8c7ca368b1
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
|
||
|---|---|---|
| .. | ||
| api_samples | ||
| ext | ||
| notification_samples | ||
| source | ||
| test | ||
| README.rst | ||
| requirements.txt | ||
OpenStack Nova Documentation README
Both contributor developer documentation and REST API documentation are sourced here.
Contributor developer docs are built to: https://docs.openstack.org/nova/latest/
API guide docs are built to: https://developer.openstack.org/api-guide/compute/
For more details, see the "Building the Documentation" section of doc/source/contributor/development-environment.rst.