![]() 'etc/nova/policy.json' is sample file for polcy configration. But there are a lot of rule missing in it. The user is hard to find out which rule can be used in nova. This patch adds the missing rule back to policy.json. Also adds a test case to veify the contents of policy. SecurityImpact UpgradeImpact: "os_compute_api:servers:create:forced_host" is missing in policy.json. That means it will be default rule. But actually it should be admin only API. This patch adds this rule back to policy.json and with correct rule. Deployer should update their policy.json to match the original permission also. Co-Authored-By: Alex Xu <hejie.xu@intel.com> Closes-Bug: #1435390 Change-Id: Ic0780a0d1ccf96c14f1e0ad9c3e9b23e2b0db0ea |
||
---|---|---|
.. | ||
rootwrap.d | ||
README-nova.conf.txt | ||
api-paste.ini | ||
cells.json | ||
logging_sample.conf | ||
nova-config-generator.conf | ||
policy.json | ||
release.sample | ||
rootwrap.conf |