openstack/nova
Code Issues Proposed changes
d27d8e44a3
nova/releasenotes/notes/trusted-certs-microversion-589b75f0180d4d51.yaml
Matt Riedemann dc9fb5842c Fix nits from trusted certs notification change 
This is a follow up to address a few nits in change
Ib5b50a3889ab15d5aac992f92e9be372a915eeff.

Change-Id: I08ce4a9f5bb33761d8c5ff82ef9faf874ac97fcc
2018-06-15 08:34:12 -04:00

46 lines
2.1 KiB
YAML
Raw Blame History

---
features:
- |
The 2.63 compute REST API microversion adds support for the
``trusted_image_certificates`` parameter, which is used to define a
list of trusted certificate IDs that can be used during image
signature verification and certificate validation. The list is
restricted to a maximum of 50 IDs. Note that there is not support
with volume-backed servers.
The ``trusted_image_certificates`` request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* ``POST /servers``
* ``POST /servers/{server_id}/action (rebuild)``
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create and
rebuild APIs:
* ``os_compute_api:servers:create:trusted_certs``
* ``os_compute_api:servers:rebuild:trusted_certs``
The ``trusted_image_certificates`` parameter will be in the response
body of the following APIs (not restricted by policy):
* ``GET /servers/detail``
* ``GET /servers/{server_id}``
* ``PUT /servers/{server_id}``
* ``POST /servers/{server_id}/action (rebuild)``
The payload of the ``instance.create.start`` and ``instance.create.end``
and ``instance.create.error`` versioned notifications have been extended
with the ``trusted_image_certificates`` field that contains the list of
trusted certificate IDs used when the instance is created.
The payload of the ``instance.rebuild.start`` and ``instance.rebuild.end``
and ``instance.rebuild.error`` versioned notifications have been extended
with the ``trusted_image_certificates`` field that contains the list of
trusted certificate IDs used when the instance is rebuilt. This change also
causes the type of the payload object to change from
``InstanceActionPayload`` version 1.6 to ``InstanceActionRebuildPayload``
version 1.7. See the `notification dev reference`_ for the sample file of
``instance.rebuild.start`` as an example.
.. _notification dev reference: https://docs.openstack.org/developer/nova/notifications.html
View Git Blame Copy Permalink