summaryrefslogtreecommitdiff
path: root/nova/policies/shelve.py
diff options
context:
space:
mode:
Diffstat (limited to 'nova/policies/shelve.py')
-rw-r--r--nova/policies/shelve.py24
1 files changed, 18 insertions, 6 deletions
diff --git a/nova/policies/shelve.py b/nova/policies/shelve.py
index da4a3354ce..476d212b04 100644
--- a/nova/policies/shelve.py
+++ b/nova/policies/shelve.py
@@ -24,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-shelve:%s'
shelve_policies = [
policy.DocumentedRuleDefault(
name=POLICY_ROOT % 'shelve',
- check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+ check_str=base.PROJECT_MEMBER_OR_ADMIN,
description="Shelve server",
operations=[
{
@@ -32,10 +32,10 @@ shelve_policies = [
'path': '/servers/{server_id}/action (shelve)'
}
],
- scope_types=['system', 'project']),
+ scope_types=['project']),
policy.DocumentedRuleDefault(
name=POLICY_ROOT % 'unshelve',
- check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+ check_str=base.PROJECT_MEMBER_OR_ADMIN,
description="Unshelve (restore) shelved server",
operations=[
{
@@ -43,10 +43,22 @@ shelve_policies = [
'path': '/servers/{server_id}/action (unshelve)'
}
],
- scope_types=['system', 'project']),
+ scope_types=['project']),
+ policy.DocumentedRuleDefault(
+ name=POLICY_ROOT % 'unshelve_to_host',
+ check_str=base.ADMIN,
+ description="Unshelve (restore) shelve offloaded server to a "
+ "specific host",
+ operations=[
+ {
+ 'method': 'POST',
+ 'path': '/servers/{server_id}/action (unshelve)'
+ }
+ ],
+ scope_types=['project']),
policy.DocumentedRuleDefault(
name=POLICY_ROOT % 'shelve_offload',
- check_str=base.SYSTEM_ADMIN,
+ check_str=base.ADMIN,
description="Shelf-offload (remove) server",
operations=[
{
@@ -54,7 +66,7 @@ shelve_policies = [
'path': '/servers/{server_id}/action (shelveOffload)'
}
],
- scope_types=['system', 'project']),
+ scope_types=['project']),
]
View Lorry Controller Status