Remove deprecated public share policies
These policies were deprecated in Stein and flagged for removal in Train. Now that we're in the Wallaby development cycle let's remove them. Depends-On: I2a647fd5871ef6bb7d1ab45db893a44a560bed72 Change-Id: I6e7608be57de8987117f3f4ace018a7eb91c8bd2 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit is contained in:
parent
d487c2db72
commit
e3e0486de9
@ -17,17 +17,6 @@ from manila.policies import base
|
|||||||
|
|
||||||
BASE_POLICY_NAME = 'share:%s'
|
BASE_POLICY_NAME = 'share:%s'
|
||||||
|
|
||||||
# These deprecated rules can be removed in the 'Train' release.
|
|
||||||
deprecated_create_public_share_rule = policy.DeprecatedRule(
|
|
||||||
name=BASE_POLICY_NAME % 'create_public_share',
|
|
||||||
check_str=base.RULE_DEFAULT,
|
|
||||||
)
|
|
||||||
|
|
||||||
deprecated_set_public_share_rule = policy.DeprecatedRule(
|
|
||||||
name=BASE_POLICY_NAME % 'set_public_share',
|
|
||||||
check_str=base.RULE_DEFAULT,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
shares_policies = [
|
shares_policies = [
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
@ -43,16 +32,7 @@ shares_policies = [
|
|||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name=BASE_POLICY_NAME % 'create_public_share',
|
name=BASE_POLICY_NAME % 'create_public_share',
|
||||||
check_str=base.RULE_ADMIN_API,
|
check_str=base.RULE_ADMIN_API,
|
||||||
description="Create shares visible across all projects in the cloud. "
|
description="Create shares visible across all projects in the cloud.",
|
||||||
"This option will default to rule:admin_api in the "
|
|
||||||
"9.0.0 (Train) release of the OpenStack Shared File "
|
|
||||||
"Systems (manila) service.",
|
|
||||||
deprecated_rule=deprecated_create_public_share_rule,
|
|
||||||
deprecated_reason="Public shares must be accessible across the "
|
|
||||||
"cloud, irrespective of project namespaces. To "
|
|
||||||
"avoid unintended consequences, rule:admin_api "
|
|
||||||
"serves as a better default for this policy.",
|
|
||||||
deprecated_since='S',
|
|
||||||
operations=[
|
operations=[
|
||||||
{
|
{
|
||||||
'method': 'POST',
|
'method': 'POST',
|
||||||
@ -97,15 +77,7 @@ shares_policies = [
|
|||||||
name=BASE_POLICY_NAME % 'set_public_share',
|
name=BASE_POLICY_NAME % 'set_public_share',
|
||||||
check_str=base.RULE_ADMIN_API,
|
check_str=base.RULE_ADMIN_API,
|
||||||
description="Update shares to be visible across all projects in the "
|
description="Update shares to be visible across all projects in the "
|
||||||
"cloud. This option will default to rule:admin_api in the "
|
"cloud.",
|
||||||
"9.0.0 (Train) release of the OpenStack Shared File "
|
|
||||||
"Systems (manila) service.",
|
|
||||||
deprecated_rule=deprecated_set_public_share_rule,
|
|
||||||
deprecated_reason="Public shares must be accessible across the "
|
|
||||||
"cloud, irrespective of project namespaces. To "
|
|
||||||
"avoid unintended consequences, rule:admin_api "
|
|
||||||
"serves as a better default for this policy.",
|
|
||||||
deprecated_since='S',
|
|
||||||
operations=[
|
operations=[
|
||||||
{
|
{
|
||||||
'method': 'PUT',
|
'method': 'PUT',
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The ability to create a public share (RBAC: "share:create_public_share")
|
||||||
|
and to update a share to become publicly visible
|
||||||
|
(RBAC: "share:set_public_share") are now restricted to administator
|
||||||
|
users operating at system scope. Adjust your policy file overrides if
|
||||||
|
you would like to retain the older behavior of allowing all users to
|
||||||
|
create public shares or to update private ones to public. If you do
|
||||||
|
that, be sure that your users are aware of the security implications of
|
||||||
|
publicly accessible shares.
|
Loading…
Reference in New Issue
Block a user