Consistent policies
All of the documentation for these is going into user-facing docs, so clean them up accordingly. Change-Id: I5f9c284525bac773a897b7acc3773ac5851b9632 Implements: blueprint policy-docs
This commit is contained in:
parent
56c4d684bf
commit
6f8fe3cb14
|
@ -35,7 +35,7 @@ aggregates_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'add_host',
|
||||
base.RULE_ADMIN_API,
|
||||
"Add a host to an aggregate.",
|
||||
"Add a host to an aggregate",
|
||||
[
|
||||
{
|
||||
'path': '/os-aggregates/{aggregate_id}/action (add_host)',
|
||||
|
@ -95,7 +95,7 @@ aggregates_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_API,
|
||||
"Show details for an aggregate.",
|
||||
"Show details for an aggregate",
|
||||
[
|
||||
{
|
||||
'path': '/os-aggregates/{aggregate_id}',
|
||||
|
|
|
@ -26,8 +26,8 @@ attach_interfaces_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"List port interfaces or show details of a port \
|
||||
interface attached to a server",
|
||||
"List port interfaces or show details of a port interface attached "
|
||||
"to a server",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
@ -41,7 +41,7 @@ interface attached to a server",
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Attach an interface to a server',
|
||||
"Attach an interface to a server",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
@ -51,7 +51,7 @@ interface attached to a server",
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'delete',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Detach an interface from a server',
|
||||
"Detach an interface from a server",
|
||||
[
|
||||
{
|
||||
'method': 'DELETE',
|
||||
|
|
|
@ -25,7 +25,7 @@ availability_zone_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'list',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Lists availability zone information without host information",
|
||||
"List availability zone information without host information",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
@ -35,7 +35,7 @@ availability_zone_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'detail',
|
||||
base.RULE_ADMIN_API,
|
||||
"Lists detailed availability zone information with host information",
|
||||
"List detailed availability zone information with host information",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -46,7 +46,7 @@ cells_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
'List and get detailed info of a given cell or all cells',
|
||||
'List and show detailed info for a given cell or all cells',
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ config_drive_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Add 'config_drive' attribute in the server response.""",
|
||||
"Add 'config_drive' attribute in the server response",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,8 +25,8 @@ console_auth_tokens_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
'Show console connection information for a given console \
|
||||
authentication token',
|
||||
"Show console connection information for a given console "
|
||||
"authentication token",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,8 +25,8 @@ deferred_delete_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
'Restore a soft deleted server or force delete a server before \
|
||||
deferred cleanup',
|
||||
"Restore a soft deleted server or force delete a server before "
|
||||
"deferred cleanup",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
|
|
@ -25,7 +25,7 @@ extended_availability_zone_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Add `OS-EXT-AZ:availability_zone` into the server response.",
|
||||
"Add `OS-EXT-AZ:availability_zone` into the server response",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -28,15 +28,16 @@ extended_server_attributes_policies = [
|
|||
"""Return extended attributes for server.
|
||||
|
||||
This rule will control the visibility for a set of servers attributes:
|
||||
OS-EXT-SRV-ATTR:host
|
||||
OS-EXT-SRV-ATTR:instance_name
|
||||
OS-EXT-SRV-ATTR:reservation_id (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:launch_index (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:hostname (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:kernel_id (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:ramdisk_id (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:root_device_name (since microversion 2.3)
|
||||
OS-EXT-SRV-ATTR:user_data (since microversion 2.3)""",
|
||||
|
||||
- OS-EXT-SRV-ATTR:host
|
||||
- OS-EXT-SRV-ATTR:instance_name
|
||||
- OS-EXT-SRV-ATTR:reservation_id (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:launch_index (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:hostname (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:kernel_id (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:ramdisk_id (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:root_device_name (since microversion 2.3)
|
||||
- OS-EXT-SRV-ATTR:user_data (since microversion 2.3)""",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -28,9 +28,10 @@ extended_status_policies = [
|
|||
"""Return extended status in the response of server.
|
||||
|
||||
This policy will control the visibility for a set of attributes:
|
||||
OS-EXT-STS:task_state
|
||||
OS-EXT-STS:vm_state
|
||||
OS-EXT-STS:power_state
|
||||
|
||||
- OS-EXT-STS:task_state
|
||||
- OS-EXT-STS:vm_state
|
||||
- OS-EXT-STS:power_state
|
||||
""",
|
||||
[
|
||||
{
|
||||
|
|
|
@ -26,7 +26,7 @@ extended_volumes_policies = [
|
|||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Return 'os-extended-volumes:volumes_attached' in the response of "
|
||||
"server.",
|
||||
"server",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,8 +25,8 @@ extensions_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Lists available extensions and shows information for an extension "
|
||||
"by alias.",
|
||||
"List available extensions and show information for an extension "
|
||||
"by alias",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ fixed_ips_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Shows details for, reserve and unreserve a fixed IP address.
|
||||
"""Show details for, reserve and unreserve a fixed IP address.
|
||||
|
||||
These APIs are only available with nova-network which is deprecated.""",
|
||||
[
|
||||
|
|
|
@ -47,7 +47,7 @@ flavor_access_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Allow the listing of flavor access information
|
||||
"""List flavor access information
|
||||
|
||||
Adds the os-flavor-access:is_public key into several flavor APIs.
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ flavor_rxtx_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Adds the rxtx_factor key into some Flavor APIs",
|
||||
"Add the rxtx_factor key into some Flavor APIs",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ hosts_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""List, Show and Manage physical hosts.
|
||||
"""List, show and manage physical hosts.
|
||||
|
||||
These APIs are all deprecated in favor of os-hypervisors and os-services.""",
|
||||
[
|
||||
|
|
|
@ -29,12 +29,11 @@ hypervisors_policies = [
|
|||
|
||||
This rule will be checked for the following APIs:
|
||||
|
||||
List all hypervisors, list all hypervisors with details, show
|
||||
summary statistics for all hypervisors over all compute nodes,
|
||||
show details for a hypervisor, show the uptime of a hypervisor,
|
||||
search hypervisor by hypervisor_hostname pattern and list all
|
||||
servers on hypervisors that can match the provided hypervisor_hostname
|
||||
pattern.""",
|
||||
List all hypervisors, list all hypervisors with details, show summary
|
||||
statistics for all hypervisors over all compute nodes, show details for a
|
||||
hypervisor, show the uptime of a hypervisor, search hypervisor by
|
||||
hypervisor_hostname pattern and list all servers on hypervisors that can match
|
||||
the provided hypervisor_hostname pattern.""",
|
||||
[
|
||||
{
|
||||
'path': '/os-hypervisors',
|
||||
|
|
|
@ -25,8 +25,9 @@ instance_usage_audit_log_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists all usage audits and that occurred before a specified time
|
||||
for all servers on all compute hosts where usage auditing is configured.""",
|
||||
"List all usage audits and that occurred before a specified time "
|
||||
"for all servers on all compute hosts where usage auditing is "
|
||||
"configured",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ ips_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Shows IP addresses details for a network label of a server.""",
|
||||
"Show IP addresses details for a network label of a server",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
@ -35,7 +35,7 @@ ips_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'index',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Lists IP addresses that are assigned to a server.""",
|
||||
"List IP addresses that are assigned to a server",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ limits_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Shows rate and absolute limits for the project.""",
|
||||
"Show rate and absolute limits for the project",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -49,8 +49,8 @@ lock_server_policies = [
|
|||
base.RULE_ADMIN_API,
|
||||
"""Unlock a server, regardless who locked the server.
|
||||
|
||||
This check is performed only after the check
|
||||
os_compute_api:os-lock-server:unlock passes""",
|
||||
This check is performed only after the check
|
||||
os_compute_api:os-lock-server:unlock passes""",
|
||||
[
|
||||
{
|
||||
'path': '/servers/{server_id}/action (unlock)',
|
||||
|
|
|
@ -25,7 +25,7 @@ multinic_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Adds or Removes a fixed IP address from a server.
|
||||
"""Add or remove a fixed IP address from a server.
|
||||
|
||||
These APIs are proxy calls to the Network service. These are all
|
||||
deprecated.""",
|
||||
|
|
|
@ -25,7 +25,7 @@ networks_associate_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Associates and Disassociates a network from a host or project.
|
||||
"""Associate or disassociate a network from a host or project.
|
||||
|
||||
These APIs are only available with nova-network which is deprecated.""",
|
||||
[
|
||||
|
|
|
@ -25,7 +25,7 @@ pause_server_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'pause',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Pause a server.",
|
||||
"Pause a server",
|
||||
[
|
||||
{
|
||||
'path': '/servers/{server_id}/action (pause)',
|
||||
|
@ -36,7 +36,7 @@ pause_server_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unpause',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Unpause a paused server.",
|
||||
"Unpause a paused server",
|
||||
[
|
||||
{
|
||||
'path': '/servers/{server_id}/action (unpause)',
|
||||
|
|
|
@ -25,7 +25,7 @@ remote_consoles_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Generates a URL to access remove server console",
|
||||
"Generate a URL to access remove server console",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
|
|
@ -25,10 +25,10 @@ security_group_default_rules_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists, shows information for, creates and deletes default security
|
||||
"""List, show information for, create, or delete default security
|
||||
group rules.
|
||||
|
||||
These API's are only available with nova-network which is now deprecated.""",
|
||||
These APIs are only available with nova-network which is now deprecated.""",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,12 +25,12 @@ security_groups_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""This policy checks permission on security groups related APIs.
|
||||
"""List, show, add, or remove security groups.
|
||||
|
||||
APIs which are directly related to security groups resource are deprecated:
|
||||
Lists, shows information for, creates, updates and deletes
|
||||
security groups. Creates and deletes security group rules. All these
|
||||
API's are deprecated.
|
||||
APIs are deprecated.
|
||||
|
||||
APIs which are related to server resource are not deprecated:
|
||||
Lists Security Groups for a server. Add Security Group to a server
|
||||
|
|
|
@ -25,7 +25,7 @@ server_diagnostics_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Shows the usage data for a server",
|
||||
"Show the usage data for a server",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ server_external_events_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
"Creates one or more external events",
|
||||
"Create one or more external events",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
|
|
@ -25,10 +25,10 @@ services_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Lists all running Compute services in a region, enables \
|
||||
or disables scheduling for a Compute service, logs disabled Compute service \
|
||||
information, set or unset forced_down flag for the compute service and \
|
||||
deletes a Compute service.""",
|
||||
"List all running Compute services in a region, enables or disable "
|
||||
"scheduling for a Compute service, logs disabled Compute service "
|
||||
"information, set or unset forced_down flag for the compute service "
|
||||
"and delete a Compute service",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,7 +25,7 @@ shelve_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'shelve',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Shelve Server",
|
||||
"Shelve server",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
@ -35,7 +35,7 @@ shelve_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'unshelve',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Unshelve (Restore) Shelved Server",
|
||||
"Unshelve (restore) shelved server",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
@ -45,7 +45,7 @@ shelve_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'shelve_offload',
|
||||
base.RULE_ADMIN_API,
|
||||
"Shelf-Offload (Remove) Server",
|
||||
"Shelf-offload (remove) server",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
|
|
|
@ -25,7 +25,7 @@ simple_tenant_usage_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'show',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Show usage statistics for a specific tenant.",
|
||||
"Show usage statistics for a specific tenant",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
@ -35,7 +35,7 @@ simple_tenant_usage_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
POLICY_ROOT % 'list',
|
||||
base.RULE_ADMIN_API,
|
||||
"List per tenant usage statistics for all tenants.",
|
||||
"List per tenant usage statistics for all tenants",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
|
|
|
@ -25,8 +25,7 @@ tenant_networks_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Creates, lists, shows information for, and deletes
|
||||
project networks.
|
||||
"""Create, list, show information for, and delete project networks.
|
||||
|
||||
These APIs are proxy calls to the Network service. These are all
|
||||
deprecated.""",
|
||||
|
|
|
@ -27,7 +27,7 @@ used_limits_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"""Shows rate and absolute limits for the project.
|
||||
"""Show rate and absolute limits for the project.
|
||||
|
||||
This policy only checks if the user has access to the requested
|
||||
project limits. And this check is performed only after the check
|
||||
|
|
|
@ -25,7 +25,7 @@ virtual_interfaces_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""List Virtual Interfaces.
|
||||
"""List virtual interfaces.
|
||||
|
||||
This works only with the nova-network service, which is now deprecated""",
|
||||
[
|
||||
|
|
|
@ -25,7 +25,7 @@ volumes_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Manages volumes for use with the Compute API.
|
||||
"""Manage volumes for use with the Compute API.
|
||||
|
||||
Lists, shows details, creates, and deletes volumes and snapshots. These APIs
|
||||
are proxy calls to the Volume service. These are all deprecated.
|
||||
|
|
Loading…
Reference in New Issue