Update description to policies in remaining flavor APIs
This updates flavor_manage.py, flavor_access.py and flavor_rxtx.py We also add a note about flavor.py not being used in the code. blueprint policy-docs Change-Id: I422667cd205678377f5e6aa1c6c6073d5445cee1
This commit is contained in:
parent
7e7bdb198e
commit
fb17be80ac
@ -13,7 +13,6 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
@ -23,15 +22,54 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s'
|
||||
|
||||
|
||||
flavor_access_policies = [
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'add_tenant_access',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'remove_tenant_access',
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
base.create_rule_default(
|
||||
POLICY_ROOT % 'add_tenant_access',
|
||||
base.RULE_ADMIN_API,
|
||||
"Add flavor access to a tenant",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/flavors/{flavor_id}/action (addTenantAccess)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
POLICY_ROOT % 'remove_tenant_access',
|
||||
base.RULE_ADMIN_API,
|
||||
"Remove flavor access from a tenant",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/flavors/{flavor_id}/action (removeTenantAccess)'
|
||||
}
|
||||
]),
|
||||
base.create_rule_default(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"""Allow the listing of flavor access information
|
||||
|
||||
Adds the os-flavor-access:is_public key into several flavor APIs.
|
||||
|
||||
It also allows access to the full list of tenants that have access
|
||||
to a flavor via an os-flavor-access API.
|
||||
""",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/flavors/{flavor_id}/os-flavor-access'
|
||||
},
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/flavors/detail'
|
||||
},
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/flavors/{flavor_id}'
|
||||
},
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/flavors'
|
||||
},
|
||||
]),
|
||||
]
|
||||
|
||||
|
||||
|
@ -13,7 +13,6 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
@ -22,9 +21,21 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage'
|
||||
|
||||
|
||||
flavor_manage_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_API),
|
||||
base.create_rule_default(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_API,
|
||||
"Create and delete Flavors",
|
||||
[
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/flavors'
|
||||
},
|
||||
{
|
||||
'method': 'DELETE',
|
||||
'path': '/flavors/{flavor_id}'
|
||||
},
|
||||
|
||||
]),
|
||||
]
|
||||
|
||||
|
||||
|
@ -13,7 +13,6 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
@ -22,9 +21,24 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx'
|
||||
|
||||
|
||||
flavor_rxtx_policies = [
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
base.create_rule_default(
|
||||
BASE_POLICY_NAME,
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
"Adds the rxtx_factor key into some Flavor APIs",
|
||||
[
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/flavors/detail'
|
||||
},
|
||||
{
|
||||
'method': 'GET',
|
||||
'path': '/flavors/{flavor_id}'
|
||||
},
|
||||
{
|
||||
'method': 'POST',
|
||||
'path': '/flavors'
|
||||
},
|
||||
]),
|
||||
]
|
||||
|
||||
|
||||
|
@ -22,6 +22,8 @@ BASE_POLICY_NAME = 'os_compute_api:flavors'
|
||||
|
||||
|
||||
flavors_policies = [
|
||||
# TODO(johngarbutt) this doesn't appear to be used in the code and
|
||||
# as such should be removed.
|
||||
policy.RuleDefault(
|
||||
name=BASE_POLICY_NAME,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
|
Loading…
Reference in New Issue
Block a user