ebc9a12a19
Add granularity to the volume_extension:volume_type_encryption policy with the addition of actions for create, get, update, and delete. To address backwards compatibility, the new rules added to the cinder/policies/volume_type.py policy file, default to the existing rule (volume_extension:volume_type_encryption). That way across upgrades this should ensure if an existing admin has customised the rule, it keeps working, but folks that know about the new setting can override the default rule. In addtion, a verify_deprecated_policy method is added to see if the old policy action is being configured instead of the new actions. This verify_deprecated_policy method is adapted from previous nova commit from this patch: https://review.openstack.org/#/c/449288 Change-Id: Iba58e785df934d1c4175c0877d266193ac0167b7
17 lines
626 B
YAML
17 lines
626 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Add granularity to the ``volume_extension:volume_type_encryption``
|
|
policy with the addition of distinct actions for create, get, update,
|
|
and delete:
|
|
|
|
- ``volume_extension:volume_type_encryption:create``
|
|
- ``volume_extension:volume_type_encryption:get``
|
|
- ``volume_extension:volume_type_encryption:update``
|
|
- ``volume_extension:volume_type_encryption:delete``
|
|
|
|
To address backwards compatibility, the new rules added to the
|
|
volume_type.py policy file, default to the existing rule,
|
|
``volume_extension:volume_type_encryption``, if it is set to a
|
|
non-default value.
|