0a461979df
This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.
A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.
With these changes, we can have something like:
/etc/nova/policy.json - for nova policy rules
/etc/nova/placement-policy.yaml - for placement rules
The docs are also updated to include the placement
policy sample along with a tox builder for the sample.
This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.
Part of blueprint granular-placement-policy
Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
17 lines
484 B
ReStructuredText
17 lines
484 B
ReStructuredText
=======================
|
|
Sample Nova Policy File
|
|
=======================
|
|
|
|
The following is a sample nova policy file for adaptation and use.
|
|
|
|
The sample policy can also be viewed in :download:`file form
|
|
</_static/nova.policy.yaml.sample>`.
|
|
|
|
.. important::
|
|
|
|
The sample policy file is auto-generated from nova when this documentation
|
|
is built. You must ensure your version of nova matches the version of this
|
|
documentation.
|
|
|
|
.. literalinclude:: /_static/nova.policy.yaml.sample
|