[Trivial] Replace ref of policy.json to policy.yaml
policy file default and JSON format 'policy.json' is now deprecated. Let's replace all the ref and test start using the policy.yaml. Change-Id: I78a273576702fb95d831bd9b801b5774fb9fd19e
This commit is contained in:
parent
4a8faa7089
commit
ef769443fb
|
@ -112,7 +112,7 @@ For projects, you can use quota controls to limit the:
|
|||
|
||||
Roles control the actions a user is allowed to perform. By default, most
|
||||
actions do not require a particular role, but you can configure them by editing
|
||||
the ``policy.json`` file for user roles. For example, a rule can be defined so
|
||||
the ``policy.yaml`` file for user roles. For example, a rule can be defined so
|
||||
that a user must have the ``admin`` role in order to be able to allocate a
|
||||
public IP address.
|
||||
|
||||
|
@ -237,7 +237,7 @@ The displayed image attributes are:
|
|||
Virtual hardware templates are called ``flavors``. By default, these are
|
||||
configurable by admin users, however that behavior can be changed by redefining
|
||||
the access controls for ``compute_extension:flavormanage`` in
|
||||
``/etc/nova/policy.json`` on the ``compute-api`` server.
|
||||
``/etc/nova/policy.yaml`` on the ``compute-api`` server.
|
||||
For more information, refer to :doc:`/configuration/policy`.
|
||||
|
||||
For a list of flavors that are available on your system:
|
||||
|
|
|
@ -211,7 +211,7 @@ where an instance is launched. For example:
|
|||
|
||||
This is an admin-only operation by default, though you can modify this
|
||||
behavior using the ``os_compute_api:servers:create:forced_host`` rule in
|
||||
``policy.json``.
|
||||
``policy.yaml``.
|
||||
|
||||
However, as discussed `previously <Implications for moving servers>`_, when
|
||||
launching instances in this manner the scheduler filters are not run. For this
|
||||
|
@ -228,7 +228,7 @@ example:
|
|||
|
||||
This is an admin-only operation by default, though you can modify this
|
||||
behavior using the ``compute:servers:create:requested_destination`` rule in
|
||||
``policy.json``.
|
||||
``policy.yaml``.
|
||||
|
||||
This avoids the need to explicitly select an availability zone and ensures the
|
||||
scheduler filters are not bypassed.
|
||||
|
|
|
@ -348,7 +348,7 @@ on Hyper-V. Below is a sample ``nova.conf`` for Windows:
|
|||
use_cow_images = true
|
||||
force_config_drive = false
|
||||
injected_network_template = C:\Program Files (x86)\OpenStack\Nova\etc\interfaces.template
|
||||
policy_file = C:\Program Files (x86)\OpenStack\Nova\etc\policy.json
|
||||
policy_file = C:\Program Files (x86)\OpenStack\Nova\etc\policy.yaml
|
||||
mkisofs_cmd = C:\Program Files (x86)\OpenStack\Nova\bin\mkisofs.exe
|
||||
allow_resize_to_same_host = true
|
||||
running_deleted_instance_action = reap
|
||||
|
|
|
@ -21,7 +21,7 @@ manage flavors. To see information for this command, run:
|
|||
Configuration rights can be delegated to additional users by redefining
|
||||
the access controls for ``os_compute_api:os-flavor-manage:create``,
|
||||
``os_compute_api:os-flavor-manage:update`` and
|
||||
``os_compute_api:os-flavor-manage:delete`` in ``/etc/nova/policy.json``
|
||||
``os_compute_api:os-flavor-manage:delete`` in ``/etc/nova/policy.yaml``
|
||||
on the ``nova-api`` server.
|
||||
|
||||
.. note::
|
||||
|
|
|
@ -94,7 +94,7 @@ To migrate an instance and watch the status, use this example script:
|
|||
.. note::
|
||||
|
||||
If you see the following error, it means you are either running the command
|
||||
with the wrong credentials, such as a non-admin user, or the ``policy.json``
|
||||
with the wrong credentials, such as a non-admin user, or the ``policy.yaml``
|
||||
file prevents migration for your user::
|
||||
|
||||
Policy doesn't allow os_compute_api:os-migrate-server:migrate to be performed. (HTTP 403)
|
||||
|
|
|
@ -29,7 +29,7 @@ Files
|
|||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/api-paste.ini``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/api-paste.ini``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/api-paste.ini``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ Files
|
|||
=====
|
||||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
=====
|
||||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
=====
|
||||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
=====
|
||||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Files
|
|||
=====
|
||||
|
||||
* ``/etc/nova/nova.conf``
|
||||
* ``/etc/nova/policy.json``
|
||||
* ``/etc/nova/policy.yaml``
|
||||
* ``/etc/nova/rootwrap.conf``
|
||||
* ``/etc/nova/rootwrap.d/``
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ Configuration Guide
|
|||
===================
|
||||
|
||||
The static configuration for nova lives in two main files: ``nova.conf`` and
|
||||
``policy.json``. These are described below. For a bigger picture view on
|
||||
``policy.yaml``. These are described below. For a bigger picture view on
|
||||
configuring nova to solve specific problems, refer to the :doc:`Nova Admin
|
||||
Guide </admin/index>`.
|
||||
|
||||
|
|
|
@ -167,7 +167,7 @@ class AgentsScopeTypePolicyTest(AgentsPolicyTest):
|
|||
class AgentsDeprecatedPolicyTest(base.BasePolicyTest):
|
||||
"""Test os-agents APIs Deprecated policies.
|
||||
This class checks if deprecated policy rules are
|
||||
overridden by user on policy.json file then they
|
||||
overridden by user on policy.yaml file then they
|
||||
still work because oslo.policy add deprecated rules
|
||||
in logical OR condition and enforce them for policy
|
||||
checks if overridden.
|
||||
|
@ -196,7 +196,7 @@ class AgentsDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
# Test to verify if deprecatd overridden policy is working.
|
||||
|
||||
# check for success as admin role. Deprecated rule
|
||||
# has been overridden with admin checks in policy.json
|
||||
# has been overridden with admin checks in policy.yaml
|
||||
# If admin role pass it means overridden rule is enforced by
|
||||
# olso.policy because new default is system reader and the old
|
||||
# default is admin.
|
||||
|
|
|
@ -143,7 +143,7 @@ class AttachInterfacesScopeTypePolicyTest(AttachInterfacesPolicyTest):
|
|||
class AttachInterfacesDeprecatedPolicyTest(base.BasePolicyTest):
|
||||
"""Test Attach Interfaces APIs Deprecated policies.
|
||||
This class checks if deprecated policy rules are
|
||||
overridden by user on policy.json file then they
|
||||
overridden by user on policy.yaml file then they
|
||||
still work because oslo.policy add deprecated rules
|
||||
in logical OR condition and enforce them for policy
|
||||
checks if overridden.
|
||||
|
@ -176,7 +176,7 @@ class AttachInterfacesDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
# Test to verify if deprecatd overridden policy is working.
|
||||
|
||||
# check for success as admin role. Deprecated rule
|
||||
# has been overridden with admin checks in policy.json
|
||||
# has been overridden with admin checks in policy.yaml
|
||||
# If admin role pass it means overridden rule is enforced by
|
||||
# olso.policy because new default is system or project reader and the
|
||||
# old default is admin.
|
||||
|
|
|
@ -153,7 +153,7 @@ class InstanceActionsDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
"""Test os-instance-actions APIs Deprecated policies.
|
||||
|
||||
This class checks if deprecated policy rules are overridden
|
||||
by user on policy.json file then they still work because
|
||||
by user on policy.yaml file then they still work because
|
||||
oslo.policy add deprecated rules in logical OR condition
|
||||
and enforces them for policy checks if overridden.
|
||||
"""
|
||||
|
@ -191,7 +191,7 @@ class InstanceActionsDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
self.admin_or_owner_req.environ['nova.context'])
|
||||
|
||||
# Check for success as admin_or_owner role. Deprecated rule
|
||||
# has been overridden with admin checks in policy.json
|
||||
# has been overridden with admin checks in policy.yaml
|
||||
# If admin role pass it means overridden rule is enforced by
|
||||
# olso.policy because new default is system reader and the old
|
||||
# default is admin.
|
||||
|
|
|
@ -155,7 +155,7 @@ class ServicesDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
"""Test os-services APIs Deprecated policies.
|
||||
|
||||
This class checks if deprecated policy rules are
|
||||
overridden by user on policy.json file then they
|
||||
overridden by user on policy.yaml file then they
|
||||
still work because oslo.policy add deprecated rules
|
||||
in logical OR condition and enforce them for policy
|
||||
checks if overridden.
|
||||
|
@ -185,7 +185,7 @@ class ServicesDeprecatedPolicyTest(base.BasePolicyTest):
|
|||
# Test to verify if deprecatd overridden policy is working.
|
||||
|
||||
# check for success as member role. Deprecated rule
|
||||
# has been overridden with member checks in policy.json
|
||||
# has been overridden with member checks in policy.yaml
|
||||
# If member role pass it means overridden rule is enforced by
|
||||
# olso.policy because new default is system admin and the old
|
||||
# default is admin.
|
||||
|
|
|
@ -46,7 +46,7 @@ class RealPolicyFixture(fixtures.Fixture):
|
|||
def setUp(self):
|
||||
super(RealPolicyFixture, self).setUp()
|
||||
# policy_file can be overridden by subclasses
|
||||
self.policy_file = paths.state_path_def('etc/nova/policy.json')
|
||||
self.policy_file = paths.state_path_def('etc/nova/policy.yaml')
|
||||
self._prepare_policy()
|
||||
CONF.set_override('policy_file', self.policy_file, group='oslo_policy')
|
||||
nova.policy.reset()
|
||||
|
@ -95,7 +95,7 @@ class PolicyFixture(RealPolicyFixture):
|
|||
def _prepare_policy(self):
|
||||
self.policy_dir = self.useFixture(fixtures.TempDir())
|
||||
self.policy_file = os.path.join(self.policy_dir.path,
|
||||
'policy.json')
|
||||
'policy.yaml')
|
||||
|
||||
# load the fake_policy data and add the missing default rules.
|
||||
policy_rules = jsonutils.loads(fake_policy.policy_data)
|
||||
|
@ -126,7 +126,7 @@ class RoleBasedPolicyFixture(RealPolicyFixture):
|
|||
policy[rule.name] = 'role:%s' % self.role
|
||||
|
||||
self.policy_dir = self.useFixture(fixtures.TempDir())
|
||||
self.policy_file = os.path.join(self.policy_dir.path, 'policy.json')
|
||||
self.policy_file = os.path.join(self.policy_dir.path, 'policy.yaml')
|
||||
with open(self.policy_file, 'w') as f:
|
||||
jsonutils.dump(policy, f)
|
||||
|
||||
|
@ -164,7 +164,7 @@ class OverridePolicyFixture(RealPolicyFixture):
|
|||
def _prepare_policy(self):
|
||||
self.policy_dir = self.useFixture(fixtures.TempDir())
|
||||
self.policy_file = os.path.join(self.policy_dir.path,
|
||||
'policy.json')
|
||||
'policy.yaml')
|
||||
with open(self.policy_file, 'w') as f:
|
||||
jsonutils.dump(self.rules_in_file, f)
|
||||
CONF.set_override('policy_dirs', [], group='oslo_policy')
|
||||
|
|
Loading…
Reference in New Issue