Update Cinder Configuration for Liberty
This patch includes the following updates based on the updated source in Cinder's Liberty release: - api-paste.ini (no changes) - policy.json - rootwrap.d/volume.filters DocImpact UpgradeImpact Implements: blueprint liberty-release Change-Id: I7f03f3c4c2223d445bb2157dd09ae37ebc961121
This commit is contained in:
parent
0d0cd6e001
commit
5b33db1020
@ -22,6 +22,12 @@ vgs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, vgs
|
||||
lvs_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvs
|
||||
lvdisplay_lvmconf: EnvFilter, env, root, LVM_SYSTEM_DIR=, LC_ALL=C, lvdisplay
|
||||
|
||||
# os-brick library commands
|
||||
# TODO(smcginnis) This is a temporary fix. Need to pull in os-brick
|
||||
# os-brick.filters file instead and clean out stale brick values from
|
||||
# this file.
|
||||
scsi_id: CommandFilter, /lib/udev/scsi_id, root
|
||||
|
||||
# cinder/volumes/drivers/srb.py: 'pvresize', '--setphysicalvolumesize', sizestr, pvname
|
||||
pvresize: CommandFilter, pvresize, root
|
||||
|
||||
@ -103,6 +109,7 @@ netapp_nfs_find: RegExpFilter, find, root, find, ^[/]*([^/\0]+(/+)?)*$, -maxdept
|
||||
# cinder/volume/drivers/glusterfs.py
|
||||
chgrp: CommandFilter, chgrp, root
|
||||
umount: CommandFilter, umount, root
|
||||
fallocate: CommandFilter, fallocate, root
|
||||
|
||||
# cinder/volumes/drivers/hds/hds.py:
|
||||
hus-cmd: CommandFilter, hus-cmd, root
|
||||
@ -122,8 +129,11 @@ systool: CommandFilter, systool, root
|
||||
blockdev: CommandFilter, blockdev, root
|
||||
|
||||
# cinder/volume/drivers/ibm/gpfs.py
|
||||
cp: CommandFilter, cp, root
|
||||
# cinder/volume/drivers/tintri.py
|
||||
mv: CommandFilter, mv, root
|
||||
|
||||
# cinder/volume/drivers/ibm/gpfs.py
|
||||
cp: CommandFilter, cp, root
|
||||
mmgetstate: CommandFilter, /usr/lpp/mmfs/bin/mmgetstate, root
|
||||
mmclone: CommandFilter, /usr/lpp/mmfs/bin/mmclone, root
|
||||
mmlsattr: CommandFilter, /usr/lpp/mmfs/bin/mmlsattr, root
|
||||
@ -185,3 +195,13 @@ auiscsi: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_R
|
||||
audppool: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/audppool
|
||||
aureplicationlocal: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationlocal
|
||||
aureplicationmon: EnvFilter, env, root, LANG=, STONAVM_HOME=, LD_LIBRARY_PATH=, STONAVM_RSP_PASS=, STONAVM_ACT=, /usr/stonavm/aureplicationmon
|
||||
|
||||
# cinder/volume/drivers/hgst.py
|
||||
vgc-cluster: CommandFilter, vgc-cluster, root
|
||||
|
||||
# cinder/volume/drivers/vzstorage.py
|
||||
pstorage-mount: CommandFilter, pstorage-mount, root
|
||||
pstorage: CommandFilter, pstorage, root
|
||||
|
||||
# initiator/connector.py:
|
||||
drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
|
||||
|
@ -35,7 +35,7 @@
|
||||
dest: "/etc/cinder/rootwrap.conf"
|
||||
config_overrides: "{{ cinder_rootwrap_conf_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "policy.json"
|
||||
- src: "policy.json.j2"
|
||||
dest: "/etc/cinder/policy.json"
|
||||
config_overrides: "{{ cinder_policy_overrides }}"
|
||||
config_type: "json"
|
||||
|
@ -6,32 +6,36 @@
|
||||
"admin_api": "is_admin:True",
|
||||
|
||||
"volume:create": "",
|
||||
"volume:delete": "",
|
||||
"volume:get": "",
|
||||
"volume:get_all": "",
|
||||
"volume:get_volume_metadata": "",
|
||||
"volume:delete": "rule:admin_or_owner",
|
||||
"volume:get": "rule:admin_or_owner",
|
||||
"volume:get_all": "rule:admin_or_owner",
|
||||
"volume:get_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:delete_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:update_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:get_volume_admin_metadata": "rule:admin_api",
|
||||
"volume:delete_volume_admin_metadata": "rule:admin_api",
|
||||
"volume:update_volume_admin_metadata": "rule:admin_api",
|
||||
"volume:get_snapshot": "",
|
||||
"volume:get_all_snapshots": "",
|
||||
"volume:extend": "",
|
||||
"volume:update_readonly_flag": "",
|
||||
"volume:retype": "",
|
||||
"volume:get_snapshot": "rule:admin_or_owner",
|
||||
"volume:get_all_snapshots": "rule:admin_or_owner",
|
||||
"volume:delete_snapshot": "rule:admin_or_owner",
|
||||
"volume:update_snapshot": "rule:admin_or_owner",
|
||||
"volume:extend": "rule:admin_or_owner",
|
||||
"volume:update_readonly_flag": "rule:admin_or_owner",
|
||||
"volume:retype": "rule:admin_or_owner",
|
||||
"volume:update": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:types_manage": "rule:admin_api",
|
||||
"volume_extension:types_extra_specs": "rule:admin_api",
|
||||
"volume_extension:volume_type_access": "",
|
||||
"volume_extension:volume_type_access": "rule:admin_or_owner",
|
||||
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
|
||||
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
|
||||
"volume_extension:volume_type_encryption": "rule:admin_api",
|
||||
"volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
|
||||
"volume_extension:extended_snapshot_attributes": "",
|
||||
"volume_extension:volume_image_metadata": "",
|
||||
"volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
|
||||
"volume_extension:volume_image_metadata": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:quotas:show": "",
|
||||
"volume_extension:quotas:update": "rule:admin_api",
|
||||
"volume_extension:quota_classes": "",
|
||||
"volume_extension:quota_classes": "rule:admin_api",
|
||||
|
||||
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
|
||||
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
|
||||
@ -39,6 +43,7 @@
|
||||
"volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
|
||||
"volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
|
||||
"volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
|
||||
"volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
|
||||
"volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
|
||||
"volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
|
||||
|
||||
@ -46,30 +51,38 @@
|
||||
"volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
|
||||
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
|
||||
"volume_extension:hosts": "rule:admin_api",
|
||||
"volume_extension:services": "rule:admin_api",
|
||||
"volume_extension:services:index": "rule:admin_api",
|
||||
"volume_extension:services:update" : "rule:admin_api",
|
||||
|
||||
"volume_extension:volume_manage": "rule:admin_api",
|
||||
"volume_extension:volume_unmanage": "rule:admin_api",
|
||||
|
||||
"volume:services": "rule:admin_api",
|
||||
"volume_extension:capabilities": "rule:admin_api",
|
||||
|
||||
"volume:create_transfer": "",
|
||||
"volume:create_transfer": "rule:admin_or_owner",
|
||||
"volume:accept_transfer": "",
|
||||
"volume:delete_transfer": "",
|
||||
"volume:get_all_transfers": "",
|
||||
"volume:delete_transfer": "rule:admin_or_owner",
|
||||
"volume:get_all_transfers": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:replication:promote": "rule:admin_api",
|
||||
"volume_extension:replication:reenable": "rule:admin_api",
|
||||
|
||||
"volume:enable_replication": "rule:admin_api",
|
||||
"volume:disable_replication": "rule:admin_api",
|
||||
"volume:failover_replication": "rule:admin_api",
|
||||
"volume:list_replication_targets": "rule:admin_api",
|
||||
|
||||
"backup:create" : "",
|
||||
"backup:delete": "",
|
||||
"backup:get": "",
|
||||
"backup:get_all": "",
|
||||
"backup:restore": "",
|
||||
"backup:delete": "rule:admin_or_owner",
|
||||
"backup:get": "rule:admin_or_owner",
|
||||
"backup:get_all": "rule:admin_or_owner",
|
||||
"backup:restore": "rule:admin_or_owner",
|
||||
"backup:backup-import": "rule:admin_api",
|
||||
"backup:backup-export": "rule:admin_api",
|
||||
|
||||
"snapshot_extension:snapshot_actions:update_snapshot_status": "",
|
||||
"snapshot_extension:snapshot_manage": "rule:admin_api",
|
||||
"snapshot_extension:snapshot_unmanage": "rule:admin_api",
|
||||
|
||||
"consistencygroup:create" : "group:nobody",
|
||||
"consistencygroup:delete": "group:nobody",
|
Loading…
x
Reference in New Issue
Block a user