diff options
| author | Zuul <zuul@review.opendev.org> | 2020-08-07 17:54:25 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2020-08-07 17:54:26 +0000 |
| commit | 09ed4c21db5005b1c699a87bfb0e7cb051553342 (patch) | |
| tree | 63ec3cfb339b7ac1290d84ce02b138e8f46b04bd /nova/policies | |
| parent | edae8889c9d08d8b4f2a9d0bb291e0c0472b62ca (diff) | |
| parent | 4ef2ebe241e7fedc24fb5434124fbba8be15f524 (diff) | |
| download | nova-09ed4c21db5005b1c699a87bfb0e7cb051553342.tar.gz | |
Merge "Add new default roles in hosts policies"
Diffstat (limited to 'nova/policies')
| -rw-r--r-- | nova/policies/hosts.py | 87 |
1 files changed, 81 insertions, 6 deletions
diff --git a/nova/policies/hosts.py b/nova/policies/hosts.py index 191d0c0882..97e9f8e6a8 100644 --- a/nova/policies/hosts.py +++ b/nova/policies/hosts.py @@ -20,41 +20,116 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-hosts' +POLICY_NAME = 'os_compute_api:os-hosts:%s' + +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_API, +) + +DEPRECATED_REASON = """ +Nova API policies are introducing new default roles with scope_type +capabilities. Old policies are deprecated and silently going to be ignored +in nova 23.0.0 release. +""" hosts_policies = [ policy.DocumentedRuleDefault( - name=BASE_POLICY_NAME, - check_str=base.RULE_ADMIN_API, - description="""List, show and manage physical hosts. + name=POLICY_NAME % 'list', + check_str=base.SYSTEM_READER, + description="""List physical hosts. -These APIs are all deprecated in favor of os-hypervisors and os-services.""", +This API is deprecated in favor of os-hypervisors and os-services.""", operations=[ { 'method': 'GET', 'path': '/os-hosts' }, + ], + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), + policy.DocumentedRuleDefault( + name=POLICY_NAME % 'show', + check_str=base.SYSTEM_READER, + description="""Show physical host. + +This API is deprecated in favor of os-hypervisors and os-services.""", + operations=[ { 'method': 'GET', 'path': '/os-hosts/{host_name}' - }, + } + ], + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), + policy.DocumentedRuleDefault( + name=POLICY_NAME % 'update', + check_str=base.SYSTEM_ADMIN, + description="""Update physical host. + +This API is deprecated in favor of os-hypervisors and os-services.""", + operations=[ { 'method': 'PUT', 'path': '/os-hosts/{host_name}' }, + ], + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), + policy.DocumentedRuleDefault( + name=POLICY_NAME % 'reboot', + check_str=base.SYSTEM_ADMIN, + description="""Reboot physical host. + +This API is deprecated in favor of os-hypervisors and os-services.""", + operations=[ { 'method': 'GET', 'path': '/os-hosts/{host_name}/reboot' }, + ], + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), + policy.DocumentedRuleDefault( + name=POLICY_NAME % 'shutdown', + check_str=base.SYSTEM_ADMIN, + description="""Shutdown physical host. + +This API is deprecated in favor of os-hypervisors and os-services.""", + operations=[ { 'method': 'GET', 'path': '/os-hosts/{host_name}/shutdown' }, + ], + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), + policy.DocumentedRuleDefault( + name=POLICY_NAME % 'start', + check_str=base.SYSTEM_ADMIN, + description="""Start physical host. + +This API is deprecated in favor of os-hypervisors and os-services.""", + operations=[ { 'method': 'GET', 'path': '/os-hosts/{host_name}/startup' } ], - scope_types=['system']), + scope_types=['system'], + deprecated_rule=DEPRECATED_POLICY, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0'), ] |