policy: Add defaults in code (part 4)
Partially-Implements: bp policy-in-code Change-Id: I8ae24035ec6aee8fa93f3f55cbafc843d0e9d5ae
This commit is contained in:
parent
ba242101e3
commit
f13a933300
|
@ -16,39 +16,6 @@
|
|||
"os_compute_api:servers:migrations:show": "rule:admin_api",
|
||||
"os_compute_api:os-remote-consoles": "rule:admin_or_owner",
|
||||
"os_compute_api:os-remote-consoles:discoverable": "@",
|
||||
"os_compute_api:images:discoverable": "@",
|
||||
"os_compute_api:image-size": "rule:admin_or_owner",
|
||||
"os_compute_api:image-size:discoverable": "@",
|
||||
"os_compute_api:os-instance-actions": "rule:admin_or_owner",
|
||||
"os_compute_api:os-instance-actions:discoverable": "@",
|
||||
"os_compute_api:os-instance-actions:events": "rule:admin_api",
|
||||
"os_compute_api:os-instance-usage-audit-log": "rule:admin_api",
|
||||
"os_compute_api:os-instance-usage-audit-log:discoverable": "@",
|
||||
"os_compute_api:ips:discoverable": "@",
|
||||
"os_compute_api:ips:index": "rule:admin_or_owner",
|
||||
"os_compute_api:ips:show": "rule:admin_or_owner",
|
||||
"os_compute_api:os-keypairs:discoverable": "@",
|
||||
"os_compute_api:os-keypairs": "rule:admin_or_owner",
|
||||
"os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s",
|
||||
"os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s",
|
||||
"os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s",
|
||||
"os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s",
|
||||
"os_compute_api:limits:discoverable": "@",
|
||||
"os_compute_api:limits": "rule:admin_or_owner",
|
||||
"os_compute_api:os-lock-server:discoverable": "@",
|
||||
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
|
||||
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
|
||||
"os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
|
||||
"os_compute_api:os-migrate-server:discoverable": "@",
|
||||
"os_compute_api:os-migrate-server:migrate": "rule:admin_api",
|
||||
"os_compute_api:os-migrate-server:migrate_live": "rule:admin_api",
|
||||
"os_compute_api:os-multinic": "rule:admin_or_owner",
|
||||
"os_compute_api:os-multinic:discoverable": "@",
|
||||
"os_compute_api:os-networks": "rule:admin_api",
|
||||
"os_compute_api:os-networks:view": "rule:admin_or_owner",
|
||||
"os_compute_api:os-networks:discoverable": "@",
|
||||
"os_compute_api:os-networks-associate": "rule:admin_api",
|
||||
"os_compute_api:os-networks-associate:discoverable": "@",
|
||||
"os_compute_api:os-pause-server:discoverable": "@",
|
||||
"os_compute_api:os-pause-server:pause": "rule:admin_or_owner",
|
||||
"os_compute_api:os-pause-server:unpause": "rule:admin_or_owner",
|
||||
|
@ -123,8 +90,6 @@
|
|||
"os_compute_api:os-volumes-attachments:discoverable": "@",
|
||||
"os_compute_api:os-used-limits": "rule:admin_api",
|
||||
"os_compute_api:os-used-limits:discoverable": "@",
|
||||
"os_compute_api:os-migrations:index": "rule:admin_api",
|
||||
"os_compute_api:os-migrations:discoverable": "@",
|
||||
"os_compute_api:os-server-external-events:create": "rule:admin_api",
|
||||
"os_compute_api:os-server-external-events:discoverable": "@"
|
||||
}
|
||||
|
|
|
@ -54,6 +54,19 @@ from nova.policies import fping
|
|||
from nova.policies import hide_server_addresses
|
||||
from nova.policies import hosts
|
||||
from nova.policies import hypervisors
|
||||
from nova.policies import image_size
|
||||
from nova.policies import images
|
||||
from nova.policies import instance_actions
|
||||
from nova.policies import instance_usage_audit_log
|
||||
from nova.policies import ips
|
||||
from nova.policies import keypairs
|
||||
from nova.policies import limits
|
||||
from nova.policies import lock_server
|
||||
from nova.policies import migrate_server
|
||||
from nova.policies import migrations
|
||||
from nova.policies import multinic
|
||||
from nova.policies import networks
|
||||
from nova.policies import networks_associate
|
||||
from nova.policies import servers
|
||||
|
||||
|
||||
|
@ -100,5 +113,18 @@ def list_rules():
|
|||
hide_server_addresses.list_rules(),
|
||||
hosts.list_rules(),
|
||||
hypervisors.list_rules(),
|
||||
image_size.list_rules(),
|
||||
images.list_rules(),
|
||||
instance_actions.list_rules(),
|
||||
instance_usage_audit_log.list_rules(),
|
||||
ips.list_rules(),
|
||||
keypairs.list_rules(),
|
||||
limits.list_rules(),
|
||||
lock_server.list_rules(),
|
||||
migrate_server.list_rules(),
|
||||
migrations.list_rules(),
|
||||
multinic.list_rules(),
|
||||
networks.list_rules(),
|
||||
networks_associate.list_rules(),
|
||||
servers.list_rules()
|
||||
)
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:image-size'
|
||||
POLICY_ROOT = 'os_compute_api:image-size:%s'
|
||||
|
||||
|
||||
image_size_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return image_size_policies
|
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:images:%s'
|
||||
|
||||
|
||||
images_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return images_policies
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-instance-actions'
|
||||
POLICY_ROOT = 'os_compute_api:os-instance-actions:%s'
|
||||
|
||||
|
||||
instance_actions_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'events',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return instance_actions_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log'
|
||||
POLICY_ROOT = 'os_compute_api:os-instance-usage-audit-log:%s'
|
||||
|
||||
|
||||
instance_usage_audit_log_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return instance_usage_audit_log_policies
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:ips:%s'
|
||||
|
||||
|
||||
ips_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'show',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'index',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return ips_policies
|
|
@ -0,0 +1,48 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-keypairs'
|
||||
POLICY_ROOT = 'os_compute_api:os-keypairs:%s'
|
||||
|
||||
|
||||
keypairs_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'index',
|
||||
check_str='rule:admin_api or user_id:%(user_id)s'),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'create',
|
||||
check_str='rule:admin_api or user_id:%(user_id)s'),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'delete',
|
||||
check_str='rule:admin_api or user_id:%(user_id)s'),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'show',
|
||||
check_str='rule:admin_api or user_id:%(user_id)s'),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return keypairs_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:limits'
|
||||
POLICY_ROOT = 'os_compute_api:limits:%s'
|
||||
|
||||
|
||||
limits_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return limits_policies
|
|
@ -0,0 +1,41 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:os-lock-server:%s'
|
||||
|
||||
|
||||
lock_server_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'lock',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'unlock:unlock_override',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'unlock',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return lock_server_policies
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:os-migrate-server:%s'
|
||||
|
||||
|
||||
migrate_server_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'migrate',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'migrate_live',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return migrate_server_policies
|
|
@ -0,0 +1,35 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
POLICY_ROOT = 'os_compute_api:os-migrations:%s'
|
||||
|
||||
|
||||
migrations_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'index',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return migrations_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-multinic'
|
||||
POLICY_ROOT = 'os_compute_api:os-multinic:%s'
|
||||
|
||||
|
||||
multinic_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return multinic_policies
|
|
@ -0,0 +1,39 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-networks'
|
||||
POLICY_ROOT = 'os_compute_api:os-networks:%s'
|
||||
|
||||
|
||||
networks_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'view',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return networks_policies
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2016 Cloudbase Solutions Srl
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
BASE_POLICY_NAME = 'os_compute_api:os-networks-associate'
|
||||
POLICY_ROOT = 'os_compute_api:os-networks-associate:%s'
|
||||
|
||||
|
||||
networks_associate_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return networks_associate_policies
|
Loading…
Reference in New Issue