diff options
author | Brianna Poulos <Brianna.Poulos@jhuapl.edu> | 2018-06-06 16:43:56 -0400 |
---|---|---|
committer | Matt Riedemann <mriedem.os@gmail.com> | 2018-06-13 15:52:59 -0400 |
commit | 8c7ca368b190f0fd3c097531e2cf52fe4dc20c69 (patch) | |
tree | d32cbc44e64f2f2438cb7012ac5b60dcbee983e3 /api-ref/source/servers-actions.inc | |
parent | ca7d23a3e7287716781a042fe6038b876c0adaf4 (diff) | |
download | nova-8c7ca368b190f0fd3c097531e2cf52fe4dc20c69.tar.gz |
Add trusted_image_certificates to REST API
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
Diffstat (limited to 'api-ref/source/servers-actions.inc')
-rw-r--r-- | api-ref/source/servers-actions.inc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/api-ref/source/servers-actions.inc b/api-ref/source/servers-actions.inc index 037c273645..1ff5cd631d 100644 --- a/api-ref/source/servers-actions.inc +++ b/api-ref/source/servers-actions.inc @@ -488,10 +488,11 @@ Request - description: server_description - key_name: key_name_rebuild_req - user_data: user_data_rebuild_req + - trusted_image_certificates: server_trusted_image_certificates_rebuild_req -**Example Rebuild Server (rebuild Action) (v2.54)** +**Example Rebuild Server (rebuild Action) (v2.63)** -.. literalinclude:: ../../doc/api_samples/servers/v2.54/server-action-rebuild.json +.. literalinclude:: ../../doc/api_samples/servers/v2.63/server-action-rebuild.json :language: javascript Response @@ -537,10 +538,11 @@ Response - tags: tags - key_name: key_name_rebuild_resp - user_data: user_data_rebuild_resp + - trusted_image_certificates: server_trusted_image_certificates_resp -**Example Rebuild Server (rebuild Action) (v2.54)** +**Example Rebuild Server (rebuild Action) (v2.63)** -.. literalinclude:: ../../doc/api_samples/servers/v2.54/server-action-rebuild-resp.json +.. literalinclude:: ../../doc/api_samples/servers/v2.63/server-action-rebuild-resp.json :language: javascript Remove (Disassociate) Floating Ip (removeFloatingIp Action) (DEPRECATED) |