8c7ca368b1
This change adds support for the trusted_image_certificates parameter, which is used to define a list of trusted certificate IDs that can be used during image signature verification and certificate validation. The parameter may contain a list of strings, each string representing the ID of a trusted certificate. The list is restricted to a maximum of 50 IDs. The list of certificate IDs will be stored in the trusted_certs field of the instance InstanceExtra and will be used to verify the validity of the signing certificate of a signed instance image. The trusted_image_certificates request parameter can be passed to the server create and rebuild APIs (if allowed by policy): * POST /servers * POST /servers/{server_id}/action (rebuild) The following policy rules were added to restrict the usage of the ``trusted_image_certificates`` request parameter in the server create and rebuild APIs: * os_compute_api:servers:create:trusted_certs * os_compute_api:servers:rebuild:trusted_certs The trusted_image_certificates parameter will be in the response body of the following APIs (not restricted by policy): * GET /servers/detail * GET /servers/{server_id} * PUT /servers/{server_id} * POST /servers/{server_id}/action (rebuild) APIImpact Implements blueprint: nova-validate-certificates Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199 |
||
---|---|---|
.. | ||
__init__.py | ||
addresses.py | ||
flavors.py | ||
hypervisors.py | ||
images.py | ||
instance_actions.py | ||
keypairs.py | ||
limits.py | ||
migrations.py | ||
server_diagnostics.py | ||
server_tags.py | ||
servers.py | ||
usages.py | ||
versions.py |