From 4722fe5ba568446d6bbd07791b94c9f573be2eeb Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Mon, 21 Oct 2019 16:12:36 +0000
Subject: [PATCH] Fix policy doc for host_status and extended servers attribute

In microversion 2.75, host_status and extended-server-attributes
were added in PUT /servers/{server-id} and POST /servers/action {rebuild }
API response with respective policy enforcement[1].

But PUT and rebuild APIs were missed to mentioned in policy doc
for 'os_compute_api:servers:show:host_status'
'os_compute_api:os-extended-server-attributes'

- https://docs.openstack.org/nova/latest/configuration/policy.html

Closes-Bug: #1849164

[1]
https://github.com/openstack/nova/blob/964d7dc87989b5765fcc60d34f734963ab8e03e7/nova/api/openstack/compute/servers.py#L854

https://github.com/openstack/nova/blob/964d7dc87989b5765fcc60d34f734963ab8e03e7/nova/api/openstack/compute/servers.py#L1161

Change-Id: Ifac1e60f5c8d9c5e3a0a9dacc398c339c2216689
---
 nova/policies/extended_server_attributes.py | 12 ++++++++++++
 nova/policies/servers.py                    | 17 ++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/nova/policies/extended_server_attributes.py b/nova/policies/extended_server_attributes.py
index 65c45ba2de4a..40abacb99a8e 100644
--- a/nova/policies/extended_server_attributes.py
+++ b/nova/policies/extended_server_attributes.py
@@ -38,6 +38,10 @@ This rule will control the visibility for a set of servers attributes:
 - ``OS-EXT-SRV-ATTR:ramdisk_id`` (since microversion 2.3)
 - ``OS-EXT-SRV-ATTR:root_device_name`` (since microversion 2.3)
 - ``OS-EXT-SRV-ATTR:user_data`` (since microversion 2.3)
+
+Microvision 2.75 added the above attributes in the ``PUT /servers/{server_id}``
+and ``POST /servers/{server_id}/action (rebuild)`` API responses which are
+also controlled by this policy rule, like the ``GET /servers*`` APIs.
 """,
         [
             {
@@ -47,6 +51,14 @@ This rule will control the visibility for a set of servers attributes:
             {
                 'method': 'GET',
                 'path': '/servers/detail'
+            },
+            {
+                'method': 'PUT',
+                'path': '/servers/{server_id}'
+            },
+            {
+                'method': 'POST',
+                'path': '/servers/{server_id}/action (rebuild)'
             }
         ]
     ),
diff --git a/nova/policies/servers.py b/nova/policies/servers.py
index e08a4e70bc90..47cf30be527c 100644
--- a/nova/policies/servers.py
+++ b/nova/policies/servers.py
@@ -92,7 +92,14 @@ rules = [
     policy.DocumentedRuleDefault(
         SERVERS % 'show:host_status',
         base.RULE_ADMIN_API,
-        "Show a server with additional host status information",
+        """
+Show a server with additional host status information.
+
+Microvision 2.75 added the ``host_status`` attribute in the
+``PUT /servers/{server_id}`` and ``POST /servers/{server_id}/action (rebuild)``
+API responses which are also controlled by this policy rule, like the
+``GET /servers*`` APIs.
+""",
         [
             {
                 'method': 'GET',
@@ -101,6 +108,14 @@ rules = [
             {
                 'method': 'GET',
                 'path': '/servers/detail'
+            },
+            {
+                'method': 'PUT',
+                'path': '/servers/{server_id}'
+            },
+            {
+                'method': 'POST',
+                'path': '/servers/{server_id}/action (rebuild)'
             }
         ]),
     policy.DocumentedRuleDefault(