diff options
-rw-r--r-- | cinder/policies/attachments.py | 6 | ||||
-rw-r--r-- | cinder/policies/clusters.py | 6 | ||||
-rw-r--r-- | cinder/policies/manageable_volumes.py | 6 | ||||
-rw-r--r-- | cinder/policies/messages.py | 6 | ||||
-rw-r--r-- | cinder/policies/volume_type.py | 14 | ||||
-rw-r--r-- | cinder/policies/workers.py | 2 | ||||
-rw-r--r-- | doc/source/conf.py | 6 | ||||
-rw-r--r-- | doc/source/configuration/block-storage/policy.rst | 11 | ||||
-rw-r--r-- | doc/source/configuration/index.rst | 1 | ||||
-rw-r--r-- | doc/source/index.rst | 2 | ||||
-rw-r--r-- | doc/source/sample_policy.rst | 17 | ||||
-rw-r--r-- | tools/config/cinder-policy-generator.conf (renamed from etc/cinder/cinder-policy-generator.conf) | 0 | ||||
-rw-r--r-- | tox.ini | 2 |
13 files changed, 58 insertions, 21 deletions
diff --git a/cinder/policies/attachments.py b/cinder/policies/attachments.py index 64d8284d9..3dc13168d 100644 --- a/cinder/policies/attachments.py +++ b/cinder/policies/attachments.py @@ -26,7 +26,7 @@ attachments_policies = [ policy.DocumentedRuleDefault( name=CREATE_POLICY, check_str="", - description="""Create attachment.""", + description="Create attachment.", operations=[ { 'method': 'POST', @@ -36,7 +36,7 @@ attachments_policies = [ policy.DocumentedRuleDefault( name=UPDATE_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="""Update attachment.""", + description="Update attachment.", operations=[ { 'method': 'PUT', @@ -46,7 +46,7 @@ attachments_policies = [ policy.DocumentedRuleDefault( name=DELETE_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="""Delete attachment.""", + description="Delete attachment.", operations=[ { 'method': 'DELETE', diff --git a/cinder/policies/clusters.py b/cinder/policies/clusters.py index f8913bbf4..f9f29aa91 100644 --- a/cinder/policies/clusters.py +++ b/cinder/policies/clusters.py @@ -27,7 +27,7 @@ clusters_policies = [ policy.DocumentedRuleDefault( name=GET_ALL_POLICY, check_str=base.RULE_ADMIN_API, - description="""List clusters.""", + description="List clusters.", operations=[ { 'method': 'GET', @@ -41,7 +41,7 @@ clusters_policies = [ policy.DocumentedRuleDefault( name=GET_POLICY, check_str=base.RULE_ADMIN_API, - description="""Show cluster.""", + description="Show cluster.", operations=[ { 'method': 'GET', @@ -51,7 +51,7 @@ clusters_policies = [ policy.DocumentedRuleDefault( name=UPDATE_POLICY, check_str=base.RULE_ADMIN_API, - description="""Update cluster.""", + description="Update cluster.", operations=[ { 'method': 'PUT', diff --git a/cinder/policies/manageable_volumes.py b/cinder/policies/manageable_volumes.py index f415f6360..0eecce7cf 100644 --- a/cinder/policies/manageable_volumes.py +++ b/cinder/policies/manageable_volumes.py @@ -28,7 +28,7 @@ manageable_volumes_policies = [ name=LIST_MANAGEABLE_POLICY, check_str=base.RULE_ADMIN_API, description= - """List (in detail) of volumes which are available to manage.""", + "List (in detail) of volumes which are available to manage.", operations=[ { 'method': 'GET', @@ -42,7 +42,7 @@ manageable_volumes_policies = [ policy.DocumentedRuleDefault( name=MANAGE_POLICY, check_str=base.RULE_ADMIN_API, - description="""Manage existing volumes.""", + description="Manage existing volumes.", operations=[ { 'method': 'POST', @@ -52,7 +52,7 @@ manageable_volumes_policies = [ policy.DocumentedRuleDefault( name=UNMANAGE_POLICY, check_str=base.RULE_ADMIN_API, - description="""Stop managing a volume.""", + description="Stop managing a volume.", operations=[ { 'method': 'POST', diff --git a/cinder/policies/messages.py b/cinder/policies/messages.py index e9b975ca7..141df1836 100644 --- a/cinder/policies/messages.py +++ b/cinder/policies/messages.py @@ -27,7 +27,7 @@ messages_policies = [ policy.DocumentedRuleDefault( name=GET_ALL_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="""List messages.""", + description="List messages.", operations=[ { 'method': 'GET', @@ -37,7 +37,7 @@ messages_policies = [ policy.DocumentedRuleDefault( name=GET_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="""Show message.""", + description="Show message.", operations=[ { 'method': 'GET', @@ -47,7 +47,7 @@ messages_policies = [ policy.DocumentedRuleDefault( name=DELETE_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="""Delete message.""", + description="Delete message.", operations=[ { 'method': 'DELETE', diff --git a/cinder/policies/volume_type.py b/cinder/policies/volume_type.py index 381bcfc91..acce6a5e8 100644 --- a/cinder/policies/volume_type.py +++ b/cinder/policies/volume_type.py @@ -27,7 +27,7 @@ volume_type_policies = [ policy.DocumentedRuleDefault( name=MANAGE_POLICY, check_str=base.RULE_ADMIN_API, - description="""Create, update and delete volume type.""", + description="Create, update and delete volume type.", operations=[ { 'method': 'POST', @@ -45,8 +45,8 @@ volume_type_policies = [ policy.DocumentedRuleDefault( name=ENCRYPTION_POLICY, check_str=base.RULE_ADMIN_API, - description="""List, show, create, update and delete volume -type encryption.""", + description="List, show, create, update and delete volume " + "type encryption.", operations=[ { 'method': 'POST', @@ -72,8 +72,8 @@ type encryption.""", policy.DocumentedRuleDefault( name=EXTRA_SPEC_POLICY, check_str=base.RULE_ADMIN_API, - description="""List or show volume type with access type extra -specs attribute.""", + description="List or show volume type with access type extra " + "specs attribute.", operations=[ { 'method': 'GET', @@ -87,8 +87,8 @@ specs attribute.""", policy.DocumentedRuleDefault( name=QOS_POLICY, check_str=base.RULE_ADMIN_API, - description="""List or show volume type with access type qos specs -id attribute.""", + description="List or show volume type with access type qos specs " + "id attribute.", operations=[ { 'method': 'GET', diff --git a/cinder/policies/workers.py b/cinder/policies/workers.py index 1f4e676bc..28c2bd3ea 100644 --- a/cinder/policies/workers.py +++ b/cinder/policies/workers.py @@ -25,7 +25,7 @@ workers_policies = [ policy.DocumentedRuleDefault( name=CLEAN_POLICY, check_str=base.RULE_ADMIN_API, - description="""Clean up workers.""", + description="Clean up workers.", operations=[ { 'method': 'POST', diff --git a/doc/source/conf.py b/doc/source/conf.py index 2d81c50fc..c5988b669 100644 --- a/doc/source/conf.py +++ b/doc/source/conf.py @@ -60,12 +60,18 @@ extensions = ['sphinx.ext.autodoc', 'stevedore.sphinxext', 'oslo_config.sphinxconfiggen', 'ext.cinder_driverlist', + 'oslo_policy.sphinxext', + 'oslo_policy.sphinxpolicygen', ] config_generator_config_file = ( '../../tools/config/cinder-config-generator.conf') sample_config_basename = '_static/cinder' +policy_generator_config_file = ( + '../../tools/config/cinder-policy-generator.conf') +sample_policy_basename = '_static/cinder' + # autodoc generation is a bit aggressive and a nuisance # when doing heavy text edit cycles. Execute "export SPHINX_DEBUG=1" # in your terminal to disable diff --git a/doc/source/configuration/block-storage/policy.rst b/doc/source/configuration/block-storage/policy.rst new file mode 100644 index 000000000..bb024df9b --- /dev/null +++ b/doc/source/configuration/block-storage/policy.rst @@ -0,0 +1,11 @@ +==================== +Policy configuration +==================== + +Configuration +~~~~~~~~~~~~~ + +The following is an overview of all available policies in Cinder. + +.. show-policy:: + :config-file: tools/config/cinder-policy-generator.conf diff --git a/doc/source/configuration/index.rst b/doc/source/configuration/index.rst index fd1c82849..ccc932c58 100644 --- a/doc/source/configuration/index.rst +++ b/doc/source/configuration/index.rst @@ -10,6 +10,7 @@ Cinder Service Configuration block-storage/backup-drivers.rst block-storage/schedulers.rst block-storage/logs.rst + block-storage/policy.rst block-storage/fc-zoning.rst block-storage/nested-quota.rst block-storage/volume-encryption.rst diff --git a/doc/source/index.rst b/doc/source/index.rst index 11fa4258f..522af26b4 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -63,6 +63,8 @@ Configuration Reference Sample Configuration File <sample_config> + Sample Policy File <sample_policy> + drivers CLI Reference diff --git a/doc/source/sample_policy.rst b/doc/source/sample_policy.rst new file mode 100644 index 000000000..57e91d405 --- /dev/null +++ b/doc/source/sample_policy.rst @@ -0,0 +1,17 @@ +==================== +Cinder Sample Policy +==================== + +The following is a sample Cinder policy file that has been auto-generated +from default policy values in code. If you're using the default policies, then +the maintenance of this file is not necessary. +It is here to help explain which policy operations protect specific Cinder API, +but it is not suggested to copy and paste into a deployment unless you're planning +on providing a different policy for an operation that is not the default. For +instance, if you want to change the default value of "volume:create", you only +need to keep this single rule in your policy config +file (**/etc/cinder/policy.json**). + +The sample policy file can also be viewed in `file form <_static/cinder.policy.yaml.sample>`_. + +.. literalinclude:: _static/cinder.policy.yaml.sample
\ No newline at end of file diff --git a/etc/cinder/cinder-policy-generator.conf b/tools/config/cinder-policy-generator.conf index 290c0b278..290c0b278 100644 --- a/etc/cinder/cinder-policy-generator.conf +++ b/tools/config/cinder-policy-generator.conf @@ -93,7 +93,7 @@ commands = oslo-config-generator --config-file=tools/config/cinder-config-genera [testenv:genpolicy] -commands = oslopolicy-sample-generator --config-file=etc/cinder/cinder-policy-generator.conf +commands = oslopolicy-sample-generator --config-file=tools/config/cinder-policy-generator.conf [testenv:genopts] sitepackages = False |