Rename and move the v2.1 api policy into separated files
This patch rename the v2.1 api policy with 'os_compute_api' prefix, that used to distinguish with v2 and ec2 API. And also move all v2.1 api policy rule out of policy.conf. Partially implements bp v3-api-policy Depends-On: Iec23b095176332414faf76a9c329f8bb5f3aa6c3 Change-Id: Id8e1e84cd3717dfd0a3b3f80acec50f96c205251
This commit is contained in:
He Jie Xu
Sean Dague
parent
5b8e156782
commit
e03cfed720
|
|
@ -0,0 +1,10 @@
|
|||
Currently nova support policy.d directory. The default policy rules can be
|
||||
overrided by add file into policy.d and the files in the policy.d are loaded
|
||||
by alphabetical order.
|
||||
|
||||
There are some default policy file at here:
|
||||
|
||||
* etc/nova/policy.json: includes the common and legacy policy rules. Those
|
||||
legacy rules are used by EC2 and Nova V2 API.
|
||||
* etc/nova/policy.d/00-os-compute-api.json: only includes the policy rules
|
||||
for Nova V2.1 API.
|
||||
|
|
@ -0,0 +1,204 @@
|
|||
{
|
||||
"os_compute_api:servers:start": "rule:admin_or_owner",
|
||||
"os_compute_api:servers:stop": "rule:admin_or_owner",
|
||||
"os_compute_api:os-access-ips:discoverable": "",
|
||||
"os_compute_api:os-access-ips": "",
|
||||
"os_compute_api:os-admin-actions": "rule:admin_api",
|
||||
"os_compute_api:os-admin-actions:discoverable": "",
|
||||
"os_compute_api:os-admin-actions:reset_network": "rule:admin_api",
|
||||
"os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api",
|
||||
"os_compute_api:os-admin-actions:reset_state": "rule:admin_api",
|
||||
"os_compute_api:os-admin-password": "",
|
||||
"os_compute_api:os-admin-password:discoverable": "",
|
||||
"os_compute_api:os-aggregates:discoverable": "",
|
||||
"os_compute_api:os-aggregates:index": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:create": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:show": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:update": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:delete": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:add_host": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:remove_host": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
|
||||
"os_compute_api:os-agents": "rule:admin_api",
|
||||
"os_compute_api:os-agents:discoverable": "",
|
||||
"os_compute_api:os-attach-interfaces": "",
|
||||
"os_compute_api:os-attach-interfaces:discoverable": "",
|
||||
"os_compute_api:os-baremetal-nodes": "rule:admin_api",
|
||||
"os_compute_api:os-baremetal-nodes:discoverable": "",
|
||||
"os_compute_api:os-block-device-mapping-v1:discoverable": "",
|
||||
"os_compute_api:os-cells": "rule:admin_api",
|
||||
"os_compute_api:os-cells:create": "rule:admin_api",
|
||||
"os_compute_api:os-cells:delete": "rule:admin_api",
|
||||
"os_compute_api:os-cells:update": "rule:admin_api",
|
||||
"os_compute_api:os-cells:sync_instances": "rule:admin_api",
|
||||
"os_compute_api:os-cells:discoverable": "",
|
||||
"os_compute_api:os-certificates:create": "",
|
||||
"os_compute_api:os-certificates:show": "",
|
||||
"os_compute_api:os-certificates:discoverable": "",
|
||||
"os_compute_api:os-cloudpipe": "rule:admin_api",
|
||||
"os_compute_api:os-cloudpipe:discoverable": "",
|
||||
"os_compute_api:os-consoles:discoverable": "",
|
||||
"os_compute_api:os-console-output:discoverable": "",
|
||||
"os_compute_api:os-console-output": "",
|
||||
"os_compute_api:os-remote-consoles": "",
|
||||
"os_compute_api:os-remote-consoles:discoverable": "",
|
||||
"os_compute_api:os-create-backup:discoverable": "",
|
||||
"os_compute_api:os-create-backup": "rule:admin_or_owner",
|
||||
"os_compute_api:os-deferred-delete": "",
|
||||
"os_compute_api:os-deferred-delete:discoverable": "",
|
||||
"os_compute_api:os-disk-config": "",
|
||||
"os_compute_api:os-disk-config:discoverable": "",
|
||||
"os_compute_api:os-evacuate": "rule:admin_api",
|
||||
"os_compute_api:os-evacuate:discoverable": "",
|
||||
"os_compute_api:os-extended-server-attributes": "rule:admin_api",
|
||||
"os_compute_api:os-extended-server-attributes:discoverable": "",
|
||||
"os_compute_api:os-extended-status": "",
|
||||
"os_compute_api:os-extended-status:discoverable": "",
|
||||
"os_compute_api:os-extended-availability-zone": "",
|
||||
"os_compute_api:os-extended-availability-zone:discoverable": "",
|
||||
"os_compute_api:extension_info:discoverable": "",
|
||||
"os_compute_api:os-extended-volumes": "",
|
||||
"os_compute_api:os-extended-volumes:discoverable": "",
|
||||
"os_compute_api:os-fixed-ips": "rule:admin_api",
|
||||
"os_compute_api:os-fixed-ips:discoverable": "",
|
||||
"os_compute_api:os-flavor-access": "",
|
||||
"os_compute_api:os-flavor-access:discoverable": "",
|
||||
"os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api",
|
||||
"os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api",
|
||||
"os_compute_api:os-flavor-rxtx": "",
|
||||
"os_compute_api:os-flavor-rxtx:discoverable": "",
|
||||
"os_compute_api:flavors:discoverable": "",
|
||||
"os_compute_api:os-flavor-extra-specs:discoverable": "",
|
||||
"os_compute_api:os-flavor-extra-specs:index": "",
|
||||
"os_compute_api:os-flavor-extra-specs:show": "",
|
||||
"os_compute_api:os-flavor-extra-specs:create": "rule:admin_api",
|
||||
"os_compute_api:os-flavor-extra-specs:update": "rule:admin_api",
|
||||
"os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api",
|
||||
"os_compute_api:os-flavor-manage:discoverable": "",
|
||||
"os_compute_api:os-flavor-manage": "rule:admin_api",
|
||||
"os_compute_api:os-floating-ip-dns": "",
|
||||
"os_compute_api:os-floating-ip-dns:discoverable": "",
|
||||
"os_compute_api:os-floating-ip-pools": "",
|
||||
"os_compute_api:os-floating-ip-pools:discoverable": "",
|
||||
"os_compute_api:os-floating-ips": "",
|
||||
"os_compute_api:os-floating-ips:discoverable": "",
|
||||
"os_compute_api:os-floating-ips-bulk": "rule:admin_api",
|
||||
"os_compute_api:os-floating-ips-bulk:discoverable": "",
|
||||
"os_compute_api:os-fping": "",
|
||||
"os_compute_api:os-fping:discoverable": "",
|
||||
"os_compute_api:os-fping:all_tenants": "rule:admin_api",
|
||||
"os_compute_api:os-hide-server-addresses": "is_admin:False",
|
||||
"os_compute_api:os-hide-server-addresses:discoverable": "",
|
||||
"os_compute_api:os-hosts": "rule:admin_api",
|
||||
"os_compute_api:os-hosts:discoverable": "",
|
||||
"os_compute_api:os-hypervisors": "rule:admin_api",
|
||||
"os_compute_api:os-hypervisors:discoverable": "",
|
||||
"os_compute_api:images:discoverable": "",
|
||||
"os_compute_api:image-size": "",
|
||||
"os_compute_api:image-size:discoverable": "",
|
||||
"os_compute_api:os-instance-actions": "",
|
||||
"os_compute_api:os-instance-actions:discoverable": "",
|
||||
"os_compute_api:os-instance-actions:events": "rule:admin_api",
|
||||
"os_compute_api:os-instance-usage-audit-log": "rule:admin_api",
|
||||
"os_compute_api:os-instance-usage-audit-log:discoverable": "",
|
||||
"os_compute_api:ips:discoverable": "",
|
||||
"os_compute_api:ips:index": "rule:admin_or_owner",
|
||||
"os_compute_api:ips:show": "rule:admin_or_owner",
|
||||
"os_compute_api:os-keypairs:discoverable": "",
|
||||
"os_compute_api:os-keypairs": "",
|
||||
"os_compute_api:os-keypairs:index": "",
|
||||
"os_compute_api:os-keypairs:show": "",
|
||||
"os_compute_api:os-keypairs:create": "",
|
||||
"os_compute_api:os-keypairs:delete": "",
|
||||
"os_compute_api:limits:discoverable": "",
|
||||
"os_compute_api:os-lock-server:discoverable": "",
|
||||
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
|
||||
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
|
||||
"os_compute_api:os-migrate-server:discoverable": "",
|
||||
"os_compute_api:os-migrate-server:migrate": "rule:admin_api",
|
||||
"os_compute_api:os-migrate-server:migrate_live": "rule:admin_api",
|
||||
"os_compute_api:os-multinic": "",
|
||||
"os_compute_api:os-multinic:discoverable": "",
|
||||
"os_compute_api:os-networks": "rule:admin_api",
|
||||
"os_compute_api:os-networks:view": "",
|
||||
"os_compute_api:os-networks:discoverable": "",
|
||||
"os_compute_api:os-networks-associate": "rule:admin_api",
|
||||
"os_compute_api:os-networks-associate:discoverable": "",
|
||||
"os_compute_api:os-pause-server:discoverable": "",
|
||||
"os_compute_api:os-pause-server:pause": "rule:admin_or_owner",
|
||||
"os_compute_api:os-pause-server:unpause": "rule:admin_or_owner",
|
||||
"os_compute_api:os-pci:pci_servers": "",
|
||||
"os_compute_api:os-pci:discoverable": "",
|
||||
"os_compute_api:os-pci:index": "rule:admin_api",
|
||||
"os_compute_api:os-pci:detail": "rule:admin_api",
|
||||
"os_compute_api:os-pci:show": "rule:admin_api",
|
||||
"os_compute_api:os-personality:discoverable": "",
|
||||
"os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "",
|
||||
"os_compute_api:os-quota-sets:discoverable": "",
|
||||
"os_compute_api:os-quota-sets:show": "",
|
||||
"os_compute_api:os-quota-sets:update": "rule:admin_api",
|
||||
"os_compute_api:os-quota-sets:delete": "rule:admin_api",
|
||||
"os_compute_api:os-quota-sets:detail": "rule:admin_api",
|
||||
"os_compute_api:os-quota-class-sets": "",
|
||||
"os_compute_api:os-quota-class-sets:discoverable": "",
|
||||
"os_compute_api:os-rescue": "",
|
||||
"os_compute_api:os-rescue:discoverable": "",
|
||||
"os_compute_api:os-scheduler-hints:discoverable": "",
|
||||
"os_compute_api:os-security-group-default-rules:discoverable": "",
|
||||
"os_compute_api:os-security-group-default-rules": "rule:admin_api",
|
||||
"os_compute_api:os-security-groups": "",
|
||||
"os_compute_api:os-security-groups:discoverable": "",
|
||||
"os_compute_api:os-server-diagnostics": "rule:admin_api",
|
||||
"os_compute_api:os-server-diagnostics:discoverable": "",
|
||||
"os_compute_api:os-server-password": "",
|
||||
"os_compute_api:os-server-password:discoverable": "",
|
||||
"os_compute_api:os-server-usage": "",
|
||||
"os_compute_api:os-server-usage:discoverable": "",
|
||||
"os_compute_api:os-server-groups": "",
|
||||
"os_compute_api:os-server-groups:discoverable": "",
|
||||
"os_compute_api:os-services": "rule:admin_api",
|
||||
"os_compute_api:os-services:discoverable": "",
|
||||
"os_compute_api:server-metadata:discoverable": "",
|
||||
"os_compute_api:server-metadata:index": "rule:admin_or_owner",
|
||||
"os_compute_api:server-metadata:show": "rule:admin_or_owner",
|
||||
"os_compute_api:server-metadata:delete": "rule:admin_or_owner",
|
||||
"os_compute_api:server-metadata:create": "rule:admin_or_owner",
|
||||
"os_compute_api:server-metadata:update": "rule:admin_or_owner",
|
||||
"os_compute_api:server-metadata:update_all": "rule:admin_or_owner",
|
||||
"os_compute_api:servers:discoverable": "",
|
||||
"os_compute_api:os-shelve:shelve": "",
|
||||
"os_compute_api:os-shelve:shelve:discoverable": "",
|
||||
"os_compute_api:os-shelve:shelve_offload": "rule:admin_api",
|
||||
"os_compute_api:os-simple-tenant-usage:discoverable": "",
|
||||
"os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner",
|
||||
"os_compute_api:os-simple-tenant-usage:list": "rule:admin_api",
|
||||
"os_compute_api:os-suspend-server:discoverable": "",
|
||||
"os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner",
|
||||
"os_compute_api:os-suspend-server:resume": "rule:admin_or_owner",
|
||||
"os_compute_api:os-tenant-networks": "rule:admin_or_owner",
|
||||
"os_compute_api:os-tenant-networks:discoverable": "",
|
||||
"os_compute_api:os-shelve:unshelve": "",
|
||||
"os_compute_api:os-user-data:discoverable": "",
|
||||
"os_compute_api:os-virtual-interfaces": "",
|
||||
"os_compute_api:os-virtual-interfaces:discoverable": "",
|
||||
"os_compute_api:os-volumes": "",
|
||||
"os_compute_api:os-volumes:discoverable": "",
|
||||
"os_compute_api:os-volumes-attachments:index": "",
|
||||
"os_compute_api:os-volumes-attachments:show": "",
|
||||
"os_compute_api:os-volumes-attachments:create": "",
|
||||
"os_compute_api:os-volumes-attachments:update": "",
|
||||
"os_compute_api:os-volumes-attachments:delete": "",
|
||||
"os_compute_api:os-volumes-attachments:discoverable": "",
|
||||
"os_compute_api:os-availability-zone:list": "",
|
||||
"os_compute_api:os-availability-zone:discoverable": "",
|
||||
"os_compute_api:os-availability-zone:detail": "rule:admin_api",
|
||||
"os_compute_api:os-used-limits": "rule:admin_api",
|
||||
"os_compute_api:os-used-limits:discoverable": "",
|
||||
"os_compute_api:os-migrations:index": "rule:admin_api",
|
||||
"os_compute_api:os-migrations:discoverable": "",
|
||||
"os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api",
|
||||
"os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
|
||||
"os_compute_api:os-assisted-volume-snapshots:discoverable": "",
|
||||
"os_compute_api:os-console-auth-tokens": "rule:admin_api",
|
||||
"os_compute_api:os-server-external-events:create": "rule:admin_api"
|
||||
}
|
||||
|
|
@ -28,27 +28,6 @@
|
|||
"compute:volume_snapshot_delete": "",
|
||||
|
||||
"admin_api": "is_admin:True",
|
||||
"compute:v3:servers:confirm_resize": "rule:admin_or_owner",
|
||||
"compute:v3:servers:create": "",
|
||||
"compute:v3:servers:create:attach_network": "",
|
||||
"compute:v3:servers:create:attach_volume": "",
|
||||
"compute:v3:servers:create:forced_host": "",
|
||||
"compute:v3:servers:delete": "rule:admin_or_owner",
|
||||
"compute:v3:servers:detail": "rule:admin_or_owner",
|
||||
"compute:v3:servers:detail:get_all_tenants": "rule:admin_api",
|
||||
"compute:v3:servers:index": "rule:admin_or_owner",
|
||||
"compute:v3:servers:index:get_all_tenants": "rule:admin_api",
|
||||
"compute:v3:servers:reboot": "rule:admin_or_owner",
|
||||
"compute:v3:servers:rebuild": "rule:admin_or_owner",
|
||||
"compute:v3:servers:resize": "rule:admin_or_owner",
|
||||
"compute:v3:servers:revert_resize": "rule:admin_or_owner",
|
||||
"compute:v3:servers:show": "rule:admin_or_owner",
|
||||
"compute:v3:servers:create_image": "rule:admin_or_owner",
|
||||
"compute:v3:servers:update": "rule:admin_or_owner",
|
||||
"compute:v3:servers:start": "rule:admin_or_owner",
|
||||
"compute:v3:servers:stop": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-access-ips:discoverable": "",
|
||||
"compute_extension:v3:os-access-ips": "",
|
||||
"compute_extension:accounts": "rule:admin_api",
|
||||
"compute_extension:admin_actions": "rule:admin_api",
|
||||
"compute_extension:admin_actions:pause": "rule:admin_or_owner",
|
||||
|
|
@ -63,101 +42,37 @@
|
|||
"compute_extension:admin_actions:migrateLive": "rule:admin_api",
|
||||
"compute_extension:admin_actions:resetState": "rule:admin_api",
|
||||
"compute_extension:admin_actions:migrate": "rule:admin_api",
|
||||
"compute_extension:v3:os-admin-actions": "rule:admin_api",
|
||||
"compute_extension:v3:os-admin-actions:discoverable": "",
|
||||
"compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api",
|
||||
"compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api",
|
||||
"compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api",
|
||||
"compute_extension:v3:os-admin-password": "",
|
||||
"compute_extension:v3:os-admin-password:discoverable": "",
|
||||
"compute_extension:aggregates": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:discoverable": "",
|
||||
"compute_extension:v3:os-aggregates:index": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:show": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:add_host": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:remove_host": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api",
|
||||
"compute_extension:agents": "rule:admin_api",
|
||||
"compute_extension:v3:os-agents": "rule:admin_api",
|
||||
"compute_extension:v3:os-agents:discoverable": "",
|
||||
"compute_extension:attach_interfaces": "",
|
||||
"compute_extension:v3:os-attach-interfaces": "",
|
||||
"compute_extension:v3:os-attach-interfaces:discoverable": "",
|
||||
"compute_extension:baremetal_nodes": "rule:admin_api",
|
||||
"compute_extension:v3:os-baremetal-nodes": "rule:admin_api",
|
||||
"compute_extension:v3:os-baremetal-nodes:discoverable": "",
|
||||
"compute_extension:v3:os-block-device-mapping-v1:discoverable": "",
|
||||
"compute_extension:cells": "rule:admin_api",
|
||||
"compute_extension:cells:create": "rule:admin_api",
|
||||
"compute_extension:cells:delete": "rule:admin_api",
|
||||
"compute_extension:cells:update": "rule:admin_api",
|
||||
"compute_extension:cells:sync_instances": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:sync_instances": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:discoverable": "",
|
||||
"compute_extension:certificates": "",
|
||||
"compute_extension:v3:os-certificates:create": "",
|
||||
"compute_extension:v3:os-certificates:show": "",
|
||||
"compute_extension:v3:os-certificates:discoverable": "",
|
||||
"compute_extension:cloudpipe": "rule:admin_api",
|
||||
"compute_extension:v3:os-cloudpipe": "rule:admin_api",
|
||||
"compute_extension:v3:os-cloudpipe:discoverable": "",
|
||||
"compute_extension:cloudpipe_update": "rule:admin_api",
|
||||
"compute_extension:console_output": "",
|
||||
"compute_extension:v3:os-consoles:discoverable": "",
|
||||
"compute_extension:v3:os-console-output:discoverable": "",
|
||||
"compute_extension:v3:os-console-output": "",
|
||||
"compute_extension:consoles": "",
|
||||
"compute_extension:v3:os-remote-consoles": "",
|
||||
"compute_extension:v3:os-remote-consoles:discoverable": "",
|
||||
"compute_extension:createserverext": "",
|
||||
"compute_extension:v3:os-create-backup:discoverable": "",
|
||||
"compute_extension:v3:os-create-backup": "rule:admin_or_owner",
|
||||
"compute_extension:deferred_delete": "",
|
||||
"compute_extension:v3:os-deferred-delete": "",
|
||||
"compute_extension:v3:os-deferred-delete:discoverable": "",
|
||||
"compute_extension:disk_config": "",
|
||||
"compute_extension:v3:os-disk-config": "",
|
||||
"compute_extension:v3:os-disk-config:discoverable": "",
|
||||
"compute_extension:evacuate": "rule:admin_api",
|
||||
"compute_extension:v3:os-evacuate": "rule:admin_api",
|
||||
"compute_extension:v3:os-evacuate:discoverable": "",
|
||||
"compute_extension:extended_server_attributes": "rule:admin_api",
|
||||
"compute_extension:v3:os-extended-server-attributes": "rule:admin_api",
|
||||
"compute_extension:v3:os-extended-server-attributes:discoverable": "",
|
||||
"compute_extension:extended_status": "",
|
||||
"compute_extension:v3:os-extended-status": "",
|
||||
"compute_extension:v3:os-extended-status:discoverable": "",
|
||||
"compute_extension:extended_availability_zone": "",
|
||||
"compute_extension:v3:os-extended-availability-zone": "",
|
||||
"compute_extension:v3:os-extended-availability-zone:discoverable": "",
|
||||
"compute_extension:extended_ips": "",
|
||||
"compute_extension:extended_ips_mac": "",
|
||||
"compute_extension:extended_vif_net": "",
|
||||
"compute_extension:v3:extension_info:discoverable": "",
|
||||
"compute_extension:extended_volumes": "",
|
||||
"compute_extension:v3:os-extended-volumes": "",
|
||||
"compute_extension:v3:os-extended-volumes:discoverable": "",
|
||||
"compute_extension:fixed_ips": "rule:admin_api",
|
||||
"compute_extension:v3:os-fixed-ips": "rule:admin_api",
|
||||
"compute_extension:v3:os-fixed-ips:discoverable": "",
|
||||
"compute_extension:flavor_access": "",
|
||||
"compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
|
||||
"compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
|
||||
"compute_extension:v3:os-flavor-access": "",
|
||||
"compute_extension:v3:os-flavor-access:discoverable": "",
|
||||
"compute_extension:v3:os-flavor-access:remove_tenant_access": "rule:admin_api",
|
||||
"compute_extension:v3:os-flavor-access:add_tenant_access": "rule:admin_api",
|
||||
"compute_extension:flavor_disabled": "",
|
||||
"compute_extension:flavor_rxtx": "",
|
||||
"compute_extension:v3:os-flavor-rxtx": "",
|
||||
"compute_extension:v3:os-flavor-rxtx:discoverable": "",
|
||||
"compute_extension:flavor_swap": "",
|
||||
"compute_extension:flavorextradata": "",
|
||||
"compute_extension:flavorextraspecs:index": "",
|
||||
|
|
@ -165,162 +80,48 @@
|
|||
"compute_extension:flavorextraspecs:create": "rule:admin_api",
|
||||
"compute_extension:flavorextraspecs:update": "rule:admin_api",
|
||||
"compute_extension:flavorextraspecs:delete": "rule:admin_api",
|
||||
"compute_extension:v3:flavors:discoverable": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:discoverable": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:index": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:show": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-flavor-extra-specs:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-flavor-extra-specs:delete": "rule:admin_api",
|
||||
"compute_extension:flavormanage": "rule:admin_api",
|
||||
"compute_extension:v3:os-flavor-manage:discoverable": "",
|
||||
"compute_extension:v3:os-flavor-manage": "rule:admin_api",
|
||||
"compute_extension:floating_ip_dns": "",
|
||||
"compute_extension:v3:os-floating-ip-dns": "",
|
||||
"compute_extension:v3:os-floating-ip-dns:discoverable": "",
|
||||
"compute_extension:floating_ip_pools": "",
|
||||
"compute_extension:v3:os-floating-ip-pools": "",
|
||||
"compute_extension:v3:os-floating-ip-pools:discoverable": "",
|
||||
"compute_extension:floating_ips": "",
|
||||
"compute_extension:v3:os-floating-ips": "",
|
||||
"compute_extension:v3:os-floating-ips:discoverable": "",
|
||||
"compute_extension:floating_ips_bulk": "rule:admin_api",
|
||||
"compute_extension:v3:os-floating-ips-bulk": "rule:admin_api",
|
||||
"compute_extension:v3:os-floating-ips-bulk:discoverable": "",
|
||||
"compute_extension:fping": "",
|
||||
"compute_extension:fping:all_tenants": "rule:admin_api",
|
||||
"compute_extension:v3:os-fping": "",
|
||||
"compute_extension:v3:os-fping:discoverable": "",
|
||||
"compute_extension:v3:os-fping:all_tenants": "rule:admin_api",
|
||||
"compute_extension:hide_server_addresses": "is_admin:False",
|
||||
"compute_extension:v3:os-hide-server-addresses": "is_admin:False",
|
||||
"compute_extension:v3:os-hide-server-addresses:discoverable": "",
|
||||
"compute_extension:hosts": "rule:admin_api",
|
||||
"compute_extension:v3:os-hosts": "rule:admin_api",
|
||||
"compute_extension:v3:os-hosts:discoverable": "",
|
||||
"compute_extension:hypervisors": "rule:admin_api",
|
||||
"compute_extension:v3:os-hypervisors": "rule:admin_api",
|
||||
"compute_extension:v3:os-hypervisors:discoverable": "",
|
||||
"compute_extension:image_size": "",
|
||||
"compute_extension:v3:images:discoverable": "",
|
||||
"compute_extension:v3:image-size": "",
|
||||
"compute_extension:v3:image-size:discoverable": "",
|
||||
"compute_extension:instance_actions": "",
|
||||
"compute_extension:v3:os-instance-actions": "",
|
||||
"compute_extension:v3:os-instance-actions:discoverable": "",
|
||||
"compute_extension:instance_actions:events": "rule:admin_api",
|
||||
"compute_extension:v3:os-instance-actions:events": "rule:admin_api",
|
||||
"compute_extension:instance_usage_audit_log": "rule:admin_api",
|
||||
"compute_extension:v3:os-instance-usage-audit-log": "rule:admin_api",
|
||||
"compute_extension:v3:os-instance-usage-audit-log:discoverable": "",
|
||||
"compute_extension:v3:ips:discoverable": "",
|
||||
"compute_extension:v3:ips:index": "rule:admin_or_owner",
|
||||
"compute_extension:v3:ips:show": "rule:admin_or_owner",
|
||||
"compute_extension:keypairs": "",
|
||||
"compute_extension:keypairs:index": "",
|
||||
"compute_extension:keypairs:show": "",
|
||||
"compute_extension:keypairs:create": "",
|
||||
"compute_extension:keypairs:delete": "",
|
||||
"compute_extension:v3:os-keypairs:discoverable": "",
|
||||
"compute_extension:v3:os-keypairs": "",
|
||||
"compute_extension:v3:os-keypairs:index": "",
|
||||
"compute_extension:v3:os-keypairs:show": "",
|
||||
"compute_extension:v3:os-keypairs:create": "",
|
||||
"compute_extension:v3:os-keypairs:delete": "",
|
||||
"compute_extension:v3:limits:discoverable": "",
|
||||
"compute_extension:v3:os-lock-server:discoverable": "",
|
||||
"compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-migrate-server:discoverable": "",
|
||||
"compute_extension:v3:os-migrate-server:migrate": "rule:admin_api",
|
||||
"compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api",
|
||||
"compute_extension:multinic": "",
|
||||
"compute_extension:v3:os-multinic": "",
|
||||
"compute_extension:v3:os-multinic:discoverable": "",
|
||||
"compute_extension:networks": "rule:admin_api",
|
||||
"compute_extension:networks:view": "",
|
||||
"compute_extension:v3:os-networks": "rule:admin_api",
|
||||
"compute_extension:v3:os-networks:view": "",
|
||||
"compute_extension:v3:os-networks:discoverable": "",
|
||||
"compute_extension:networks_associate": "rule:admin_api",
|
||||
"compute_extension:v3:os-networks-associate": "rule:admin_api",
|
||||
"compute_extension:v3:os-networks-associate:discoverable": "",
|
||||
"compute_extension:v3:os-pause-server:discoverable": "",
|
||||
"compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-pci:pci_servers": "",
|
||||
"compute_extension:v3:os-pci:discoverable": "",
|
||||
"compute_extension:v3:os-pci:index": "rule:admin_api",
|
||||
"compute_extension:v3:os-pci:detail": "rule:admin_api",
|
||||
"compute_extension:v3:os-pci:show": "rule:admin_api",
|
||||
"compute_extension:v3:os-personality:discoverable": "",
|
||||
"compute_extension:v3:os-preserve-ephemeral-rebuild:discoverable": "",
|
||||
"compute_extension:quotas:show": "",
|
||||
"compute_extension:quotas:update": "rule:admin_api",
|
||||
"compute_extension:quotas:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-quota-sets:discoverable": "",
|
||||
"compute_extension:v3:os-quota-sets:show": "",
|
||||
"compute_extension:v3:os-quota-sets:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-quota-sets:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-quota-sets:detail": "rule:admin_api",
|
||||
"compute_extension:quota_classes": "",
|
||||
"compute_extension:v3:os-quota-class-sets": "",
|
||||
"compute_extension:v3:os-quota-class-sets:discoverable": "",
|
||||
"compute_extension:rescue": "",
|
||||
"compute_extension:v3:os-rescue": "",
|
||||
"compute_extension:v3:os-rescue:discoverable": "",
|
||||
"compute_extension:v3:os-scheduler-hints:discoverable": "",
|
||||
"compute_extension:security_group_default_rules": "rule:admin_api",
|
||||
"compute_extension:v3:os-security-group-default-rules:discoverable": "",
|
||||
"compute_extension:v3:os-security-group-default-rules": "rule:admin_api",
|
||||
"compute_extension:security_groups": "",
|
||||
"compute_extension:v3:os-security-groups": "",
|
||||
"compute_extension:v3:os-security-groups:discoverable": "",
|
||||
"compute_extension:server_diagnostics": "rule:admin_api",
|
||||
"compute_extension:v3:os-server-diagnostics": "rule:admin_api",
|
||||
"compute_extension:v3:os-server-diagnostics:discoverable": "",
|
||||
"compute_extension:server_groups": "",
|
||||
"compute_extension:server_password": "",
|
||||
"compute_extension:v3:os-server-password": "",
|
||||
"compute_extension:v3:os-server-password:discoverable": "",
|
||||
"compute_extension:server_usage": "",
|
||||
"compute_extension:v3:os-server-usage": "",
|
||||
"compute_extension:v3:os-server-usage:discoverable": "",
|
||||
"compute_extension:v3:os-server-groups": "",
|
||||
"compute_extension:v3:os-server-groups:discoverable": "",
|
||||
"compute_extension:services": "rule:admin_api",
|
||||
"compute_extension:v3:os-services": "rule:admin_api",
|
||||
"compute_extension:v3:os-services:discoverable": "",
|
||||
"compute_extension:v3:server-metadata:discoverable": "",
|
||||
"compute_extension:v3:server-metadata:index": "rule:admin_or_owner",
|
||||
"compute_extension:v3:server-metadata:show": "rule:admin_or_owner",
|
||||
"compute_extension:v3:server-metadata:delete": "rule:admin_or_owner",
|
||||
"compute_extension:v3:server-metadata:create": "rule:admin_or_owner",
|
||||
"compute_extension:v3:server-metadata:update": "rule:admin_or_owner",
|
||||
"compute_extension:v3:server-metadata:update_all": "rule:admin_or_owner",
|
||||
"compute_extension:v3:servers:discoverable": "",
|
||||
"compute_extension:shelve": "",
|
||||
"compute_extension:shelveOffload": "rule:admin_api",
|
||||
"compute_extension:v3:os-shelve:shelve": "",
|
||||
"compute_extension:v3:os-shelve:shelve:discoverable": "",
|
||||
"compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api",
|
||||
"compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-simple-tenant-usage:discoverable": "",
|
||||
"compute_extension:v3:os-simple-tenant-usage:show": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-simple-tenant-usage:list": "rule:admin_api",
|
||||
"compute_extension:v3:os-suspend-server:discoverable": "",
|
||||
"compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-tenant-networks": "rule:admin_or_owner",
|
||||
"compute_extension:v3:os-tenant-networks:discoverable": "",
|
||||
"compute_extension:simple_tenant_usage:list": "rule:admin_api",
|
||||
"compute_extension:unshelve": "",
|
||||
"compute_extension:v3:os-shelve:unshelve": "",
|
||||
"compute_extension:users": "rule:admin_api",
|
||||
"compute_extension:v3:os-user-data:discoverable": "",
|
||||
"compute_extension:virtual_interfaces": "",
|
||||
"compute_extension:v3:os-virtual-interfaces": "",
|
||||
"compute_extension:v3:os-virtual-interfaces:discoverable": "",
|
||||
"compute_extension:virtual_storage_arrays": "",
|
||||
"compute_extension:volumes": "",
|
||||
"compute_extension:volume_attachments:index": "",
|
||||
|
|
@ -328,35 +129,15 @@
|
|||
"compute_extension:volume_attachments:create": "",
|
||||
"compute_extension:volume_attachments:update": "",
|
||||
"compute_extension:volume_attachments:delete": "",
|
||||
"compute_extension:v3:os-volumes": "",
|
||||
"compute_extension:v3:os-volumes:discoverable": "",
|
||||
"compute_extension:v3:os-volumes-attachments:index": "",
|
||||
"compute_extension:v3:os-volumes-attachments:show": "",
|
||||
"compute_extension:v3:os-volumes-attachments:create": "",
|
||||
"compute_extension:v3:os-volumes-attachments:update": "",
|
||||
"compute_extension:v3:os-volumes-attachments:delete": "",
|
||||
"compute_extension:v3:os-volumes-attachments:discoverable": "",
|
||||
"compute_extension:volumetypes": "",
|
||||
"compute_extension:availability_zone:list": "",
|
||||
"compute_extension:v3:os-availability-zone:list": "",
|
||||
"compute_extension:v3:os-availability-zone:discoverable": "",
|
||||
"compute_extension:availability_zone:detail": "rule:admin_api",
|
||||
"compute_extension:v3:os-availability-zone:detail": "rule:admin_api",
|
||||
"compute_extension:used_limits_for_admin": "rule:admin_api",
|
||||
"compute_extension:v3:os-used-limits": "rule:admin_api",
|
||||
"compute_extension:v3:os-used-limits:discoverable": "",
|
||||
"compute_extension:migrations:index": "rule:admin_api",
|
||||
"compute_extension:v3:os-migrations:index": "rule:admin_api",
|
||||
"compute_extension:v3:os-migrations:discoverable": "",
|
||||
"compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
|
||||
"compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-assisted-volume-snapshots:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-assisted-volume-snapshots:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-assisted-volume-snapshots:discoverable": "",
|
||||
"compute_extension:console_auth_tokens": "rule:admin_api",
|
||||
"compute_extension:v3:os-console-auth-tokens": "rule:admin_api",
|
||||
"compute_extension:os-server-external-events:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-server-external-events:create": "rule:admin_api",
|
||||
|
||||
"network:get_all": "",
|
||||
"network:get": "",
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ from nova.api.openstack import extensions
|
|||
from nova.api.openstack import wsgi
|
||||
|
||||
ALIAS = "os-access-ips"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class AccessIPsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ from nova import objects
|
|||
|
||||
|
||||
ALIAS = "os-agents"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class AgentController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ from nova import exception
|
|||
from nova.i18n import _
|
||||
|
||||
ALIAS = "os-aggregates"
|
||||
authorize = extensions.extension_authorizer('compute', "v3:" + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _get_context(req):
|
||||
|
|
|
|||
|
|
@ -24,10 +24,7 @@ from nova import servicegroup
|
|||
CONF = cfg.CONF
|
||||
ALIAS = "os-availability-zone"
|
||||
ATTRIBUTE_NAME = "availability_zone"
|
||||
authorize_list = extensions.extension_authorizer('compute',
|
||||
'v3:' + ALIAS + ':list')
|
||||
authorize_detail = extensions.extension_authorizer('compute',
|
||||
'v3:' + ALIAS + ':detail')
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class AvailabilityZoneController(wsgi.Controller):
|
||||
|
|
@ -106,7 +103,7 @@ class AvailabilityZoneController(wsgi.Controller):
|
|||
def index(self, req):
|
||||
"""Returns a summary list of availability zone."""
|
||||
context = req.environ['nova.context']
|
||||
authorize_list(context)
|
||||
authorize(context, action='list')
|
||||
|
||||
return self._describe_availability_zones(context)
|
||||
|
||||
|
|
@ -114,7 +111,7 @@ class AvailabilityZoneController(wsgi.Controller):
|
|||
def detail(self, req):
|
||||
"""Returns a detailed list of availability zone."""
|
||||
context = req.environ['nova.context']
|
||||
authorize_detail(context)
|
||||
authorize(context, action='detail')
|
||||
|
||||
return self._describe_availability_zones_verbose(context)
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ ironic_exc = importutils.try_import('ironicclient.exc')
|
|||
|
||||
CONF = cfg.CONF
|
||||
ALIAS = "os-baremetal-nodes"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
node_fields = ['id', 'cpus', 'local_gb', 'memory_mb', 'pm_address',
|
||||
'pm_user', 'service_host', 'terminal_port', 'instance_uuid']
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ CONF.import_opt('name', 'nova.cells.opts', group='cells')
|
|||
CONF.import_opt('capabilities', 'nova.cells.opts', group='cells')
|
||||
|
||||
ALIAS = "os-cells"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _filter_keys(item, keys):
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ from nova.i18n import _
|
|||
from nova import network
|
||||
|
||||
ALIAS = "os-certificates"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _translate_certificate_view(certificate, private_key=None):
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ from nova.api.openstack import wsgi
|
|||
|
||||
ALIAS = "os-config-drive"
|
||||
ATTRIBUTE_NAME = "config_drive"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ConfigDriveController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ from nova.consoleauth import rpcapi as consoleauth_rpcapi
|
|||
from nova.i18n import _
|
||||
|
||||
ALIAS = "os-console-auth-tokens"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ConsoleAuthTokensController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ from nova.i18n import _
|
|||
ALIAS = 'os-disk-config'
|
||||
API_DISK_CONFIG = "OS-DCF:diskConfig"
|
||||
INTERNAL_DISK_CONFIG = "auto_disk_config"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
def disk_config_to_api(value):
|
||||
|
|
|
|||
|
|
@ -20,8 +20,7 @@ from nova.api.openstack import wsgi
|
|||
from nova import availability_zones as avail_zone
|
||||
|
||||
ALIAS = "os-extended-availability-zone"
|
||||
authorize = extensions.soft_extension_authorizer('compute',
|
||||
'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
PREFIX = "OS-EXT-AZ"
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ from nova.api.openstack import wsgi
|
|||
|
||||
|
||||
ALIAS = "os-extended-server-attributes"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ExtendedServerAttributesController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from nova.api.openstack import extensions
|
|||
from nova.api.openstack import wsgi
|
||||
|
||||
ALIAS = "os-extended-status"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ExtendedStatusController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -134,8 +134,7 @@ class ExtensionInfoController(wsgi.Controller):
|
|||
|
||||
discoverable_extensions = dict()
|
||||
for alias, ext in self.extension_info.get_extensions().iteritems():
|
||||
authorize = extensions.soft_extension_authorizer(
|
||||
'compute', 'v3:' + alias)
|
||||
authorize = extensions.os_compute_soft_authorizer(alias)
|
||||
if authorize(context, action='discoverable'):
|
||||
discoverable_extensions[alias] = ext
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ from nova.i18n import _
|
|||
from nova import objects
|
||||
|
||||
ALIAS = 'os-fixed-ips'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FixedIPController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -26,9 +26,8 @@ from nova.i18n import _
|
|||
from nova import objects
|
||||
|
||||
ALIAS = 'os-flavor-access'
|
||||
soft_authorize = extensions.soft_extension_authorizer('compute',
|
||||
'v3:' + ALIAS)
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:%s' % ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _marshall_flavor_access(flavor):
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ from nova import exception
|
|||
|
||||
ALIAS = "os-flavor-manage"
|
||||
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorManageController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from nova.api.openstack import extensions
|
|||
from nova.api.openstack import wsgi
|
||||
|
||||
ALIAS = 'os-flavor-rxtx'
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorRxtxController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ from nova import objects
|
|||
from nova import utils
|
||||
|
||||
ALIAS = 'os-flavor-extra-specs'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FlavorExtraSpecsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ CONF.import_opt('public_interface', 'nova.network.linux_net')
|
|||
|
||||
|
||||
ALIAS = 'os-floating-ips-bulk'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class FloatingIPBulkController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ CONF = cfg.CONF
|
|||
CONF.register_opts(opts)
|
||||
|
||||
ALIAS = 'os-hide-server-addresses'
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class Controller(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ from nova import objects
|
|||
|
||||
LOG = logging.getLogger(__name__)
|
||||
ALIAS = 'os-hosts'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class HostController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ from nova import servicegroup
|
|||
|
||||
|
||||
ALIAS = "os-hypervisors"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class HypervisorsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from nova.api.openstack import wsgi
|
|||
|
||||
ALIAS = "image-size"
|
||||
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ImageSizeController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -22,10 +22,8 @@ from nova import compute
|
|||
from nova.i18n import _
|
||||
|
||||
ALIAS = "os-instance-actions"
|
||||
authorize_actions = extensions.extension_authorizer('compute',
|
||||
'v3:' + ALIAS)
|
||||
authorize_events = extensions.soft_extension_authorizer('compute',
|
||||
'v3:' + ALIAS + ':events')
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
ACTION_KEYS = ['action', 'instance_uuid', 'request_id', 'user_id',
|
||||
'project_id', 'start_time', 'message']
|
||||
|
|
@ -56,7 +54,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
"""Returns the list of actions recorded for a given instance."""
|
||||
context = req.environ["nova.context"]
|
||||
instance = common.get_instance(self.compute_api, context, server_id)
|
||||
authorize_actions(context, target=instance)
|
||||
authorize(context, target=instance)
|
||||
actions_raw = self.action_api.actions_get(context, instance)
|
||||
actions = [self._format_action(action) for action in actions_raw]
|
||||
return {'instanceActions': actions}
|
||||
|
|
@ -66,7 +64,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
"""Return data about the given instance action."""
|
||||
context = req.environ['nova.context']
|
||||
instance = common.get_instance(self.compute_api, context, server_id)
|
||||
authorize_actions(context, target=instance)
|
||||
authorize(context, target=instance)
|
||||
action = self.action_api.action_get_by_request_id(context, instance,
|
||||
id)
|
||||
if action is None:
|
||||
|
|
@ -75,7 +73,7 @@ class InstanceActionsController(wsgi.Controller):
|
|||
|
||||
action_id = action['id']
|
||||
action = self._format_action(action)
|
||||
if authorize_events(context):
|
||||
if soft_authorize(context, action='events'):
|
||||
events_raw = self.action_api.action_events_get(context, instance,
|
||||
action_id)
|
||||
action['events'] = [self._format_event(evt) for evt in events_raw]
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ CONF.import_opt('compute_topic', 'nova.compute.rpcapi')
|
|||
|
||||
|
||||
ALIAS = 'os-instance-usage-audit-log'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class InstanceUsageAuditLogController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ from nova.objects import keypair as keypair_obj
|
|||
|
||||
|
||||
ALIAS = 'os-keypairs'
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
soft_authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
|
||||
class KeypairController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -20,8 +20,7 @@ ALIAS = "os-migrations"
|
|||
|
||||
|
||||
def authorize(context, action_name):
|
||||
action = 'v3:%s:%s' % (ALIAS, action_name)
|
||||
extensions.extension_authorizer('compute', action)(context)
|
||||
extensions.os_compute_authorizer(ALIAS)(context, action=action_name)
|
||||
|
||||
|
||||
def output(migrations_obj):
|
||||
|
|
|
|||
|
|
@ -23,10 +23,8 @@ from nova import objects
|
|||
|
||||
|
||||
ALIAS = 'os-pci'
|
||||
instance_authorize = extensions.soft_extension_authorizer(
|
||||
'compute', 'v3:' + ALIAS + ':pci_servers')
|
||||
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
soft_authorize = extensions.os_compute_soft_authorizer(ALIAS + ':pci_servers')
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
PCI_ADMIN_KEYS = ['id', 'address', 'vendor_id', 'product_id', 'status',
|
||||
'compute_node_id']
|
||||
|
|
@ -44,7 +42,7 @@ class PciServerController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def show(self, req, resp_obj, id):
|
||||
context = req.environ['nova.context']
|
||||
if instance_authorize(context):
|
||||
if soft_authorize(context):
|
||||
server = resp_obj.obj['server']
|
||||
instance = req.get_db_instance(server['id'])
|
||||
self._extend_server(server, instance)
|
||||
|
|
@ -52,7 +50,7 @@ class PciServerController(wsgi.Controller):
|
|||
@wsgi.extends
|
||||
def detail(self, req, resp_obj):
|
||||
context = req.environ['nova.context']
|
||||
if instance_authorize(context):
|
||||
if soft_authorize(context):
|
||||
servers = list(resp_obj.obj['servers'])
|
||||
for server in servers:
|
||||
instance = req.get_db_instance(server['id'])
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ EXTENDED_QUOTAS = {'server_groups': 'os-server-group-quotas',
|
|||
'server_group_members': 'os-server-group-quotas'}
|
||||
|
||||
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class QuotaClassSetsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -30,14 +30,7 @@ from nova import quota
|
|||
|
||||
ALIAS = "os-quota-sets"
|
||||
QUOTAS = quota.QUOTAS
|
||||
authorize_update = extensions.extension_authorizer('compute',
|
||||
'v3:%s:update' % ALIAS)
|
||||
authorize_show = extensions.extension_authorizer('compute',
|
||||
'v3:%s:show' % ALIAS)
|
||||
authorize_delete = extensions.extension_authorizer('compute',
|
||||
'v3:%s:delete' % ALIAS)
|
||||
authorize_detail = extensions.extension_authorizer('compute',
|
||||
'v3:%s:detail' % ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class QuotaSetsController(wsgi.Controller):
|
||||
|
|
@ -92,7 +85,7 @@ class QuotaSetsController(wsgi.Controller):
|
|||
@extensions.expected_errors(403)
|
||||
def show(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize_show(context)
|
||||
authorize(context, action='show')
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
try:
|
||||
|
|
@ -105,7 +98,7 @@ class QuotaSetsController(wsgi.Controller):
|
|||
@extensions.expected_errors(403)
|
||||
def detail(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize_detail(context)
|
||||
authorize(context, action='detail')
|
||||
user_id = req.GET.get('user_id', None)
|
||||
try:
|
||||
nova.context.authorize_project_context(context, id)
|
||||
|
|
@ -119,7 +112,7 @@ class QuotaSetsController(wsgi.Controller):
|
|||
@validation.schema(quota_sets.update)
|
||||
def update(self, req, id, body):
|
||||
context = req.environ['nova.context']
|
||||
authorize_update(context)
|
||||
authorize(context, action='update')
|
||||
project_id = id
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
|
|
@ -171,7 +164,7 @@ class QuotaSetsController(wsgi.Controller):
|
|||
@extensions.expected_errors(())
|
||||
def defaults(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize_show(context)
|
||||
authorize(context, action='show')
|
||||
values = QUOTAS.get_defaults(context)
|
||||
return self._format_quota_set(id, values)
|
||||
|
||||
|
|
@ -182,7 +175,7 @@ class QuotaSetsController(wsgi.Controller):
|
|||
@wsgi.response(202)
|
||||
def delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
authorize_delete(context)
|
||||
authorize(context, action='delete')
|
||||
params = urlparse.parse_qs(req.environ.get('QUERY_STRING', ''))
|
||||
user_id = params.get('user_id', [None])[0]
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -28,8 +28,7 @@ from nova import objects
|
|||
|
||||
LOG = logging.getLogger(__name__)
|
||||
ALIAS = 'os-server-external-events'
|
||||
authorize = extensions.extension_authorizer('compute',
|
||||
'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ServerExternalEventsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ LOG = logging.getLogger(__name__)
|
|||
ALIAS = "os-server-groups"
|
||||
|
||||
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def _authorize_context(req):
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from nova import compute
|
|||
|
||||
|
||||
ALIAS = "os-server-usage"
|
||||
authorize = extensions.soft_extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_soft_authorizer(ALIAS)
|
||||
|
||||
resp_topic = "OS-SRV-USG"
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ from nova.i18n import _
|
|||
from nova import servicegroup
|
||||
|
||||
ALIAS = "os-services"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class ServiceController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -28,10 +28,7 @@ from nova.i18n import _
|
|||
from nova import objects
|
||||
|
||||
ALIAS = "os-simple-tenant-usage"
|
||||
authorize_show = extensions.extension_authorizer('compute',
|
||||
'v3:%s:show' % ALIAS)
|
||||
authorize_list = extensions.extension_authorizer('compute',
|
||||
'v3:%s:list' % ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
def parse_strtime(dstr, fmt):
|
||||
|
|
@ -226,7 +223,7 @@ class SimpleTenantUsageController(wsgi.Controller):
|
|||
"""Retrieve tenant_usage for all tenants."""
|
||||
context = req.environ['nova.context']
|
||||
|
||||
authorize_list(context)
|
||||
authorize(context, action='list')
|
||||
|
||||
try:
|
||||
(period_start, period_stop, detailed) = self._get_datetime_range(
|
||||
|
|
@ -249,7 +246,7 @@ class SimpleTenantUsageController(wsgi.Controller):
|
|||
tenant_id = id
|
||||
context = req.environ['nova.context']
|
||||
|
||||
authorize_show(context, {'project_id': tenant_id})
|
||||
authorize(context, action='show', target={'project_id': tenant_id})
|
||||
|
||||
try:
|
||||
(period_start, period_stop, ignore) = self._get_datetime_range(
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ QUOTAS = quota.QUOTAS
|
|||
|
||||
|
||||
ALIAS = "os-used-limits"
|
||||
authorize = extensions.extension_authorizer('compute', 'v3:' + ALIAS)
|
||||
authorize = extensions.os_compute_authorizer(ALIAS)
|
||||
|
||||
|
||||
class UsedLimitsController(wsgi.Controller):
|
||||
|
|
|
|||
|
|
@ -396,17 +396,11 @@ def check_compute_policy(context, action, target, scope='compute'):
|
|||
# the future.
|
||||
|
||||
def os_compute_authorizer(extension_name, core=False):
|
||||
if core:
|
||||
return core_authorizer('compute', 'v3:%s' % extension_name)
|
||||
else:
|
||||
return extension_authorizer('compute', 'v3:%s' % extension_name)
|
||||
return core_authorizer('os_compute_api', extension_name)
|
||||
|
||||
|
||||
def os_compute_soft_authorizer(extension_name, core=False):
|
||||
if core:
|
||||
return soft_core_authorizer('compute', 'v3:%s' % extension_name)
|
||||
else:
|
||||
return soft_extension_authorizer('compute', 'v3:%s' % extension_name)
|
||||
return soft_core_authorizer('os_compute_api', extension_name)
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ from nova.api.openstack import extensions as api_extensions
|
|||
from nova.tests.functional.v3 import api_sample_base
|
||||
|
||||
|
||||
def fake_soft_extension_authorizer(api_name, extension_name):
|
||||
def fake_soft_extension_authorizer(extension_name, core=False):
|
||||
def authorize(context, action=None):
|
||||
return True
|
||||
return authorize
|
||||
|
|
@ -28,7 +28,7 @@ def fake_soft_extension_authorizer(api_name, extension_name):
|
|||
class ExtensionInfoAllSamplesJsonTest(api_sample_base.ApiSampleTestBaseV3):
|
||||
all_extensions = True
|
||||
|
||||
@mock.patch.object(api_extensions, 'soft_extension_authorizer')
|
||||
@mock.patch.object(api_extensions, 'os_compute_soft_authorizer')
|
||||
def test_list_extensions(self, soft_auth):
|
||||
soft_auth.side_effect = fake_soft_extension_authorizer
|
||||
response = self._do_get('extensions')
|
||||
|
|
@ -40,7 +40,7 @@ class ExtensionInfoSamplesJsonTest(api_sample_base.ApiSampleTestBaseV3):
|
|||
sample_dir = "extension-info"
|
||||
extra_extensions_to_load = ["os-create-backup"]
|
||||
|
||||
@mock.patch.object(api_extensions, 'soft_extension_authorizer')
|
||||
@mock.patch.object(api_extensions, 'os_compute_soft_authorizer')
|
||||
def test_get_extensions(self, soft_auth):
|
||||
soft_auth.side_effect = fake_soft_extension_authorizer
|
||||
response = self._do_get('extensions/os-create-backup')
|
||||
|
|
|
|||
|
|
@ -100,19 +100,19 @@ class AdminActionsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
rule.popitem()[0], exc.format_message())
|
||||
|
||||
def test_reset_network_policy_failed(self):
|
||||
rule = {"compute_extension:v3:os-admin-actions:reset_network":
|
||||
rule = {"os_compute_api:os-admin-actions:reset_network":
|
||||
"project:non_fake"}
|
||||
self.common_policy_check(
|
||||
rule, "_reset_network", self.req, self.fake_id, body={})
|
||||
|
||||
def test_inject_network_info_policy_failed(self):
|
||||
rule = {"compute_extension:v3:os-admin-actions:inject_network_info":
|
||||
rule = {"os_compute_api:os-admin-actions:inject_network_info":
|
||||
"project:non_fake"}
|
||||
self.common_policy_check(
|
||||
rule, "_inject_network_info", self.req, self.fake_id, body={})
|
||||
|
||||
def test_reset_state_policy_failed(self):
|
||||
rule = {"compute_extension:v3:os-admin-actions:reset_state":
|
||||
rule = {"os_compute_api:os-admin-actions:reset_state":
|
||||
"project:non_fake"}
|
||||
self.common_policy_check(
|
||||
rule, "_reset_state", self.req,
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ class AdminPasswordPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_change_password_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-admin-password"
|
||||
rule_name = "os_compute_api:os-admin-password"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
body = {'changePassword': {'adminPass': '1234pass'}}
|
||||
|
|
|
|||
|
|
@ -361,7 +361,7 @@ class AgentsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-agents"
|
||||
rule_name = "os_compute_api:os-agents"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -377,7 +377,7 @@ class AgentsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-agents"
|
||||
rule_name = "os_compute_api:os-agents"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -387,7 +387,7 @@ class AgentsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-agents"
|
||||
rule_name = "os_compute_api:os-agents"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -397,7 +397,7 @@ class AgentsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_update_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-agents"
|
||||
rule_name = "os_compute_api:os-agents"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -472,7 +472,7 @@ class AttachInterfacesPolicyEnforcementv21(test.NoDBTestCase):
|
|||
self.controller = \
|
||||
attach_interfaces_v21.InterfaceAttachmentController()
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
self.rule_name = "compute_extension:v3:os-attach-interfaces"
|
||||
self.rule_name = "os_compute_api:os-attach-interfaces"
|
||||
self.policy.set_rules({self.rule_name: "project:non_fake"})
|
||||
|
||||
def test_index_attach_interfaces_policy_failed(self):
|
||||
|
|
|
|||
|
|
@ -33,9 +33,9 @@ from nova.tests.unit.api.openstack import fakes
|
|||
class CertificatesTestV21(test.NoDBTestCase):
|
||||
certificates = certificates_v21
|
||||
url = '/v3/os-certificates'
|
||||
certificate_show_extension = 'compute_extension:v3:os-certificates:show'
|
||||
certificate_show_extension = 'os_compute_api:os-certificates:show'
|
||||
certificate_create_extension = \
|
||||
'compute_extension:v3:os-certificates:create'
|
||||
'os_compute_api:os-certificates:create'
|
||||
|
||||
def setUp(self):
|
||||
super(CertificatesTestV21, self).setUp()
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ class CloudpipePolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "compute_extension:v3:os-cloudpipe"
|
||||
rule_name = "os_compute_api:os-cloudpipe"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ class ConsoleOutpuPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.controller = console_output_v21.ConsoleOutputController()
|
||||
|
||||
def test_get_console_output_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-console-output"
|
||||
rule_name = "os_compute_api:os-console-output"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
body = {'os-getConsoleOutput': {}}
|
||||
|
|
|
|||
|
|
@ -450,7 +450,7 @@ class TestRemoteConsolePolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "compute_extension:v3:os-remote-consoles"
|
||||
rule_name = "os_compute_api:os-remote-consoles"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -298,7 +298,7 @@ class CreateBackupPolicyEnforcementv21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_create_backup_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-create-backup"
|
||||
rule_name = "os_compute_api:os-create-backup"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
metadata = {'123': 'asdf'}
|
||||
body = {
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ class DeferredDeletePolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_restore_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-deferred-delete"
|
||||
rule_name = "os_compute_api:os-deferred-delete"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -166,7 +166,7 @@ class DeferredDeletePolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_force_delete_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-deferred-delete"
|
||||
rule_name = "os_compute_api:os-deferred-delete"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -278,7 +278,7 @@ class EvacuatePolicyEnforcementv21(test.NoDBTestCase):
|
|||
self.controller = evacuate_v21.EvacuateController()
|
||||
|
||||
def test_evacuate_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-evacuate"
|
||||
rule_name = "os_compute_api:os-evacuate"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
body = {'evacuate': {'host': 'my-host',
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ def fake_policy_enforce(context, action, target, do_raise=True):
|
|||
|
||||
|
||||
def fake_policy_enforce_selective(context, action, target, do_raise=True):
|
||||
if action == 'compute_extension:v3:ext1-alias:discoverable':
|
||||
if action == 'os_compute_api:ext1-alias:discoverable':
|
||||
raise exception.Forbidden
|
||||
else:
|
||||
return True
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ class FlavorAccessPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_add_tenant_access_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-access:add_tenant_access"
|
||||
rule_name = "os_compute_api:os-flavor-access:add_tenant_access"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -395,7 +395,7 @@ class FlavorAccessPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_remove_tenant_access_policy_failed(self):
|
||||
rule_name = ("compute_extension:v3:os-flavor-access:"
|
||||
rule_name = ("os_compute_api:os-flavor-access:"
|
||||
"remove_tenant_access")
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
|
|
@ -408,22 +408,22 @@ class FlavorAccessPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_extend_create_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-access"
|
||||
rule_name = "os_compute_api:os-flavor-access"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
self.act_controller.create(self.req, None, None)
|
||||
|
||||
def test_extend_show_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-access"
|
||||
rule_name = "os_compute_api:os-flavor-access"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
self.act_controller.show(self.req, None, None)
|
||||
|
||||
def test_extend_detail_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-access"
|
||||
rule_name = "os_compute_api:os-flavor-access"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
self.act_controller.detail(self.req, None)
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-access"
|
||||
rule_name = "os_compute_api:os-flavor-access"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -474,7 +474,7 @@ class FlavorManagerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.controller = flavormanage_v21.FlavorManageController()
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-manage"
|
||||
rule_name = "os_compute_api:os-flavor-manage"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
exc = self.assertRaises(
|
||||
|
|
@ -493,7 +493,7 @@ class FlavorManagerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-flavor-manage"
|
||||
rule_name = "os_compute_api:os-flavor-manage"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -364,7 +364,7 @@ class FloatingIPDNSDomainPolicyEnforcementV21(test.NoDBTestCase):
|
|||
def setUp(self):
|
||||
super(FloatingIPDNSDomainPolicyEnforcementV21, self).setUp()
|
||||
self.controller = fipdns_v21.FloatingIPDNSDomainController()
|
||||
self.rule_name = "compute_extension:v3:os-floating-ip-dns"
|
||||
self.rule_name = "os_compute_api:os-floating-ip-dns"
|
||||
self.policy.set_rules({self.rule_name: "project:non_fake"})
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
|
|
@ -401,7 +401,7 @@ class FloatingIPDNSEntryPolicyEnforcementV21(test.NoDBTestCase):
|
|||
def setUp(self):
|
||||
super(FloatingIPDNSEntryPolicyEnforcementV21, self).setUp()
|
||||
self.controller = fipdns_v21.FloatingIPDNSEntryController()
|
||||
self.rule_name = "compute_extension:v3:os-floating-ip-dns"
|
||||
self.rule_name = "os_compute_api:os-floating-ip-dns"
|
||||
self.policy.set_rules({self.rule_name: "project:non_fake"})
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ class FloatingIPPoolsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_change_password_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-floating-ip-pools"
|
||||
rule_name = "os_compute_api:os-floating-ip-pools"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -831,7 +831,7 @@ class FloatingIPPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "compute_extension:v3:os-floating-ips"
|
||||
rule_name = "os_compute_api:os-floating-ips"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
@ -861,7 +861,7 @@ class FloatingIPActionPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "compute_extension:v3:os-floating-ips"
|
||||
rule_name = "os_compute_api:os-floating-ips"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -134,15 +134,15 @@ class FpingPolicyEnforcementV21(test.NoDBTestCase):
|
|||
rule.popitem()[0], exc.format_message())
|
||||
|
||||
def test_list_policy_failed(self):
|
||||
rule = {"compute_extension:v3:os-fping": "project:non_fake"}
|
||||
rule = {"os_compute_api:os-fping": "project:non_fake"}
|
||||
self.common_policy_check(rule, self.controller.index, self.req)
|
||||
|
||||
self.req.GET.update({"all_tenants": "True"})
|
||||
rule = {"compute_extension:v3:os-fping:all_tenants":
|
||||
rule = {"os_compute_api:os-fping:all_tenants":
|
||||
"project:non_fake"}
|
||||
self.common_policy_check(rule, self.controller.index, self.req)
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule = {"compute_extension:v3:os-fping": "project:non_fake"}
|
||||
rule = {"os_compute_api:os-fping": "project:non_fake"}
|
||||
self.common_policy_check(
|
||||
rule, self.controller.show, self.req, FAKE_UUID)
|
||||
|
|
|
|||
|
|
@ -426,7 +426,7 @@ class HostsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-hosts"
|
||||
rule_name = "os_compute_api:os-hosts"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class InstanceActionsPolicyTestV21(test.NoDBTestCase):
|
|||
|
||||
def _set_policy_rules(self):
|
||||
rules = {'compute:get': common_policy.parse_rule(''),
|
||||
'compute_extension:v3:os-instance-actions':
|
||||
'os_compute_api:os-instance-actions':
|
||||
common_policy.parse_rule('project_id:%(project_id)s')}
|
||||
policy.set_rules(rules)
|
||||
|
||||
|
|
@ -154,9 +154,9 @@ class InstanceActionsTestV21(test.NoDBTestCase):
|
|||
|
||||
def _set_policy_rules(self):
|
||||
rules = {'compute:get': common_policy.parse_rule(''),
|
||||
'compute_extension:v3:os-instance-actions':
|
||||
'os_compute_api:os-instance-actions':
|
||||
common_policy.parse_rule(''),
|
||||
'compute_extension:v3:os-instance-actions:events':
|
||||
'os_compute_api:os-instance-actions:events':
|
||||
common_policy.parse_rule('is_admin:True')}
|
||||
policy.set_rules(rules)
|
||||
|
||||
|
|
|
|||
|
|
@ -221,7 +221,7 @@ class InstanceUsageAuditPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-instance-usage-audit-log"
|
||||
rule_name = "os_compute_api:os-instance-usage-audit-log"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -231,7 +231,7 @@ class InstanceUsageAuditPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-instance-usage-audit-log"
|
||||
rule_name = "os_compute_api:os-instance-usage-audit-log"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -295,7 +295,7 @@ class KeypairsTestV21(test.TestCase):
|
|||
|
||||
class KeypairPolicyTestV21(test.TestCase):
|
||||
KeyPairController = keypairs_v21.KeypairController()
|
||||
policy_path = 'compute_extension:v3:os-keypairs'
|
||||
policy_path = 'os_compute_api:os-keypairs'
|
||||
|
||||
def setUp(self):
|
||||
super(KeypairPolicyTestV21, self).setUp()
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ class LockServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_lock_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-lock-server:lock"
|
||||
rule_name = "os_compute_api:os-lock-server:lock"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -102,7 +102,7 @@ class LockServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_unlock_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-lock-server:unlock"
|
||||
rule_name = "os_compute_api:os-lock-server:unlock"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -287,7 +287,7 @@ class MigrateServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_migrate_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-migrate-server:migrate"
|
||||
rule_name = "os_compute_api:os-migrate-server:migrate"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -299,7 +299,7 @@ class MigrateServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_migrate_live_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-migrate-server:migrate_live"
|
||||
rule_name = "os_compute_api:os-migrate-server:migrate_live"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
body_args = {'os-migrateLive': {'host': 'hostname',
|
||||
'block_migration': False,
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ class MigrationsPolicyEnforcement(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_list_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-migrations:index"
|
||||
rule_name = "os_compute_api:os-migrations:index"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -181,7 +181,7 @@ class MultinicPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_add_fixed_ip_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-multinic"
|
||||
rule_name = "os_compute_api:os-multinic"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -192,7 +192,7 @@ class MultinicPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_remove_fixed_ip_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-multinic"
|
||||
rule_name = "os_compute_api:os-multinic"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -656,7 +656,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks:view'
|
||||
rule_name = 'os_compute_api:os-networks:view'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -666,7 +666,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks:view'
|
||||
rule_name = 'os_compute_api:os-networks:view'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -676,7 +676,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks'
|
||||
rule_name = 'os_compute_api:os-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -686,7 +686,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks'
|
||||
rule_name = 'os_compute_api:os-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -696,7 +696,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_add_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks'
|
||||
rule_name = 'os_compute_api:os-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -707,7 +707,7 @@ class NetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_disassociate_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks'
|
||||
rule_name = 'os_compute_api:os-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -727,7 +727,7 @@ class NetworksAssociateEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_disassociate_host_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks-associate'
|
||||
rule_name = 'os_compute_api:os-networks-associate'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -738,7 +738,7 @@ class NetworksAssociateEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_disassociate_project_only_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks-associate'
|
||||
rule_name = 'os_compute_api:os-networks-associate'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -749,7 +749,7 @@ class NetworksAssociateEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_disassociate_host_only_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-networks-associate'
|
||||
rule_name = 'os_compute_api:os-networks-associate'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ class PauseServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.controller = pause_server_v21.PauseServerController()
|
||||
|
||||
def test_pause_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-pause-server:pause"
|
||||
rule_name = "os_compute_api:os-pause-server:pause"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
exc = self.assertRaises(
|
||||
|
|
@ -108,7 +108,7 @@ class PauseServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_unpause_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-pause-server:unpause"
|
||||
rule_name = "os_compute_api:os-pause-server:unpause"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ class RescuePolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_rescue_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-rescue"
|
||||
rule_name = "os_compute_api:os-rescue"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
body = {"rescue": {"adminPass": "AABBCC112233"}}
|
||||
exc = self.assertRaises(
|
||||
|
|
@ -223,7 +223,7 @@ class RescuePolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_unrescue_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-rescue"
|
||||
rule_name = "os_compute_api:os-rescue"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
body = dict(unrescue=None)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -379,7 +379,7 @@ class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "compute_extension:v3:os-security-groups"
|
||||
rule_name = "os_compute_api:os-security-groups"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
|
|||
|
|
@ -1464,7 +1464,7 @@ class SecurityGroupsOutputPolicyEnforcementV21(test.NoDBTestCase):
|
|||
super(SecurityGroupsOutputPolicyEnforcementV21, self).setUp()
|
||||
self.controller = secgroups_v21.SecurityGroupsOutputController()
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
self.rule_name = "compute_extension:v3:os-security-groups"
|
||||
self.rule_name = "os_compute_api:os-security-groups"
|
||||
self.rule = {self.rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(self.rule)
|
||||
|
||||
|
|
@ -1483,7 +1483,7 @@ class PolicyEnforcementV21(test.NoDBTestCase):
|
|||
def setUp(self):
|
||||
super(PolicyEnforcementV21, self).setUp()
|
||||
self.req = fakes.HTTPRequest.blank('')
|
||||
self.rule_name = "compute_extension:v3:os-security-groups"
|
||||
self.rule_name = "os_compute_api:os-security-groups"
|
||||
self.rule = {self.rule_name: "project:non_fake"}
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class ServerDiagnosticsEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_get_diagnostics_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-server-diagnostics"
|
||||
rule_name = "os_compute_api:os-server-diagnostics"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -95,9 +95,9 @@ class ServerPasswordPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_get_password_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-server-password"
|
||||
rule_name = "os_compute_api:os-server-password"
|
||||
self._test_policy_failed(self.controller.index, rule_name)
|
||||
|
||||
def test_clear_password_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-server-password"
|
||||
rule_name = "os_compute_api:os-server-password"
|
||||
self._test_policy_failed(self.controller.clear, rule_name)
|
||||
|
|
|
|||
|
|
@ -54,8 +54,8 @@ def fake_start_stop_invalid_state(self, context, instance):
|
|||
|
||||
|
||||
class ServerStartStopTestV21(test.TestCase):
|
||||
start_policy = "compute:v3:servers:start"
|
||||
stop_policy = "compute:v3:servers:stop"
|
||||
start_policy = "os_compute_api:servers:start"
|
||||
stop_policy = "os_compute_api:servers:stop"
|
||||
|
||||
def setUp(self):
|
||||
super(ServerStartStopTestV21, self).setUp()
|
||||
|
|
|
|||
|
|
@ -677,7 +677,7 @@ class ServicesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_update_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-services"
|
||||
rule_name = "os_compute_api:os-services"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -689,7 +689,7 @@ class ServicesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-services"
|
||||
rule_name = "os_compute_api:os-services"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -699,7 +699,7 @@ class ServicesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-services"
|
||||
rule_name = "os_compute_api:os-services"
|
||||
self.policy.set_rules({rule_name: "project_id:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ class ShelvePolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_shelve_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-shelve:shelve"
|
||||
rule_name = "os_compute_api:os-shelve:shelve"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -149,7 +149,7 @@ class ShelvePolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_shelve_offload_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-shelve:shelve_offload"
|
||||
rule_name = "os_compute_api:os-shelve:shelve_offload"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -160,7 +160,7 @@ class ShelvePolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_unshelve_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-shelve:unshelve"
|
||||
rule_name = "os_compute_api:os-shelve:unshelve"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class SuspendServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_suspend_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-suspend-server:suspend"
|
||||
rule_name = "os_compute_api:os-suspend-server:suspend"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -93,7 +93,7 @@ class SuspendServerPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_resume_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-suspend-server:resume"
|
||||
rule_name = "os_compute_api:os-suspend-server:resume"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ class TenantNetworksEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-tenant-networks'
|
||||
rule_name = 'os_compute_api:os-tenant-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -278,7 +278,7 @@ class TenantNetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-tenant-networks'
|
||||
rule_name = 'os_compute_api:os-tenant-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -289,7 +289,7 @@ class TenantNetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-tenant-networks'
|
||||
rule_name = 'os_compute_api:os-tenant-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -300,7 +300,7 @@ class TenantNetworksEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule_name = 'compute_extension:v3:os-tenant-networks'
|
||||
rule_name = 'os_compute_api:os-tenant-networks'
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ class ServerVirtualInterfaceEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_index_virtual_interfaces_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-virtual-interfaces"
|
||||
rule_name = "os_compute_api:os-virtual-interfaces"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -832,7 +832,7 @@ class TestAssistedVolumeSnapshotsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_create_assisted_volumes_snapshots_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-assisted-volume-snapshots:create"
|
||||
rule_name = "os_compute_api:os-assisted-volume-snapshots:create"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
body = {'snapshot':
|
||||
{'volume_id': '1',
|
||||
|
|
@ -847,7 +847,7 @@ class TestAssistedVolumeSnapshotsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_assisted_volumes_snapshots_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-assisted-volume-snapshots:delete"
|
||||
rule_name = "os_compute_api:os-assisted-volume-snapshots:delete"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -874,62 +874,62 @@ class TestVolumeAttachPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_volume_attach_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-volumes-attachments:index"
|
||||
rule_name = "os_compute_api:os-volumes-attachments:index"
|
||||
rules = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name,
|
||||
self.controller.index, self.req, FAKE_UUID)
|
||||
|
||||
def test_show_volume_attach_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-volumes"
|
||||
rules = {"compute_extension:v3:os-volumes-attachments:show": "@",
|
||||
rule_name = "os_compute_api:os-volumes"
|
||||
rules = {"os_compute_api:os-volumes-attachments:show": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.show,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A)
|
||||
|
||||
rule_name = "compute_extension:v3:os-volumes-attachments:show"
|
||||
rules = {"compute_extension:v3:os-volumes": "@",
|
||||
rule_name = "os_compute_api:os-volumes-attachments:show"
|
||||
rules = {"os_compute_api:os-volumes": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.show,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A)
|
||||
|
||||
def test_create_volume_attach_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-volumes"
|
||||
rules = {"compute_extension:v3:os-volumes-attachments:create": "@",
|
||||
rule_name = "os_compute_api:os-volumes"
|
||||
rules = {"os_compute_api:os-volumes-attachments:create": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
body = {'volumeAttachment': {'volumeId': FAKE_UUID_A,
|
||||
'device': '/dev/fake'}}
|
||||
self._common_policy_check(rules, rule_name, self.controller.create,
|
||||
self.req, FAKE_UUID, body=body)
|
||||
|
||||
rule_name = "compute_extension:v3:os-volumes-attachments:create"
|
||||
rules = {"compute_extension:v3:os-volumes": "@",
|
||||
rule_name = "os_compute_api:os-volumes-attachments:create"
|
||||
rules = {"os_compute_api:os-volumes": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.create,
|
||||
self.req, FAKE_UUID, body=body)
|
||||
|
||||
def test_update_volume_attach_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-volumes"
|
||||
rules = {"compute_extension:v3:os-volumes-attachments:update": "@",
|
||||
rule_name = "os_compute_api:os-volumes"
|
||||
rules = {"os_compute_api:os-volumes-attachments:update": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
body = {'volumeAttachment': {'volumeId': FAKE_UUID_B}}
|
||||
self._common_policy_check(rules, rule_name, self.controller.update,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A, body=body)
|
||||
|
||||
rule_name = "compute_extension:v3:os-volumes-attachments:update"
|
||||
rules = {"compute_extension:v3:os-volumes": "@",
|
||||
rule_name = "os_compute_api:os-volumes-attachments:update"
|
||||
rules = {"os_compute_api:os-volumes": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.update,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A, body=body)
|
||||
|
||||
def test_delete_volume_attach_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:os-volumes"
|
||||
rules = {"compute_extension:v3:os-volumes-attachments:delete": "@",
|
||||
rule_name = "os_compute_api:os-volumes"
|
||||
rules = {"os_compute_api:os-volumes-attachments:delete": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.delete,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A)
|
||||
|
||||
rule_name = "compute_extension:v3:os-volumes-attachments:delete"
|
||||
rules = {"compute_extension:v3:os-volumes": "@",
|
||||
rule_name = "os_compute_api:os-volumes-attachments:delete"
|
||||
rules = {"os_compute_api:os-volumes": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._common_policy_check(rules, rule_name, self.controller.delete,
|
||||
self.req, FAKE_UUID, FAKE_UUID_A)
|
||||
|
|
|
|||
|
|
@ -851,9 +851,9 @@ class ServersControllerTest(ControllerTest):
|
|||
fake_get_all)
|
||||
|
||||
rules = {
|
||||
"compute:v3:servers:index":
|
||||
"os_compute_api:servers:index":
|
||||
common_policy.parse_rule("project_id:fake"),
|
||||
"compute:v3:servers:index:get_all_tenants":
|
||||
"os_compute_api:servers:index:get_all_tenants":
|
||||
common_policy.parse_rule("project_id:fake")
|
||||
}
|
||||
policy.set_rules(rules)
|
||||
|
|
@ -869,9 +869,9 @@ class ServersControllerTest(ControllerTest):
|
|||
return [fakes.stub_instance(100)]
|
||||
|
||||
rules = {
|
||||
"compute:v3:servers:index:get_all_tenants":
|
||||
"os_compute_api:servers:index:get_all_tenants":
|
||||
common_policy.parse_rule("project_id:non_fake"),
|
||||
"compute:v3:servers:get_all":
|
||||
"os_compute_api:servers:get_all":
|
||||
common_policy.parse_rule("project_id:fake"),
|
||||
}
|
||||
|
||||
|
|
@ -1533,7 +1533,7 @@ class ServersControllerRebuildInstanceTest(ControllerTest):
|
|||
|
||||
def test_start_policy_failed(self):
|
||||
rules = {
|
||||
"compute:v3:servers:start":
|
||||
"os_compute_api:servers:start":
|
||||
common_policy.parse_rule("project_id:non_fake")
|
||||
}
|
||||
policy.set_rules(rules)
|
||||
|
|
@ -1542,7 +1542,7 @@ class ServersControllerRebuildInstanceTest(ControllerTest):
|
|||
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
||||
self.controller._start_server,
|
||||
req, FAKE_UUID, body)
|
||||
self.assertIn("compute:v3:servers:start", exc.format_message())
|
||||
self.assertIn("os_compute_api:servers:start", exc.format_message())
|
||||
|
||||
def test_start_not_ready(self):
|
||||
self.stubs.Set(compute_api.API, 'start', fake_start_stop_not_ready)
|
||||
|
|
@ -1577,7 +1577,7 @@ class ServersControllerRebuildInstanceTest(ControllerTest):
|
|||
|
||||
def test_stop_policy_failed(self):
|
||||
rules = {
|
||||
"compute:v3:servers:stop":
|
||||
"os_compute_api:servers:stop":
|
||||
common_policy.parse_rule("project_id:non_fake")
|
||||
}
|
||||
policy.set_rules(rules)
|
||||
|
|
@ -1586,7 +1586,7 @@ class ServersControllerRebuildInstanceTest(ControllerTest):
|
|||
exc = self.assertRaises(exception.PolicyNotAuthorized,
|
||||
self.controller._stop_server,
|
||||
req, FAKE_UUID, body)
|
||||
self.assertIn("compute:v3:servers:stop", exc.format_message())
|
||||
self.assertIn("os_compute_api:servers:stop", exc.format_message())
|
||||
|
||||
def test_stop_not_ready(self):
|
||||
self.stubs.Set(compute_api.API, 'stop', fake_start_stop_not_ready)
|
||||
|
|
@ -3410,7 +3410,7 @@ class IPsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:ips:index"
|
||||
rule_name = "os_compute_api:ips:index"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -3420,7 +3420,7 @@ class IPsPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:ips:show"
|
||||
rule_name = "os_compute_api:ips:show"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -3451,7 +3451,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
@mock.patch.object(servers.ServersController, '_get_instance')
|
||||
def test_start_policy_failed(self, _get_instance_mock):
|
||||
_get_instance_mock.return_value = None
|
||||
rule_name = "compute:v3:servers:start"
|
||||
rule_name = "os_compute_api:servers:start"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller._start_server,
|
||||
|
|
@ -3460,20 +3460,20 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
@mock.patch.object(servers.ServersController, '_get_instance')
|
||||
def test_stop_policy_failed(self, _get_instance_mock):
|
||||
_get_instance_mock.return_value = None
|
||||
rule_name = "compute:v3:servers:stop"
|
||||
rule_name = "os_compute_api:servers:stop"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller._stop_server,
|
||||
self.req, FAKE_UUID, body={})
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:index"
|
||||
rule_name = "os_compute_api:servers:index"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller.index, self.req)
|
||||
|
||||
def test_detail_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:detail"
|
||||
rule_name = "os_compute_api:servers:detail"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller.detail, self.req)
|
||||
|
|
@ -3481,7 +3481,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
def test_detail_get_tenants_policy_failed(self):
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
req.GET["all_tenants"] = "True"
|
||||
rule_name = "compute:v3:servers:detail:get_all_tenants"
|
||||
rule_name = "os_compute_api:servers:detail:get_all_tenants"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller._get_servers, req, True)
|
||||
|
|
@ -3489,7 +3489,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
def test_index_get_tenants_policy_failed(self):
|
||||
req = fakes.HTTPRequest.blank('')
|
||||
req.GET["all_tenants"] = "True"
|
||||
rule_name = "compute:v3:servers:index:get_all_tenants"
|
||||
rule_name = "os_compute_api:servers:index:get_all_tenants"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller._get_servers, req, False)
|
||||
|
|
@ -3497,19 +3497,19 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
@mock.patch.object(common, 'get_instance')
|
||||
def test_show_policy_failed(self, get_instance_mock):
|
||||
get_instance_mock.return_value = None
|
||||
rule_name = "compute:v3:servers:show"
|
||||
rule_name = "os_compute_api:servers:show"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller.show, self.req, FAKE_UUID)
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:delete"
|
||||
rule_name = "os_compute_api:servers:delete"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self._common_policy_check(
|
||||
rule, rule_name, self.controller.delete, self.req, FAKE_UUID)
|
||||
|
||||
def test_update_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:update"
|
||||
rule_name = "os_compute_api:servers:update"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
body = {'server': {'name': 'server_test'}}
|
||||
self._common_policy_check(
|
||||
|
|
@ -3517,7 +3517,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
FAKE_UUID, body=body)
|
||||
|
||||
def test_confirm_resize_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:confirm_resize"
|
||||
rule_name = "os_compute_api:servers:confirm_resize"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
body = {'server': {'name': 'server_test'}}
|
||||
self._common_policy_check(
|
||||
|
|
@ -3525,7 +3525,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req, FAKE_UUID, body=body)
|
||||
|
||||
def test_revert_resize_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:revert_resize"
|
||||
rule_name = "os_compute_api:servers:revert_resize"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
body = {'server': {'name': 'server_test'}}
|
||||
self._common_policy_check(
|
||||
|
|
@ -3533,7 +3533,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req, FAKE_UUID, body=body)
|
||||
|
||||
def test_reboot_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:reboot"
|
||||
rule_name = "os_compute_api:servers:reboot"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
body = {'reboot': {'type': 'HARD'}}
|
||||
self._common_policy_check(
|
||||
|
|
@ -3541,7 +3541,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req, FAKE_UUID, body=body)
|
||||
|
||||
def test_resize_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:resize"
|
||||
rule_name = "os_compute_api:servers:resize"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
flavor_id = 1
|
||||
self._common_policy_check(
|
||||
|
|
@ -3549,7 +3549,7 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
FAKE_UUID, flavor_id)
|
||||
|
||||
def test_create_image_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:create_image"
|
||||
rule_name = "os_compute_api:servers:create_image"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
body = {
|
||||
'createImage': {
|
||||
|
|
@ -3580,27 +3580,27 @@ class ServersPolicyEnforcementV21(test.NoDBTestCase):
|
|||
rules, rule_name, self.controller.create, self.req, body=body)
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:create"
|
||||
rule_name = "os_compute_api:servers:create"
|
||||
rules = {rule_name: "project:non_fake"}
|
||||
self._create_policy_check(rules, rule_name)
|
||||
|
||||
def test_create_forced_host_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:create:forced_host"
|
||||
rule = {"compute:v3:servers:create": "@",
|
||||
rule_name = "os_compute_api:servers:create:forced_host"
|
||||
rule = {"os_compute_api:servers:create": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._create_policy_check(rule, rule_name)
|
||||
|
||||
def test_create_attach_volume_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:create:attach_volume"
|
||||
rules = {"compute:v3:servers:create": "@",
|
||||
"compute:v3:servers:create:forced_host": "@",
|
||||
rule_name = "os_compute_api:servers:create:attach_volume"
|
||||
rules = {"os_compute_api:servers:create": "@",
|
||||
"os_compute_api:servers:create:forced_host": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._create_policy_check(rules, rule_name)
|
||||
|
||||
def test_create_attach_attach_network_policy_failed(self):
|
||||
rule_name = "compute:v3:servers:create:attach_network"
|
||||
rules = {"compute:v3:servers:create": "@",
|
||||
"compute:v3:servers:create:forced_host": "@",
|
||||
"compute:v3:servers:create:attach_volume": "@",
|
||||
rule_name = "os_compute_api:servers:create:attach_network"
|
||||
rules = {"os_compute_api:servers:create": "@",
|
||||
"os_compute_api:servers:create:forced_host": "@",
|
||||
"os_compute_api:servers:create:attach_volume": "@",
|
||||
rule_name: "project:non_fake"}
|
||||
self._create_policy_check(rules, rule_name)
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@ class ExtensionTestCase(test.TestCase):
|
|||
authorize = base_extensions.os_compute_authorizer(
|
||||
'used_limits_for_admin')
|
||||
self._test_extension_authorizer_throws_exception_if_policy_fails(
|
||||
"compute_extension:v3:used_limits_for_admin",
|
||||
"os_compute_api:used_limits_for_admin",
|
||||
authorize)
|
||||
|
||||
def _test_core_authorizer_throws_exception_if_policy_fails(self,
|
||||
|
|
@ -191,13 +191,6 @@ class ExtensionTestCase(test.TestCase):
|
|||
self._test_core_authorizer_throws_exception_if_policy_fails(
|
||||
"compute:used_limits_for_admin", authorize)
|
||||
|
||||
def test_os_compute_api_core_authorizer_throws_exception_if_policy_fails(
|
||||
self):
|
||||
authorize = base_extensions.os_compute_authorizer(
|
||||
'used_limits_for_admin', core=True)
|
||||
self._test_core_authorizer_throws_exception_if_policy_fails(
|
||||
"compute:v3:used_limits_for_admin", authorize)
|
||||
|
||||
|
||||
class ExtensionControllerTest(ExtensionTestCase):
|
||||
|
||||
|
|
|
|||
|
|
@ -779,7 +779,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def test_create_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:create"
|
||||
rule_name = "os_compute_api:server-metadata:create"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -790,7 +790,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_index_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:index"
|
||||
rule_name = "os_compute_api:server-metadata:index"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -800,7 +800,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_update_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:update"
|
||||
rule_name = "os_compute_api:server-metadata:update"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -811,7 +811,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_update_all_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:update_all"
|
||||
rule_name = "os_compute_api:server-metadata:update_all"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -822,7 +822,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_delete_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:delete"
|
||||
rule_name = "os_compute_api:server-metadata:delete"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
@ -832,7 +832,7 @@ class ServerMetaPolicyEnforcementV21(test.NoDBTestCase):
|
|||
exc.format_message())
|
||||
|
||||
def test_show_policy_failed(self):
|
||||
rule_name = "compute_extension:v3:server-metadata:show"
|
||||
rule_name = "os_compute_api:server-metadata:show"
|
||||
self.policy.set_rules({rule_name: "project:non_fake"})
|
||||
exc = self.assertRaises(
|
||||
exception.PolicyNotAuthorized,
|
||||
|
|
|
|||
|
|
@ -104,26 +104,26 @@ policy_data = """
|
|||
"compute:volume_snapshot_create": "",
|
||||
"compute:volume_snapshot_delete": "",
|
||||
|
||||
"compute:v3:servers:confirm_resize": "",
|
||||
"compute:v3:servers:create": "",
|
||||
"compute:v3:servers:create:attach_network": "",
|
||||
"compute:v3:servers:create:attach_volume": "",
|
||||
"compute:v3:servers:create:forced_host": "",
|
||||
"compute:v3:servers:delete": "",
|
||||
"compute:v3:servers:detail": "",
|
||||
"compute:v3:servers:detail:get_all_tenants": "",
|
||||
"compute:v3:servers:index": "",
|
||||
"compute:v3:servers:index:get_all_tenants": "",
|
||||
"compute:v3:servers:reboot": "",
|
||||
"compute:v3:servers:rebuild": "",
|
||||
"compute:v3:servers:resize": "",
|
||||
"compute:v3:servers:revert_resize": "",
|
||||
"compute:v3:servers:show": "",
|
||||
"compute:v3:servers:create_image": "",
|
||||
"compute:v3:servers:update": "",
|
||||
"compute:v3:servers:start": "",
|
||||
"compute:v3:servers:stop": "",
|
||||
"compute_extension:v3:os-access-ips": "",
|
||||
"os_compute_api:servers:confirm_resize": "",
|
||||
"os_compute_api:servers:create": "",
|
||||
"os_compute_api:servers:create:attach_network": "",
|
||||
"os_compute_api:servers:create:attach_volume": "",
|
||||
"os_compute_api:servers:create:forced_host": "",
|
||||
"os_compute_api:servers:delete": "",
|
||||
"os_compute_api:servers:detail": "",
|
||||
"os_compute_api:servers:detail:get_all_tenants": "",
|
||||
"os_compute_api:servers:index": "",
|
||||
"os_compute_api:servers:index:get_all_tenants": "",
|
||||
"os_compute_api:servers:reboot": "",
|
||||
"os_compute_api:servers:rebuild": "",
|
||||
"os_compute_api:servers:resize": "",
|
||||
"os_compute_api:servers:revert_resize": "",
|
||||
"os_compute_api:servers:show": "",
|
||||
"os_compute_api:servers:create_image": "",
|
||||
"os_compute_api:servers:update": "",
|
||||
"os_compute_api:servers:start": "",
|
||||
"os_compute_api:servers:stop": "",
|
||||
"os_compute_api:os-access-ips": "",
|
||||
"compute_extension:accounts": "",
|
||||
"compute_extension:admin_actions:pause": "",
|
||||
"compute_extension:admin_actions:unpause": "",
|
||||
|
|
@ -137,81 +137,81 @@ policy_data = """
|
|||
"compute_extension:admin_actions:migrateLive": "",
|
||||
"compute_extension:admin_actions:resetState": "",
|
||||
"compute_extension:admin_actions:migrate": "",
|
||||
"compute_extension:v3:os-admin-actions:reset_network": "",
|
||||
"compute_extension:v3:os-admin-actions:inject_network_info": "",
|
||||
"compute_extension:v3:os-admin-actions:reset_state": "",
|
||||
"compute_extension:v3:os-admin-password": "",
|
||||
"os_compute_api:os-admin-actions:reset_network": "",
|
||||
"os_compute_api:os-admin-actions:inject_network_info": "",
|
||||
"os_compute_api:os-admin-actions:reset_state": "",
|
||||
"os_compute_api:os-admin-password": "",
|
||||
"compute_extension:aggregates": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:index": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:show": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:add_host": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:remove_host": "rule:admin_api",
|
||||
"compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:index": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:create": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:show": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:update": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:delete": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:add_host": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:remove_host": "rule:admin_api",
|
||||
"os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
|
||||
"compute_extension:agents": "",
|
||||
"compute_extension:v3:os-agents": "",
|
||||
"os_compute_api:os-agents": "",
|
||||
"compute_extension:attach_interfaces": "",
|
||||
"compute_extension:v3:os-attach-interfaces": "",
|
||||
"os_compute_api:os-attach-interfaces": "",
|
||||
"compute_extension:baremetal_nodes": "",
|
||||
"compute_extension:v3:os-baremetal-nodes": "",
|
||||
"os_compute_api:os-baremetal-nodes": "",
|
||||
"compute_extension:cells": "",
|
||||
"compute_extension:cells:create": "rule:admin_api",
|
||||
"compute_extension:cells:delete": "rule:admin_api",
|
||||
"compute_extension:cells:update": "rule:admin_api",
|
||||
"compute_extension:cells:sync_instances": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells": "",
|
||||
"compute_extension:v3:os-cells:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:delete": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:update": "rule:admin_api",
|
||||
"compute_extension:v3:os-cells:sync_instances": "rule:admin_api",
|
||||
"os_compute_api:os-cells": "",
|
||||
"os_compute_api:os-cells:create": "rule:admin_api",
|
||||
"os_compute_api:os-cells:delete": "rule:admin_api",
|
||||
"os_compute_api:os-cells:update": "rule:admin_api",
|
||||
"os_compute_api:os-cells:sync_instances": "rule:admin_api",
|
||||
"compute_extension:certificates": "",
|
||||
"compute_extension:v3:os-certificates:create": "",
|
||||
"compute_extension:v3:os-certificates:show": "",
|
||||
"os_compute_api:os-certificates:create": "",
|
||||
"os_compute_api:os-certificates:show": "",
|
||||
"compute_extension:cloudpipe": "",
|
||||
"compute_extension:v3:os-cloudpipe": "",
|
||||
"os_compute_api:os-cloudpipe": "",
|
||||
"compute_extension:cloudpipe_update": "",
|
||||
"compute_extension:config_drive": "",
|
||||
"compute_extension:v3:os-config-drive": "",
|
||||
"os_compute_api:os-config-drive": "",
|
||||
"compute_extension:console_output": "",
|
||||
"compute_extension:v3:os-console-output": "",
|
||||
"os_compute_api:os-console-output": "",
|
||||
"compute_extension:consoles": "",
|
||||
"compute_extension:v3:os-remote-consoles": "",
|
||||
"os_compute_api:os-remote-consoles": "",
|
||||
"compute_extension:createserverext": "",
|
||||
"compute_extension:v3:os-create-backup": "",
|
||||
"os_compute_api:os-create-backup": "",
|
||||
"compute_extension:deferred_delete": "",
|
||||
"compute_extension:v3:os-deferred-delete": "",
|
||||
"os_compute_api:os-deferred-delete": "",
|
||||
"compute_extension:disk_config": "",
|
||||
"compute_extension:v3:os-disk-config": "",
|
||||
"os_compute_api:os-disk-config": "",
|
||||
"compute_extension:evacuate": "is_admin:True",
|
||||
"compute_extension:v3:os-evacuate": "is_admin:True",
|
||||
"os_compute_api:os-evacuate": "is_admin:True",
|
||||
"compute_extension:extended_server_attributes": "",
|
||||
"compute_extension:v3:os-extended-server-attributes": "",
|
||||
"os_compute_api:os-extended-server-attributes": "",
|
||||
"compute_extension:extended_status": "",
|
||||
"compute_extension:v3:os-extended-status": "",
|
||||
"os_compute_api:os-extended-status": "",
|
||||
"compute_extension:extended_availability_zone": "",
|
||||
"compute_extension:v3:os-extended-availability-zone": "",
|
||||
"os_compute_api:os-extended-availability-zone": "",
|
||||
"compute_extension:extended_ips": "",
|
||||
"compute_extension:extended_ips_mac": "",
|
||||
"compute_extension:extended_vif_net": "",
|
||||
"compute_extension:extended_volumes": "",
|
||||
"compute_extension:v3:ips:index": "",
|
||||
"compute_extension:v3:ips:show": "",
|
||||
"compute_extension:v3:os-extended-volumes": "",
|
||||
"compute_extension:v3:extensions:discoverable": "",
|
||||
"os_compute_api:ips:index": "",
|
||||
"os_compute_api:ips:show": "",
|
||||
"os_compute_api:os-extended-volumes": "",
|
||||
"os_compute_api:extensions:discoverable": "",
|
||||
"compute_extension:fixed_ips": "",
|
||||
"compute_extension:v3:os-fixed-ips": "",
|
||||
"os_compute_api:os-fixed-ips": "",
|
||||
"compute_extension:flavor_access": "",
|
||||
"compute_extension:flavor_access:addTenantAccess": "",
|
||||
"compute_extension:flavor_access:removeTenantAccess": "",
|
||||
"compute_extension:v3:os-flavor-access": "",
|
||||
"compute_extension:v3:os-flavor-access:remove_tenant_access": "",
|
||||
"compute_extension:v3:os-flavor-access:add_tenant_access": "",
|
||||
"os_compute_api:os-flavor-access": "",
|
||||
"os_compute_api:os-flavor-access:remove_tenant_access": "",
|
||||
"os_compute_api:os-flavor-access:add_tenant_access": "",
|
||||
"compute_extension:flavor_disabled": "",
|
||||
"compute_extension:v3:os-flavor-disabled": "",
|
||||
"os_compute_api:os-flavor-disabled": "",
|
||||
"compute_extension:flavor_rxtx": "",
|
||||
"compute_extension:v3:os-flavor-rxtx": "",
|
||||
"os_compute_api:os-flavor-rxtx": "",
|
||||
"compute_extension:flavor_swap": "",
|
||||
"compute_extension:flavorextradata": "",
|
||||
"compute_extension:flavorextraspecs:index": "",
|
||||
|
|
@ -219,111 +219,111 @@ policy_data = """
|
|||
"compute_extension:flavorextraspecs:create": "is_admin:True",
|
||||
"compute_extension:flavorextraspecs:update": "is_admin:True",
|
||||
"compute_extension:flavorextraspecs:delete": "is_admin:True",
|
||||
"compute_extension:v3:os-flavor-extra-specs:index": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:show": "",
|
||||
"compute_extension:v3:os-flavor-extra-specs:create": "is_admin:True",
|
||||
"compute_extension:v3:os-flavor-extra-specs:update": "is_admin:True",
|
||||
"compute_extension:v3:os-flavor-extra-specs:delete": "is_admin:True",
|
||||
"os_compute_api:os-flavor-extra-specs:index": "",
|
||||
"os_compute_api:os-flavor-extra-specs:show": "",
|
||||
"os_compute_api:os-flavor-extra-specs:create": "is_admin:True",
|
||||
"os_compute_api:os-flavor-extra-specs:update": "is_admin:True",
|
||||
"os_compute_api:os-flavor-extra-specs:delete": "is_admin:True",
|
||||
"compute_extension:flavormanage": "",
|
||||
"compute_extension:v3:os-flavor-manage": "",
|
||||
"compute_extension:v3:os-flavors:discoverable": "",
|
||||
"os_compute_api:os-flavor-manage": "",
|
||||
"os_compute_api:os-flavors:discoverable": "",
|
||||
"compute_extension:floating_ip_dns": "",
|
||||
"compute_extension:v3:os-floating-ip-dns": "",
|
||||
"os_compute_api:os-floating-ip-dns": "",
|
||||
"compute_extension:floating_ip_pools": "",
|
||||
"compute_extension:v3:os-floating-ip-pools": "",
|
||||
"os_compute_api:os-floating-ip-pools": "",
|
||||
"compute_extension:floating_ips": "",
|
||||
"compute_extension:v3:os-floating-ips": "",
|
||||
"os_compute_api:os-floating-ips": "",
|
||||
"compute_extension:floating_ips_bulk": "",
|
||||
"compute_extension:v3:os-floating-ips-bulk": "",
|
||||
"os_compute_api:os-floating-ips-bulk": "",
|
||||
"compute_extension:fping": "",
|
||||
"compute_extension:fping:all_tenants": "is_admin:True",
|
||||
"compute_extension:v3:os-fping": "",
|
||||
"compute_extension:v3:os-fping:all_tenants": "is_admin:True",
|
||||
"os_compute_api:os-fping": "",
|
||||
"os_compute_api:os-fping:all_tenants": "is_admin:True",
|
||||
"compute_extension:hide_server_addresses": "",
|
||||
"compute_extension:v3:os-hide-server-addresses": "",
|
||||
"os_compute_api:os-hide-server-addresses": "",
|
||||
"compute_extension:hosts": "",
|
||||
"compute_extension:v3:os-hosts": "rule:admin_api",
|
||||
"os_compute_api:os-hosts": "rule:admin_api",
|
||||
"compute_extension:hypervisors": "rule:admin_api",
|
||||
"compute_extension:v3:os-hypervisors": "rule:admin_api",
|
||||
"os_compute_api:os-hypervisors": "rule:admin_api",
|
||||
"compute_extension:image_size": "",
|
||||
"compute_extension:v3:image-size": "",
|
||||
"os_compute_api:image-size": "",
|
||||
"compute_extension:instance_actions": "",
|
||||
"compute_extension:v3:os-instance-actions": "",
|
||||
"os_compute_api:os-instance-actions": "",
|
||||
"compute_extension:instance_actions:events": "is_admin:True",
|
||||
"compute_extension:v3:os-instance-actions:events": "is_admin:True",
|
||||
"os_compute_api:os-instance-actions:events": "is_admin:True",
|
||||
"compute_extension:instance_usage_audit_log": "rule:admin_api",
|
||||
"compute_extension:v3:os-instance-usage-audit-log": "",
|
||||
"os_compute_api:os-instance-usage-audit-log": "",
|
||||
"compute_extension:keypairs": "",
|
||||
"compute_extension:keypairs:index": "",
|
||||
"compute_extension:keypairs:show": "",
|
||||
"compute_extension:keypairs:create": "",
|
||||
"compute_extension:keypairs:delete": "",
|
||||
|
||||
"compute_extension:v3:os-keypairs": "",
|
||||
"compute_extension:v3:os-keypairs:index": "",
|
||||
"compute_extension:v3:os-keypairs:show": "",
|
||||
"compute_extension:v3:os-keypairs:create": "",
|
||||
"compute_extension:v3:os-keypairs:delete": "",
|
||||
"compute_extension:v3:os-lock-server:lock": "",
|
||||
"compute_extension:v3:os-lock-server:unlock": "",
|
||||
"compute_extension:v3:os-migrate-server:migrate": "",
|
||||
"compute_extension:v3:os-migrate-server:migrate_live": "",
|
||||
"os_compute_api:os-keypairs": "",
|
||||
"os_compute_api:os-keypairs:index": "",
|
||||
"os_compute_api:os-keypairs:show": "",
|
||||
"os_compute_api:os-keypairs:create": "",
|
||||
"os_compute_api:os-keypairs:delete": "",
|
||||
"os_compute_api:os-lock-server:lock": "",
|
||||
"os_compute_api:os-lock-server:unlock": "",
|
||||
"os_compute_api:os-migrate-server:migrate": "",
|
||||
"os_compute_api:os-migrate-server:migrate_live": "",
|
||||
"compute_extension:multinic": "",
|
||||
"compute_extension:v3:os-multinic": "",
|
||||
"os_compute_api:os-multinic": "",
|
||||
"compute_extension:networks": "",
|
||||
"compute_extension:networks:view": "",
|
||||
"compute_extension:v3:os-networks": "",
|
||||
"compute_extension:v3:os-networks:view": "",
|
||||
"os_compute_api:os-networks": "",
|
||||
"os_compute_api:os-networks:view": "",
|
||||
"compute_extension:networks_associate": "",
|
||||
"compute_extension:v3:os-networks-associate": "",
|
||||
"os_compute_api:os-networks-associate": "",
|
||||
"compute_extension:os-tenant-networks": "",
|
||||
"compute_extension:v3:os-tenant-networks": "",
|
||||
"compute_extension:v3:os-pause-server:pause": "",
|
||||
"compute_extension:v3:os-pause-server:unpause": "",
|
||||
"compute_extension:v3:os-pci:pci_servers": "",
|
||||
"compute_extension:v3:os-pci:index": "",
|
||||
"compute_extension:v3:os-pci:detail": "",
|
||||
"compute_extension:v3:os-pci:show": "",
|
||||
"os_compute_api:os-tenant-networks": "",
|
||||
"os_compute_api:os-pause-server:pause": "",
|
||||
"os_compute_api:os-pause-server:unpause": "",
|
||||
"os_compute_api:os-pci:pci_servers": "",
|
||||
"os_compute_api:os-pci:index": "",
|
||||
"os_compute_api:os-pci:detail": "",
|
||||
"os_compute_api:os-pci:show": "",
|
||||
"compute_extension:quotas:show": "",
|
||||
"compute_extension:quotas:update": "",
|
||||
"compute_extension:quotas:delete": "",
|
||||
"compute_extension:v3:os-quota-sets:show": "",
|
||||
"compute_extension:v3:os-quota-sets:update": "",
|
||||
"compute_extension:v3:os-quota-sets:delete": "",
|
||||
"compute_extension:v3:os-quota-sets:detail": "",
|
||||
"os_compute_api:os-quota-sets:show": "",
|
||||
"os_compute_api:os-quota-sets:update": "",
|
||||
"os_compute_api:os-quota-sets:delete": "",
|
||||
"os_compute_api:os-quota-sets:detail": "",
|
||||
"compute_extension:quota_classes": "",
|
||||
"compute_extension:v3:os-quota-class-sets": "",
|
||||
"os_compute_api:os-quota-class-sets": "",
|
||||
"compute_extension:rescue": "",
|
||||
"compute_extension:v3:os-rescue": "",
|
||||
"os_compute_api:os-rescue": "",
|
||||
"compute_extension:security_group_default_rules": "",
|
||||
"compute_extension:v3:os-security-group-default-rules": "",
|
||||
"os_compute_api:os-security-group-default-rules": "",
|
||||
"compute_extension:security_groups": "",
|
||||
"compute_extension:v3:os-security-groups": "",
|
||||
"os_compute_api:os-security-groups": "",
|
||||
"compute_extension:server_diagnostics": "",
|
||||
"compute_extension:v3:os-server-diagnostics": "",
|
||||
"os_compute_api:os-server-diagnostics": "",
|
||||
"compute_extension:server_groups": "",
|
||||
"compute_extension:server_password": "",
|
||||
"compute_extension:v3:os-server-password": "",
|
||||
"os_compute_api:os-server-password": "",
|
||||
"compute_extension:server_usage": "",
|
||||
"compute_extension:v3:os-server-usage": "",
|
||||
"compute_extension:v3:os-server-groups": "",
|
||||
"os_compute_api:os-server-usage": "",
|
||||
"os_compute_api:os-server-groups": "",
|
||||
"compute_extension:services": "",
|
||||
"compute_extension:v3:os-services": "",
|
||||
"os_compute_api:os-services": "",
|
||||
"compute_extension:shelve": "",
|
||||
"compute_extension:shelveOffload": "",
|
||||
"compute_extension:v3:os-shelve:shelve": "",
|
||||
"compute_extension:v3:os-shelve:shelve_offload": "",
|
||||
"os_compute_api:os-shelve:shelve": "",
|
||||
"os_compute_api:os-shelve:shelve_offload": "",
|
||||
"compute_extension:simple_tenant_usage:show": "",
|
||||
"compute_extension:simple_tenant_usage:list": "",
|
||||
"compute_extension:v3:os-simple-tenant-usage:show": "",
|
||||
"compute_extension:v3:os-simple-tenant-usage:list": "",
|
||||
"os_compute_api:os-simple-tenant-usage:show": "",
|
||||
"os_compute_api:os-simple-tenant-usage:list": "",
|
||||
"compute_extension:unshelve": "",
|
||||
"compute_extension:v3:os-shelve:unshelve": "",
|
||||
"compute_extension:v3:os-suspend-server:suspend": "",
|
||||
"compute_extension:v3:os-suspend-server:resume": "",
|
||||
"os_compute_api:os-shelve:unshelve": "",
|
||||
"os_compute_api:os-suspend-server:suspend": "",
|
||||
"os_compute_api:os-suspend-server:resume": "",
|
||||
"compute_extension:users": "",
|
||||
"compute_extension:virtual_interfaces": "",
|
||||
"compute_extension:v3:os-virtual-interfaces": "",
|
||||
"os_compute_api:os-virtual-interfaces": "",
|
||||
"compute_extension:virtual_storage_arrays": "",
|
||||
"compute_extension:volumes": "",
|
||||
"compute_extension:volume_attachments:index": "",
|
||||
|
|
@ -331,36 +331,36 @@ policy_data = """
|
|||
"compute_extension:volume_attachments:create": "",
|
||||
"compute_extension:volume_attachments:update": "",
|
||||
"compute_extension:volume_attachments:delete": "",
|
||||
"compute_extension:v3:os-volumes": "",
|
||||
"compute_extension:v3:os-volumes-attachments:index": "",
|
||||
"compute_extension:v3:os-volumes-attachments:show": "",
|
||||
"compute_extension:v3:os-volumes-attachments:create": "",
|
||||
"compute_extension:v3:os-volumes-attachments:update": "",
|
||||
"compute_extension:v3:os-volumes-attachments:delete": "",
|
||||
"os_compute_api:os-volumes": "",
|
||||
"os_compute_api:os-volumes-attachments:index": "",
|
||||
"os_compute_api:os-volumes-attachments:show": "",
|
||||
"os_compute_api:os-volumes-attachments:create": "",
|
||||
"os_compute_api:os-volumes-attachments:update": "",
|
||||
"os_compute_api:os-volumes-attachments:delete": "",
|
||||
"compute_extension:volumetypes": "",
|
||||
"compute_extension:zones": "",
|
||||
"compute_extension:availability_zone:list": "",
|
||||
"compute_extension:v3:os-availability-zone:list": "",
|
||||
"os_compute_api:os-availability-zone:list": "",
|
||||
"compute_extension:availability_zone:detail": "",
|
||||
"compute_extension:v3:os-availability-zone:detail": "",
|
||||
"os_compute_api:os-availability-zone:detail": "",
|
||||
"compute_extension:used_limits_for_admin": "is_admin:True",
|
||||
"compute_extension:v3:os-used-limits": "is_admin:True",
|
||||
"os_compute_api:os-used-limits": "is_admin:True",
|
||||
"compute_extension:migrations:index": "is_admin:True",
|
||||
"compute_extension:v3:os-migrations:index": "is_admin:True",
|
||||
"os_compute_api:os-migrations:index": "is_admin:True",
|
||||
"compute_extension:os-assisted-volume-snapshots:create": "",
|
||||
"compute_extension:os-assisted-volume-snapshots:delete": "",
|
||||
"compute_extension:v3:os-assisted-volume-snapshots:create": "",
|
||||
"compute_extension:v3:os-assisted-volume-snapshots:delete": "",
|
||||
"os_compute_api:os-assisted-volume-snapshots:create": "",
|
||||
"os_compute_api:os-assisted-volume-snapshots:delete": "",
|
||||
"compute_extension:console_auth_tokens": "is_admin:True",
|
||||
"compute_extension:v3:os-console-auth-tokens": "is_admin:True",
|
||||
"os_compute_api:os-console-auth-tokens": "is_admin:True",
|
||||
"compute_extension:os-server-external-events:create": "rule:admin_api",
|
||||
"compute_extension:v3:os-server-external-events:create": "rule:admin_api",
|
||||
"compute_extension:v3:server-metadata:create": "",
|
||||
"compute_extension:v3:server-metadata:update": "",
|
||||
"compute_extension:v3:server-metadata:update_all": "",
|
||||
"compute_extension:v3:server-metadata:delete": "",
|
||||
"compute_extension:v3:server-metadata:show": "",
|
||||
"compute_extension:v3:server-metadata:index": "",
|
||||
"os_compute_api:os-server-external-events:create": "rule:admin_api",
|
||||
"os_compute_api:server-metadata:create": "",
|
||||
"os_compute_api:server-metadata:update": "",
|
||||
"os_compute_api:server-metadata:update_all": "",
|
||||
"os_compute_api:server-metadata:delete": "",
|
||||
"os_compute_api:server-metadata:show": "",
|
||||
"os_compute_api:server-metadata:index": "",
|
||||
|
||||
"network:get_all": "",
|
||||
"network:get": "",
|
||||
|
|
|
|||
Loading…
Reference in New Issue