openstack
/
nova
Code Issues Proposed changes
nova/api-ref/source
History
Matt Riedemann 7bcd581c78 Add policy rule to block image-backed servers with 0 root disk flavor 
This adds a new policy rule which defaults to behave in a
backward compatible way, but will allow operators to enforce
that servers created with a zero disk flavor must also be
volume-backed servers.

Allowing users to upload their own images and create image-backed
servers on local disk with zero root disk size flavors can be
potentially hazardous if the size of the image is unexpectedly
large, since it can consume the local disk (or shared storage pool).

It should be noted that disabling the new policy rule will
result in a non-backward compatible API behavior change and no
microversion is being introduced for this because enforcement via
a new microversion would not close the security gap on any previous
microversions.

Related compute API reference and user documentation is updated
to mention the policy rule along with a release note since
this is tied to a security bug, which will be backported to stable
branches.

Conflicts:
      nova/policies/servers.py
      nova/tests/unit/test_policy.py

NOTE(mriedem): The conflict is due to not having change
Iedd3fea0e86648fae364f075915555dcb2c4f199 in Queens for trusted
certs.

Change-Id: Id67e1285a0522474844de130c9263e11868f67fb
Closes-Bug: #1739646
(cherry picked from commit 763fd62464)
 		2018-06-18 13:51:41 -04:00
..
conf.py trivial: Remove crud from 'conf.py' 2018-01-18 10:39:24 +00:00
diagnostics.inc Fixed some nits for microversion 2.48 2017-06-06 13:34:17 +00:00
extensions.inc Enable all extension for all remaining sample tests 2016-06-10 06:03:02 +00:00
flavors.inc Add microversion to allow setting flavor description 2017-11-15 22:10:39 +00:00
images.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
index.rst api-ref: Add X-Openstack-Request-Id description 2017-07-10 14:03:14 +00:00
ips.inc API Ref: update server_id params 2016-11-11 14:01:51 -05:00
limits.inc api-ref: Add missing parameters in limits.inc 2017-07-10 14:02:28 +00:00
metadata.inc Make metadata doc more readable 2017-03-31 06:19:01 +00:00
os-agents.inc api-ref: body verification of os-agents 2016-07-08 02:03:07 +00:00
os-aggregates.inc Merge "Clean up metadata param in doc" 2017-04-03 12:39:18 +00:00
os-assisted-volume-snapshots.inc libvirt: remove glusterfs volume driver 2017-05-19 14:51:42 -04:00
os-availability-zone.inc Fix broken URLs 2017-09-07 15:42:31 +02:00
os-baremetal-nodes.inc Better wording for micorversion 2.36 2016-12-10 18:49:13 +08:00
os-cells.inc api-ref: make it clear that os-cells is for cells v1 2017-04-05 17:56:57 +00:00
os-certificates.inc Remove nova-cert 2017-04-27 22:28:01 -04:00
os-cloudpipe.inc Remove cloudpipe APIs 2017-05-04 16:13:45 +08:00
os-consoles.inc Add description for /consoles 2017-03-29 01:37:56 +08:00
os-fixed-ips.inc Better wording for micorversion 2.36 2016-12-10 18:49:13 +08:00
os-flavor-access.inc Verify project id for flavor access calls 2017-05-04 18:23:17 -04:00
os-flavor-extra-specs.inc Add flavor extra_spec info link to api_ref 2016-11-10 06:10:14 +00:00
os-floating-ip-dns.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-floating-ip-pools.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-floating-ips-bulk.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-floating-ips.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-fping.inc Better wording for micorversion 2.36 2016-12-10 18:49:13 +08:00
os-hosts.inc Update the documentation links 2017-11-28 11:07:36 +08:00
os-hypervisors.inc Handle uuids in os-hypervisors API 2017-07-18 17:08:01 -04:00
os-instance-actions.inc api-ref: Fix incorrect parameter name 2017-12-26 18:44:38 +09:00
os-instance-usage-audit-log.inc api-ref: Fix description of os-instance-usage-audit-log 2016-12-14 11:22:50 -05:00
os-interface.inc API support for tagged device attachment 2017-06-30 09:05:34 +03:00
os-keypairs.inc api-ref: Fix keypair API parameters 2017-03-10 15:58:06 +09:00
os-migrations.inc Add pagination and Changes-since filter support for os-migrations. 2018-01-10 14:02:53 -05:00
os-networks.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-quota-class-sets.inc Fix broken URLs 2017-09-07 15:42:31 +02:00
os-quota-sets.inc api-ref: Fix an expand button in os-quota-sets 2017-07-19 16:32:43 +09:00
os-security-group-default-rules.inc Better wording for micorversion 2.36 2016-12-10 18:49:13 +08:00
os-security-group-rules.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-security-groups.inc Add 'all_tenants' for GET sec group api ref 2017-11-28 05:37:15 +00:00
os-server-external-events.inc enhance api-ref for os-server-external-events 2017-09-15 06:19:49 +08:00
os-server-groups.inc Clean up metadata param in doc 2017-02-25 21:45:05 +08:00
os-server-password.inc API Ref: update server_id params 2016-11-11 14:01:51 -05:00
os-server-tags.inc Do not mention that tags are case sensitive in docs 2017-07-18 17:47:22 -04:00
os-services.inc Block deleting compute services which are hosting instances 2018-04-20 14:55:56 -04:00
os-simple-tenant-usage.inc Merge "api-ref: microversion 2.40 overview" 2017-01-06 13:20:10 +00:00
os-tenant-network.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
os-virtual-interfaces.inc Deprecate Multinic, floatingip action and os-virtual-interface API 2017-04-25 12:04:05 -04:00
os-volume-attachments.inc [api] Allow multi-attach in compute api 2018-01-22 10:45:13 -05:00
os-volumes.inc Repair links in Nova documentation 2017-05-23 17:17:52 +07:00
parameters.yaml Add policy rule to block image-backed servers with 0 root disk flavor 2018-06-18 13:51:41 -04:00
request-ids.inc api-ref: Add X-Openstack-Request-Id description 2017-07-10 14:03:14 +00:00
server-migrations.inc Add pagination and Changes-since filter support for os-migrations. 2018-01-10 14:02:53 -05:00
server-security-groups.inc api-ref: Fix parameters in server-security-groups 2017-07-10 14:02:13 +00:00
servers-action-console-output.inc Fix 'server' and 'instance' occurrence in api-ref 2017-03-28 02:54:11 +00:00
servers-action-crash-dump.inc remove /v2.1/{tenant_id} from all urls 2016-06-03 08:47:33 -04:00
servers-action-deferred-delete.inc remove /v2.1/{tenant_id} from all urls 2016-06-03 08:47:33 -04:00
servers-action-evacuate.inc api-ref: Fix response code and parameters in evacuate 2017-04-18 11:52:47 +09:00
servers-action-fixed-ip.inc Deprecate Multinic, floatingip action and os-virtual-interface API 2017-04-25 12:04:05 -04:00
servers-action-remote-consoles.inc api-ref: Complete all the verifications of remote consoles 2017-03-23 10:51:13 +08:00
servers-action-shelve.inc api-ref: fix unshelve asynchronous postconditions typo 2017-06-19 09:24:52 -04:00
servers-actions.inc Deprecate file injection 2017-12-12 09:22:21 -05:00
servers-admin-action.inc Enable cold migration with target host(2/2) 2017-11-29 20:48:16 -05:00
servers-remote-consoles.inc Fix typo 2017-07-13 11:40:43 +08:00
servers.inc Add server filters whitelist in server api-ref 2018-01-30 09:24:46 +00:00
urls.inc [api-ref] Minor text clean-up, formatting 2016-11-29 12:31:46 -05:00
versions.inc Fix broken URLs 2017-09-07 15:42:31 +02:00