Add policy in code documentation for os-set_bootable API
This patchset adds policy in code documentation for the os-set_bootable API action, which does not directly [0] enforce any policy. However, it does internally call volume update API via self.volumes_api.update() [1] which in turn enforces the update policy [2]. Thus os-set_bootable indirectly enforces this policy. This is a unique case where an API doesn't enforce something directly, yet where policy still matters for the API to pass successfully. [0]52deeff8d2/cinder/api/contrib/volume_actions.py (L310)
[1]52deeff8d2/cinder/api/contrib/volume_actions.py (L321)
[2]52deeff8d2/cinder/volume/api.py (L535)
Change-Id: I29d54fb391f4e9508d86fc93e84b4b02c1333da0
This commit is contained in:
parent
1aa9231cb2
commit
02eba89953
|
@ -83,11 +83,17 @@ volumes_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name=UPDATE_POLICY,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description="Update volume.",
|
||||
description="Update volume or update a volume's bootable status.",
|
||||
operations=[
|
||||
{
|
||||
'method': 'PUT',
|
||||
'path': '/volumes'
|
||||
},
|
||||
# The API below calls the volume update API internally, which in
|
||||
# turn enforces the update policy.
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/volumes/{volume_id}/action (os-set_bootable)'
|
||||
}
|
||||
]),
|
||||
policy.DocumentedRuleDefault(
|
||||
|
|
Loading…
Reference in New Issue