openstack/nova
Code Issues Proposed changes

Update description to policies in remaining flavor APIs

Browse Source 
This updates flavor_manage.py, flavor_access.py and flavor_rxtx.py
We also add a note about flavor.py not being used in the code.
blueprint policy-docs

Change-Id: I422667cd205678377f5e6aa1c6c6073d5445cee1
This commit is contained in:
John Garbutt 2017-04-27 12:16:25 +01:00 committed by John Garbutt
parent 7e7bdb198e
commit fb17be80ac
4 changed files with 83 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
nova/policies/flavor_access.py
View File

@ -13,7 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -23,15 +22,54 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s'
flavor_access_policies = [
policy.RuleDefault(
name=POLICY_ROOT % 'add_tenant_access',
check_str=base.RULE_ADMIN_API),
policy.RuleDefault(
name=POLICY_ROOT % 'remove_tenant_access',
check_str=base.RULE_ADMIN_API),
policy.RuleDefault(
name=BASE_POLICY_NAME,
check_str=base.RULE_ADMIN_OR_OWNER),
base.create_rule_default(
POLICY_ROOT % 'add_tenant_access',
base.RULE_ADMIN_API,
"Add flavor access to a tenant",
[
{
'method': 'POST',
'path': '/flavors/{flavor_id}/action (addTenantAccess)'
}
]),
base.create_rule_default(
POLICY_ROOT % 'remove_tenant_access',
base.RULE_ADMIN_API,
"Remove flavor access from a tenant",
[
{
'method': 'POST',
'path': '/flavors/{flavor_id}/action (removeTenantAccess)'
}
]),
base.create_rule_default(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"""Allow the listing of flavor access information
Adds the os-flavor-access:is_public key into several flavor APIs.
It also allows access to the full list of tenants that have access
to a flavor via an os-flavor-access API.
""",
[
{
'method': 'GET',
'path': '/flavors/{flavor_id}/os-flavor-access'
},
{
'method': 'GET',
'path': '/flavors/detail'
},
{
'method': 'GET',
'path': '/flavors/{flavor_id}'
},
{
'method': 'POST',
'path': '/flavors'
},
]),
]

19
nova/policies/flavor_manage.py
View File

@ -13,7 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -22,9 +21,21 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage'
flavor_manage_policies = [
policy.RuleDefault(
name=BASE_POLICY_NAME,
check_str=base.RULE_ADMIN_API),
base.create_rule_default(
BASE_POLICY_NAME,
base.RULE_ADMIN_API,
"Create and delete Flavors",
[
{
'method': 'POST',
'path': '/flavors'
},
{
'method': 'DELETE',
'path': '/flavors/{flavor_id}'
},
]),
]

22
nova/policies/flavor_rxtx.py
View File

@ -13,7 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from nova.policies import base
@ -22,9 +21,24 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx'
flavor_rxtx_policies = [
policy.RuleDefault(
name=BASE_POLICY_NAME,
check_str=base.RULE_ADMIN_OR_OWNER),
base.create_rule_default(
BASE_POLICY_NAME,
base.RULE_ADMIN_OR_OWNER,
"Adds the rxtx_factor key into some Flavor APIs",
[
{
'method': 'GET',
'path': '/flavors/detail'
},
{
'method': 'GET',
'path': '/flavors/{flavor_id}'
},
{
'method': 'POST',
'path': '/flavors'
},
]),
]

2
nova/policies/flavors.py
View File

@ -22,6 +22,8 @@ BASE_POLICY_NAME = 'os_compute_api:flavors'
flavors_policies = [
# TODO(johngarbutt) this doesn't appear to be used in the code and
# as such should be removed.
policy.RuleDefault(
name=BASE_POLICY_NAME,
check_str=base.RULE_ADMIN_OR_OWNER),