Add Cheesecake APIs to policy.json file
These replication v2.1 APIs are not enforced by the cinder policy.json file. This patch adds policy and the code to support applying this policy action. "volume:failover_host": "rule:admin_api", "volume:freeze_host": "rule:admin_api", "volume:thaw_host": "rule:admin_api", Also these methods create a completely new context instead of doing context.elevated(). It's better to preserve the information that already there. Change-Id: Ib577e902cda634ae2bd813edd9e39e022f23fde1 Closes-Bug: #1578722
This commit is contained in:
parent
8091e9f737
commit
01c6f681f9
|
@ -33,10 +33,9 @@
|
|||
"volume:update_readonly_flag": "",
|
||||
"volume:retype": "",
|
||||
"volume:copy_volume_to_image": "",
|
||||
"volume:enable_replication": "rule:admin_api",
|
||||
"volume:disable_replication": "rule:admin_api",
|
||||
"volume:failover_replication": "rule:admin_api",
|
||||
"volume:list_replication_targets": "rule:admin_api",
|
||||
"volume:failover_host": "rule:admin_api",
|
||||
"volume:freeze_host": "rule:admin_api",
|
||||
"volume:thaw_host": "rule:admin_api",
|
||||
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
|
||||
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
|
||||
"volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
|
||||
|
|
|
@ -1618,7 +1618,8 @@ class API(base.Base):
|
|||
host,
|
||||
secondary_id=None):
|
||||
|
||||
ctxt = context.get_admin_context()
|
||||
check_policy(ctxt, 'failover_host')
|
||||
ctxt = ctxt if ctxt.is_admin else ctxt.elevated()
|
||||
svc_host = volume_utils.extract_host(host, 'backend')
|
||||
|
||||
service = objects.Service.get_by_args(
|
||||
|
@ -1639,7 +1640,8 @@ class API(base.Base):
|
|||
|
||||
def freeze_host(self, ctxt, host):
|
||||
|
||||
ctxt = context.get_admin_context()
|
||||
check_policy(ctxt, 'freeze_host')
|
||||
ctxt = ctxt if ctxt.is_admin else ctxt.elevated()
|
||||
svc_host = volume_utils.extract_host(host, 'backend')
|
||||
|
||||
service = objects.Service.get_by_args(
|
||||
|
@ -1659,7 +1661,8 @@ class API(base.Base):
|
|||
|
||||
def thaw_host(self, ctxt, host):
|
||||
|
||||
ctxt = context.get_admin_context()
|
||||
check_policy(ctxt, 'thaw_host')
|
||||
ctxt = ctxt if ctxt.is_admin else ctxt.elevated()
|
||||
svc_host = volume_utils.extract_host(host, 'backend')
|
||||
|
||||
service = objects.Service.get_by_args(
|
||||
|
|
|
@ -74,10 +74,9 @@
|
|||
"volume_extension:replication:promote": "rule:admin_api",
|
||||
"volume_extension:replication:reenable": "rule:admin_api",
|
||||
|
||||
"volume:enable_replication": "rule:admin_api",
|
||||
"volume:disable_replication": "rule:admin_api",
|
||||
"volume:failover_replication": "rule:admin_api",
|
||||
"volume:list_replication_targets": "rule:admin_api",
|
||||
"volume:failover_host": "rule:admin_api",
|
||||
"volume:freeze_host": "rule:admin_api",
|
||||
"volume:thaw_host": "rule:admin_api",
|
||||
|
||||
"backup:create" : "",
|
||||
"backup:delete": "rule:admin_or_owner",
|
||||
|
|
Loading…
Reference in New Issue