From ee7991489a9707c47a7e22196d2536b1fda50f24 Mon Sep 17 00:00:00 2001 From: jichenjc Date: Wed, 4 Nov 2015 22:23:44 +0800 Subject: [PATCH] Make lock policy default to admin or owner compute:lock and compute:unlock are currently used by compute.api function wrap_check_policy this patch set the default value of them to be same to os_compute_api:os-lock-server. DocImpact: make the default policy to identical to v2.1 policy. UpgradeImpact: old cloud need to care the default value change. Change-Id: Ib862696bbfb7e979d6198f5ca3155f5d1e7b396b --- etc/nova/policy.json | 4 ++-- nova/tests/unit/test_policy.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/etc/nova/policy.json b/etc/nova/policy.json index 60076bc9248f..d2c61031af5e 100644 --- a/etc/nova/policy.json +++ b/etc/nova/policy.json @@ -30,8 +30,8 @@ "compute:stop": "rule:admin_or_owner", "compute:get_lock": "", - "compute:lock": "", - "compute:unlock": "", + "compute:lock": "rule:admin_or_owner", + "compute:unlock": "rule:admin_or_owner", "compute:unlock_override": "rule:admin_api", "compute:get_vnc_console": "", diff --git a/nova/tests/unit/test_policy.py b/nova/tests/unit/test_policy.py index 2586ce45c4b1..9c1b158b4c29 100644 --- a/nova/tests/unit/test_policy.py +++ b/nova/tests/unit/test_policy.py @@ -371,6 +371,8 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "compute:delete", "compute:soft_delete", "compute:force_delete", +"compute:lock", +"compute:unlock", "compute_extension:admin_actions:pause", "compute_extension:admin_actions:unpause", "compute_extension:admin_actions:suspend", @@ -442,7 +444,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "compute:get_spice_console", "compute:get_vnc_console", "compute:inject_network_info", -"compute:lock", "compute:pause", "compute:remove_fixed_ip", "compute:rescue", @@ -455,7 +456,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "compute:snapshot", "compute:suspend", "compute:swap_volume", -"compute:unlock", "compute:unpause", "compute:unrescue", "compute:update",