summaryrefslogtreecommitdiff
path: root/releasenotes/notes/trusted-certs-microversion-589b75f0180d4d51.yaml
blob: 92dda25b665b5e966ea1079e8dd465d53fbb2d94 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

---
features:
  - |
    The 2.63 compute REST API microversion adds support for the
    ``trusted_image_certificates`` parameter, which is used to define a
    list of trusted certificate IDs that can be used during image
    signature verification and certificate validation. The list is
    restricted to a maximum of 50 IDs. Note that there is not support
    with volume-backed servers.

    The ``trusted_image_certificates`` request parameter can be passed to
    the server create and rebuild APIs (if allowed by policy):

    * ``POST /servers``
    * ``POST /servers/{server_id}/action (rebuild)``

    The following policy rules were added to restrict the usage of the
    ``trusted_image_certificates`` request parameter in the server create and
    rebuild APIs:

    * ``os_compute_api:servers:create:trusted_certs``
    * ``os_compute_api:servers:rebuild:trusted_certs``

    The ``trusted_image_certificates`` parameter will be in the response
    body of the following APIs (not restricted by policy):

    * ``GET /servers/detail``
    * ``GET /servers/{server_id}``
    * ``PUT /servers/{server_id}``
    * ``POST /servers/{server_id}/action (rebuild)``

    The payload of the ``instance.create.start`` and ``instance.create.end``
    and ``instance.create.error`` versioned notifications have been extended
    with the ``trusted_image_certificates`` field that contains the list of
    trusted certificate IDs used when the instance is created.

    The payload of the ``instance.rebuild.start`` and ``instance.rebuild.end``
    and ``instance.rebuild.error`` versioned notifications have been extended
    with the ``trusted_image_certificates`` field that contains the list of
    trusted certificate IDs used when the instance is rebuilt. This change also
    causes the type of the payload object to change from
    ``InstanceActionPayload`` version 1.6 to ``InstanceActionRebuildPayload``
    version 1.7. See the `notification dev reference`_ for the sample file of
    ``instance.rebuild.start`` as an example.

    .. _notification dev reference: https://docs.openstack.org/developer/nova/notifications.html
View Lorry Controller Status