferred_delete_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, 'Restore a soft deleted server or force delete a server before \ diff --git a/nova/policies/evacuate.py b/nova/policies/evacuate.py index 9acb7d276b3a..aa26cc463180 100644 --- a/nova/policies/evacuate.py +++ b/nova/policies/evacuate.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-evacuate' evacuate_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, "Evacuate a server from a failed host to a new host", diff --git a/nova/policies/extended_availability_zone.py b/nova/policies/extended_availability_zone.py index edcfadd6c2eb..d8be68b6937d 100644 --- a/nova/policies/extended_availability_zone.py +++ b/nova/policies/extended_availability_zone.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-availability-zone' extended_availability_zone_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Add `OS-EXT-AZ:availability_zone` into the server response.", diff --git a/nova/policies/extended_server_attributes.py b/nova/policies/extended_server_attributes.py index ce1fcdd58a38..663fba9da14f 100644 --- a/nova/policies/extended_server_attributes.py +++ b/nova/policies/extended_server_attributes.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-server-attributes' extended_server_attributes_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Return extended attributes for server. diff --git a/nova/policies/extended_status.py b/nova/policies/extended_status.py index 049a3d1b02f5..f1a63f5d9bf7 100644 --- a/nova/policies/extended_status.py +++ b/nova/policies/extended_status.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-status' extended_status_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Return extended status in the response of server. diff --git a/nova/policies/extended_volumes.py b/nova/policies/extended_volumes.py index d3bf93c4e8a9..5b6bf24d993d 100644 --- a/nova/policies/extended_volumes.py +++ b/nova/policies/extended_volumes.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-volumes' extended_volumes_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Return 'os-extended-volumes:volumes_attached' in the response of " diff --git a/nova/policies/extensions.py b/nova/policies/extensions.py index a8ec51df7cfe..fccb2005c9b8 100644 --- a/nova/policies/extensions.py +++ b/nova/policies/extensions.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:extensions' extensions_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Lists available extensions and shows information for an extension " diff --git a/nova/policies/fixed_ips.py b/nova/policies/fixed_ips.py index 33c034baec0f..096f1d2f9d05 100644 --- a/nova/policies/fixed_ips.py +++ b/nova/policies/fixed_ips.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-fixed-ips' fixed_ips_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Shows details for, reserve and unreserve a fixed IP address. diff --git a/nova/policies/flavor_access.py b/nova/policies/flavor_access.py index 0d9c2f1b3689..398afb64c284 100644 --- a/nova/policies/flavor_access.py +++ b/nova/policies/flavor_access.py @@ -14,6 +14,8 @@ # under the License. +from oslo_policy import policy + from nova.policies import base @@ -22,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s' flavor_access_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'add_tenant_access', base.RULE_ADMIN_API, "Add flavor access to a tenant", @@ -32,7 +34,7 @@ flavor_access_policies = [ 'path': '/flavors/{flavor_id}/action (addTenantAccess)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'remove_tenant_access', base.RULE_ADMIN_API, "Remove flavor access from a tenant", @@ -42,7 +44,7 @@ flavor_access_policies = [ 'path': '/flavors/{flavor_id}/action (removeTenantAccess)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Allow the listing of flavor access information diff --git a/nova/policies/flavor_extra_specs.py b/nova/policies/flavor_extra_specs.py index 4d0d94f7aeda..23a005f6353b 100644 --- a/nova/policies/flavor_extra_specs.py +++ b/nova/policies/flavor_extra_specs.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-extra-specs:%s' flavor_extra_specs_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Show an extra spec for a flavor", @@ -32,7 +34,7 @@ flavor_extra_specs_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_API, "Create extra specs for a flavor", @@ -43,7 +45,7 @@ flavor_extra_specs_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, "Update an extra spec for a flavor", @@ -55,7 +57,7 @@ flavor_extra_specs_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, "Delete an extra spec for a flavor", @@ -67,7 +69,7 @@ flavor_extra_specs_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, "List extra specs for a flavor", diff --git a/nova/policies/flavor_manage.py b/nova/policies/flavor_manage.py index aba547580054..255df7d97bb9 100644 --- a/nova/policies/flavor_manage.py +++ b/nova/policies/flavor_manage.py @@ -14,6 +14,8 @@ # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage' flavor_manage_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, "Create and delete Flavors", diff --git a/nova/policies/flavor_rxtx.py b/nova/policies/flavor_rxtx.py index 9f8c0fb1828c..409eafd61843 100644 --- a/nova/policies/flavor_rxtx.py +++ b/nova/policies/flavor_rxtx.py @@ -14,6 +14,8 @@ # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx' flavor_rxtx_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Adds the rxtx_factor key into some Flavor APIs", diff --git a/nova/policies/floating_ip_dns.py b/nova/policies/floating_ip_dns.py index dbcdab3c17da..fc4b0e78c022 100644 --- a/nova/policies/floating_ip_dns.py +++ b/nova/policies/floating_ip_dns.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-floating-ip-dns:%s' floating_ip_dns_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """List registered DNS domains, and CRUD actions on domain names. @@ -49,7 +51,7 @@ Note this only works with nova-network and this API is deprecated.""", 'path': '/os-floating-ip-dns/{domain}/entries/{name}' }, ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'domain:update', base.RULE_ADMIN_API, "Create or update a DNS domain.", @@ -59,7 +61,7 @@ Note this only works with nova-network and this API is deprecated.""", 'path': '/os-floating-ip-dns/{domain}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'domain:delete', base.RULE_ADMIN_API, "Delete a DNS domain.", diff --git a/nova/policies/floating_ip_pools.py b/nova/policies/floating_ip_pools.py index b825a924d641..1e5f1e8dd32a 100644 --- a/nova/policies/floating_ip_pools.py +++ b/nova/policies/floating_ip_pools.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools' floating_ip_pools_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "List floating IP pools. This API is deprecated.", diff --git a/nova/policies/floating_ips.py b/nova/policies/floating_ips.py index 42a0e4d7e32b..f652f444386c 100644 --- a/nova/policies/floating_ips.py +++ b/nova/policies/floating_ips.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips' floating_ips_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Manage a project's floating IPs. These APIs are all deprecated.", diff --git a/nova/policies/floating_ips_bulk.py b/nova/policies/floating_ips_bulk.py index c20abdee9ebf..a9fdad3264a6 100644 --- a/nova/policies/floating_ips_bulk.py +++ b/nova/policies/floating_ips_bulk.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips-bulk' floating_ips_bulk_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, "Bulk-create, delete, and list floating IPs. API is deprecated.", diff --git a/nova/policies/fping.py b/nova/policies/fping.py index 1750a28d21ca..e2be025dd740 100644 --- a/nova/policies/fping.py +++ b/nova/policies/fping.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-fping:%s' fping_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'all_tenants', base.RULE_ADMIN_API, """Pings instances for all projects and reports which instances @@ -35,7 +37,7 @@ which itself is deprecated.""", 'path': '/os-fping?all_tenants=true' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Pings instances, particular instance and reports which instances diff --git a/nova/policies/hide_server_addresses.py b/nova/policies/hide_server_addresses.py index 8d80b82ea266..f48a9e8be935 100644 --- a/nova/policies/hide_server_addresses.py +++ b/nova/policies/hide_server_addresses.py @@ -13,13 +13,13 @@ # License for the specific language governing permissions and limitations # under the License. -from nova.policies import base +from oslo_policy import policy BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses' hide_server_addresses_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, 'is_admin:False', """Hide server's 'addresses' key in the server response. diff --git a/nova/policies/hosts.py b/nova/policies/hosts.py index 9ad2d6c00b28..f9a13cc6981b 100644 --- a/nova/policies/hosts.py +++ b/nova/policies/hosts.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hosts' hosts_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """List, Show and Manage physical hosts. diff --git a/nova/policies/hypervisors.py b/nova/policies/hypervisors.py index e10b1a916450..c4901dc0d945 100644 --- a/nova/policies/hypervisors.py +++ b/nova/policies/hypervisors.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hypervisors' hypervisors_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Policy rule for hypervisor related APIs. diff --git a/nova/policies/image_size.py b/nova/policies/image_size.py index b0e1b558c411..0a529a4bc960 100644 --- a/nova/policies/image_size.py +++ b/nova/policies/image_size.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:image-size' image_size_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.""", diff --git a/nova/policies/instance_actions.py b/nova/policies/instance_actions.py index ba723899bd1e..fe2200f5b5d0 100644 --- a/nova/policies/instance_actions.py +++ b/nova/policies/instance_actions.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-instance-actions:%s' instance_actions_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'events', base.RULE_ADMIN_API, """Add events details in action details for a server. @@ -34,7 +36,7 @@ os_compute_api:os-instance-actions passes""", 'path': '/servers/{server_id}/os-instance-actions/{request_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """List actions and show action details for a server.""", diff --git a/nova/policies/instance_usage_audit_log.py b/nova/policies/instance_usage_audit_log.py index 616a39d2a49c..b9bd4e126511 100644 --- a/nova/policies/instance_usage_audit_log.py +++ b/nova/policies/instance_usage_audit_log.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log' instance_usage_audit_log_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Lists all usage audits and that occurred before a specified time diff --git a/nova/policies/ips.py b/nova/policies/ips.py index 24e2397e2f97..b148e91dc413 100644 --- a/nova/policies/ips.py +++ b/nova/policies/ips.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:ips:%s' ips_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, """Shows IP addresses details for a network label of a server.""", @@ -30,7 +32,7 @@ ips_policies = [ 'path': '/servers/{server_id}/ips/{network_label}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, """Lists IP addresses that are assigned to a server.""", diff --git a/nova/policies/keypairs.py b/nova/policies/keypairs.py index 543625009337..3d9f549423c2 100644 --- a/nova/policies/keypairs.py +++ b/nova/policies/keypairs.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-keypairs:%s' keypairs_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', 'rule:admin_api or user_id:%(user_id)s', "List all keypairs", @@ -31,7 +33,7 @@ keypairs_policies = [ 'method': 'GET' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', 'rule:admin_api or user_id:%(user_id)s', "Create a keypair", @@ -41,7 +43,7 @@ keypairs_policies = [ 'method': 'POST' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', 'rule:admin_api or user_id:%(user_id)s', "Delete a keypair", @@ -51,7 +53,7 @@ keypairs_policies = [ 'method': 'DELETE' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', 'rule:admin_api or user_id:%(user_id)s', "Show details of a keypair", @@ -61,7 +63,7 @@ keypairs_policies = [ 'method': 'GET' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Return 'key_name' in the response of server.", diff --git a/nova/policies/limits.py b/nova/policies/limits.py index 56c5b14575ce..fd431f69afb8 100644 --- a/nova/policies/limits.py +++ b/nova/policies/limits.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:limits' limits_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Shows rate and absolute limits for the project.""", diff --git a/nova/policies/lock_server.py b/nova/policies/lock_server.py index 0170136a25ba..254182e6e212 100644 --- a/nova/policies/lock_server.py +++ b/nova/policies/lock_server.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-lock-server:%s' lock_server_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'lock', base.RULE_ADMIN_OR_OWNER, "Lock a server", @@ -31,7 +33,7 @@ lock_server_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'unlock', base.RULE_ADMIN_OR_OWNER, "Unlock a server", @@ -42,7 +44,7 @@ lock_server_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'unlock:unlock_override', base.RULE_ADMIN_API, """Unlock a server, regardless who locked the server. diff --git a/nova/policies/migrate_server.py b/nova/policies/migrate_server.py index 11ef46aa2900..f377e5820ba5 100644 --- a/nova/policies/migrate_server.py +++ b/nova/policies/migrate_server.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrate-server:%s' migrate_server_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'migrate', base.RULE_ADMIN_API, "Cold migrate a server to a host", @@ -30,7 +32,7 @@ migrate_server_policies = [ 'path': '/servers/{server_id}/action (migrate)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'migrate_live', base.RULE_ADMIN_API, "Live migrate a server to a new host without a reboot", diff --git a/nova/policies/migrations.py b/nova/policies/migrations.py index 434f15c7630f..e993f8c04d7f 100644 --- a/nova/policies/migrations.py +++ b/nova/policies/migrations.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrations:%s' migrations_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_API, "List migrations", diff --git a/nova/policies/multinic.py b/nova/policies/multinic.py index 0abfeb191d3b..b1a28ccfac9c 100644 --- a/nova/policies/multinic.py +++ b/nova/policies/multinic.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-multinic' multinic_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Adds or Removes a fixed IP address from a server. diff --git a/nova/policies/networks.py b/nova/policies/networks.py index ff68cc7ea0aa..812af1a63dea 100644 --- a/nova/policies/networks.py +++ b/nova/policies/networks.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-networks:%s' networks_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Create and delete a network, add and disassociate a network @@ -46,7 +48,7 @@ These APIs are only available with nova-network which is deprecated.""", 'path': '/os-networks/{network_id}/action (disassociate)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'view', base.RULE_ADMIN_OR_OWNER, """List networks for the project and show details for a network. diff --git a/nova/policies/networks_associate.py b/nova/policies/networks_associate.py index bcf5b95148ce..e5772b59ea89 100644 --- a/nova/policies/networks_associate.py +++ b/nova/policies/networks_associate.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-networks-associate' networks_associate_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Associates and Disassociates a network from a host or project. diff --git a/nova/policies/pause_server.py b/nova/policies/pause_server.py index d860f599184e..ba98d40b59f5 100644 --- a/nova/policies/pause_server.py +++ b/nova/policies/pause_server.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-pause-server:%s' pause_server_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'pause', base.RULE_ADMIN_OR_OWNER, "Pause a server.", @@ -31,7 +33,7 @@ pause_server_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'unpause', base.RULE_ADMIN_OR_OWNER, "Unpause a paused server.", diff --git a/nova/policies/quota_class_sets.py b/nova/policies/quota_class_sets.py index 2710436fcbd5..e8691957a74c 100644 --- a/nova/policies/quota_class_sets.py +++ b/nova/policies/quota_class_sets.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-class-sets:%s' quota_class_sets_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', 'is_admin:True or quota_class:%(quota_class)s', "List quotas for specific quota classs", @@ -30,7 +32,7 @@ quota_class_sets_policies = [ 'path': '/os-quota-class-sets/{quota_class}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, 'Update quotas for specific quota class', diff --git a/nova/policies/quota_sets.py b/nova/policies/quota_sets.py index 9cc46e078c50..50aaa94533e3 100644 --- a/nova/policies/quota_sets.py +++ b/nova/policies/quota_sets.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-sets:%s' quota_sets_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, "Update the quotas", @@ -30,7 +32,7 @@ quota_sets_policies = [ 'path': '/os-quota-sets/{tenant_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'defaults', base.RULE_ANY, "List default quotas", @@ -40,7 +42,7 @@ quota_sets_policies = [ 'path': '/os-quota-sets/{tenant_id}/defaults' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Show a quota", @@ -50,7 +52,7 @@ quota_sets_policies = [ 'path': '/os-quota-sets/{tenant_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, "Revert quotas to defaults", @@ -60,7 +62,7 @@ quota_sets_policies = [ 'path': '/os-quota-sets/{tenant_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'detail', base.RULE_ADMIN_API, "Show the detail of quota", diff --git a/nova/policies/remote_consoles.py b/nova/policies/remote_consoles.py index ab7c89302d33..1e25f2a4e206 100644 --- a/nova/policies/remote_consoles.py +++ b/nova/policies/remote_consoles.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-remote-consoles' remote_consoles_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Generates a URL to access remove server console", diff --git a/nova/policies/rescue.py b/nova/policies/rescue.py index d57e4acb1b92..7a7c06b09041 100644 --- a/nova/policies/rescue.py +++ b/nova/policies/rescue.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-rescue' rescue_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Rescue/unrescue a server", diff --git a/nova/policies/security_group_default_rules.py b/nova/policies/security_group_default_rules.py index c06c08bf7005..8cf66301b91a 100644 --- a/nova/policies/security_group_default_rules.py +++ b/nova/policies/security_group_default_rules.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules' security_group_default_rules_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Lists, shows information for, creates and deletes default security diff --git a/nova/policies/security_groups.py b/nova/policies/security_groups.py index 7a53620a59b8..e28124290ad6 100644 --- a/nova/policies/security_groups.py +++ b/nova/policies/security_groups.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-groups' security_groups_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """This policy checks permission on security groups related APIs. diff --git a/nova/policies/server_diagnostics.py b/nova/policies/server_diagnostics.py index 282301955b99..d06ee4e485e7 100644 --- a/nova/policies/server_diagnostics.py +++ b/nova/policies/server_diagnostics.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-diagnostics' server_diagnostics_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, "Shows the usage data for a server", diff --git a/nova/policies/server_external_events.py b/nova/policies/server_external_events.py index b21bc9d8e8dd..0a4069f5ac15 100644 --- a/nova/policies/server_external_events.py +++ b/nova/policies/server_external_events.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-external-events:%s' server_external_events_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_API, "Creates one or more external events", diff --git a/nova/policies/server_groups.py b/nova/policies/server_groups.py index e0d74bec71ae..ea6ef2c13cf0 100644 --- a/nova/policies/server_groups.py +++ b/nova/policies/server_groups.py @@ -29,7 +29,7 @@ server_groups_policies = [ name=BASE_POLICY_NAME, check_str=base.RULE_ADMIN_OR_OWNER, description='Deprecated in Pike and will be removed in next release'), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', BASE_POLICY_RULE, "Create a new server group", @@ -40,7 +40,7 @@ server_groups_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', BASE_POLICY_RULE, "Delete a server group", @@ -51,7 +51,7 @@ server_groups_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', BASE_POLICY_RULE, "List all server groups", @@ -62,7 +62,7 @@ server_groups_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', BASE_POLICY_RULE, "Show details of a server group", diff --git a/nova/policies/server_metadata.py b/nova/policies/server_metadata.py index 07a5967e40be..f52d072b377b 100644 --- a/nova/policies/server_metadata.py +++ b/nova/policies/server_metadata.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:server-metadata:%s' server_metadata_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, "List all metadata of a server", @@ -31,7 +33,7 @@ server_metadata_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Show metadata for a server", @@ -42,7 +44,7 @@ server_metadata_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_OR_OWNER, "Create metadata for a server", @@ -53,7 +55,7 @@ server_metadata_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update_all', base.RULE_ADMIN_OR_OWNER, "Replace metadata for a server", @@ -64,7 +66,7 @@ server_metadata_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_OR_OWNER, "Update metadata from a server", @@ -75,7 +77,7 @@ server_metadata_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_OR_OWNER, "Delete metadata from a server", diff --git a/nova/policies/server_password.py b/nova/policies/server_password.py index d2e12a522c11..bc317a470bbd 100644 --- a/nova/policies/server_password.py +++ b/nova/policies/server_password.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-password' server_password_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, "Show and clear the encrypted administrative password of a server", diff --git a/nova/policies/server_tags.py b/nova/policies/server_tags.py index c9b812521b6d..1bd445b64c74 100644 --- a/nova/policies/server_tags.py +++ b/nova/policies/server_tags.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-tags:%s' server_tags_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete_all', base.RULE_ADMIN_OR_OWNER, "Delete all the server tags", @@ -30,7 +32,7 @@ server_tags_policies = [ 'path': '/servers/{server_id}/tags' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, "List all tags for given server", @@ -40,7 +42,7 @@ server_tags_policies = [ 'path': '/servers/{server_id}/tags' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update_all', base.RULE_ADMIN_OR_OWNER, "Replace all tags on specified server with the new set of tags.", @@ -51,7 +53,7 @@ server_tags_policies = [ } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_OR_OWNER, "Delete a single tag from the specified server", @@ -62,7 +64,7 @@ server_tags_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_OR_OWNER, "Add a single tag to the server if server has no specified tag", @@ -73,7 +75,7 @@ server_tags_policies = [ } ] ), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Check tag existence on the server.", diff --git a/nova/policies/server_usage.py b/nova/policies/server_usage.py index ac02ee2e97a0..93e9fcde22fb 100644 --- a/nova/policies/server_usage.py +++ b/nova/policies/server_usage.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-usage' server_usage_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Add 'OS-SRV-USG:launched_at' & 'OS-SRV-USG:terminated_at' attribute diff --git a/nova/policies/servers.py b/nova/policies/servers.py index 5743daba2415..c5e834b19801 100644 --- a/nova/policies/servers.py +++ b/nova/policies/servers.py @@ -11,6 +11,8 @@ # under the License. +from oslo_policy import policy + from nova.policies import base @@ -18,7 +20,7 @@ RULE_AOO = base.RULE_ADMIN_OR_OWNER SERVERS = 'os_compute_api:servers:%s' rules = [ - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'index', RULE_AOO, "List all servers", @@ -28,7 +30,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'detail', RULE_AOO, "List all servers with detailed information", @@ -38,7 +40,7 @@ rules = [ 'path': '/servers/detail' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'index:get_all_tenants', base.RULE_ADMIN_API, "List all servers for all projects", @@ -48,7 +50,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'detail:get_all_tenants', base.RULE_ADMIN_API, "List all servers with detailed information for all projects", @@ -58,7 +60,7 @@ rules = [ 'path': '/servers/detail' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'show', RULE_AOO, "Show a server", @@ -70,7 +72,7 @@ rules = [ ]), # the details in host_status are pretty sensitive, only admins # should do that by default. - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'show:host_status', base.RULE_ADMIN_API, "Show a server with additional host status information", @@ -84,7 +86,7 @@ rules = [ 'path': '/servers/detail' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create', RULE_AOO, "Create a server", @@ -94,7 +96,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create:forced_host', base.RULE_ADMIN_API, "Create a server on the specified host", @@ -104,7 +106,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create:attach_volume', RULE_AOO, "Create a server with the requested volume attached to it", @@ -114,7 +116,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create:attach_network', RULE_AOO, "Create a server with the requested network attached to it", @@ -124,7 +126,7 @@ rules = [ 'path': '/servers' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'delete', RULE_AOO, "Delete a server", @@ -134,7 +136,7 @@ rules = [ 'path': '/servers/{server_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'update', RULE_AOO, "Update a server", @@ -144,7 +146,7 @@ rules = [ 'path': '/servers/{server_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'confirm_resize', RULE_AOO, "Confirm a server resize", @@ -154,7 +156,7 @@ rules = [ 'path': '/servers/{server_id}/action (confirmResize)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'revert_resize', RULE_AOO, "Revert a server resize", @@ -164,7 +166,7 @@ rules = [ 'path': '/servers/{server_id}/action (revertResize)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'reboot', RULE_AOO, "Reboot a server", @@ -174,7 +176,7 @@ rules = [ 'path': '/servers/{server_id}/action (reboot)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'resize', RULE_AOO, "Resize a server", @@ -184,7 +186,7 @@ rules = [ 'path': '/servers/{server_id}/action (resize)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'rebuild', RULE_AOO, "Rebuild a server", @@ -194,7 +196,7 @@ rules = [ 'path': '/servers/{server_id}/action (rebuild)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create_image', RULE_AOO, "Create an image from a server", @@ -204,7 +206,7 @@ rules = [ 'path': '/servers/{server_id}/action (createImage)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'create_image:allow_volume_backed', RULE_AOO, "Create an image from a volume backed server", @@ -214,7 +216,7 @@ rules = [ 'path': '/servers/{server_id}/action (createImage)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'start', RULE_AOO, "Start a server", @@ -224,7 +226,7 @@ rules = [ 'path': '/servers/{server_id}/action (os-start)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'stop', RULE_AOO, "Stop a server", @@ -234,7 +236,7 @@ rules = [ 'path': '/servers/{server_id}/action (os-stop)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( SERVERS % 'trigger_crash_dump', RULE_AOO, "Trigger crash dump in a server", diff --git a/nova/policies/servers_migrations.py b/nova/policies/servers_migrations.py index 2d0f26d7b504..277e8fc7449c 100644 --- a/nova/policies/servers_migrations.py +++ b/nova/policies/servers_migrations.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:servers:migrations:%s' servers_migrations_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_API, "Show details for an in-progress live migration for a given server", @@ -30,7 +32,7 @@ servers_migrations_policies = [ 'path': '/servers/{server_id}/migrations/{migration_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'force_complete', base.RULE_ADMIN_API, "Force an in-progress live migration for a given server to complete", @@ -41,7 +43,7 @@ servers_migrations_policies = [ '/action (force_complete)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_API, "Delete(Abort) an in-progress live migration", @@ -51,7 +53,7 @@ servers_migrations_policies = [ 'path': '/servers/{server_id}/migrations/{migration_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_API, "Lists in-progress live migrations for a given server", diff --git a/nova/policies/services.py b/nova/policies/services.py index 4b8084a48221..f5dec3197d4a 100644 --- a/nova/policies/services.py +++ b/nova/policies/services.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-services' services_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Lists all running Compute services in a region, enables \ diff --git a/nova/policies/shelve.py b/nova/policies/shelve.py index 9e01e99332cc..c58bfaae1b1b 100644 --- a/nova/policies/shelve.py +++ b/nova/policies/shelve.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-shelve:%s' shelve_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'shelve', base.RULE_ADMIN_OR_OWNER, "Shelve Server", @@ -30,7 +32,7 @@ shelve_policies = [ 'path': '/servers/{server_id}/action (shelve)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'unshelve', base.RULE_ADMIN_OR_OWNER, "Unshelve (Restore) Shelved Server", @@ -40,7 +42,7 @@ shelve_policies = [ 'path': '/servers/{server_id}/action (unshelve)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'shelve_offload', base.RULE_ADMIN_API, "Shelf-Offload (Remove) Server", diff --git a/nova/policies/simple_tenant_usage.py b/nova/policies/simple_tenant_usage.py index f8927cf99e14..6b06623a7235 100644 --- a/nova/policies/simple_tenant_usage.py +++ b/nova/policies/simple_tenant_usage.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-simple-tenant-usage:%s' simple_tenant_usage_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Show usage statistics for a specific tenant.", @@ -30,7 +32,7 @@ simple_tenant_usage_policies = [ 'path': '/os-simple-tenant-usage/{tenant_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'list', base.RULE_ADMIN_API, "List per tenant usage statistics for all tenants.", diff --git a/nova/policies/suspend_server.py b/nova/policies/suspend_server.py index e07b32c2c6a2..55f0068a607f 100644 --- a/nova/policies/suspend_server.py +++ b/nova/policies/suspend_server.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-suspend-server:%s' suspend_server_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'resume', base.RULE_ADMIN_OR_OWNER, "Resume suspended server", @@ -30,7 +32,7 @@ suspend_server_policies = [ 'path': '/servers/{server_id}/action (resume)' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'suspend', base.RULE_ADMIN_OR_OWNER, "Suspend server", diff --git a/nova/policies/tenant_networks.py b/nova/policies/tenant_networks.py index 227702c8e156..a74ff5535933 100644 --- a/nova/policies/tenant_networks.py +++ b/nova/policies/tenant_networks.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-tenant-networks' tenant_networks_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Creates, lists, shows information for, and deletes diff --git a/nova/policies/used_limits.py b/nova/policies/used_limits.py index 0f2b7fb6cc68..ff41747c8b54 100644 --- a/nova/policies/used_limits.py +++ b/nova/policies/used_limits.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -22,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-used-limits' used_limits_policies = [ # TODO(aunnam): Remove this rule after we separate the scope check from # policies, as this is only checking the scope. - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_API, """Shows rate and absolute limits for the project. diff --git a/nova/policies/virtual_interfaces.py b/nova/policies/virtual_interfaces.py index de0bba527a24..184976f275b1 100644 --- a/nova/policies/virtual_interfaces.py +++ b/nova/policies/virtual_interfaces.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-virtual-interfaces' virtual_interfaces_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """List Virtual Interfaces. diff --git a/nova/policies/volumes.py b/nova/policies/volumes.py index 5cfc71535b7f..3fbf637c8fca 100644 --- a/nova/policies/volumes.py +++ b/nova/policies/volumes.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-volumes' volumes_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( BASE_POLICY_NAME, base.RULE_ADMIN_OR_OWNER, """Manages volumes for use with the Compute API. diff --git a/nova/policies/volumes_attachments.py b/nova/policies/volumes_attachments.py index 11737cc55a6d..792735658006 100644 --- a/nova/policies/volumes_attachments.py +++ b/nova/policies/volumes_attachments.py @@ -13,6 +13,8 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_policy import policy + from nova.policies import base @@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-volumes-attachments:%s' volumes_attachments_policies = [ - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'index', base.RULE_ADMIN_OR_OWNER, "List volume attachments for an instance", @@ -29,7 +31,7 @@ volumes_attachments_policies = [ 'path': '/servers/{server_id}/os-volume_attachments' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'create', base.RULE_ADMIN_OR_OWNER, "Attach a volume to an instance", @@ -39,7 +41,7 @@ volumes_attachments_policies = [ 'path': '/servers/{server_id}/os-volume_attachments' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'show', base.RULE_ADMIN_OR_OWNER, "Show details of a volume attachment", @@ -50,7 +52,7 @@ volumes_attachments_policies = [ '/servers/{server_id}/os-volume_attachments/{attachment_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'update', base.RULE_ADMIN_API, "Update a volume attachment", @@ -61,7 +63,7 @@ volumes_attachments_policies = [ '/servers/{server_id}/os-volume_attachments/{attachment_id}' } ]), - base.create_rule_default( + policy.DocumentedRuleDefault( POLICY_ROOT % 'delete', base.RULE_ADMIN_OR_OWNER, "Detach a volume from an instance",