Remove all discoverable policy rules
We have signaled many times the use of API extensions to change the API has been deprecated, including: 04f8612aa99e618767a85d2f674ecdfc01955ff7 This patch ensures we no longer check any of the discoverable rules when compiling the list of extensions to list in the API. This stops users from being able to use policy to hide certain API extensions. This was never that useful, but now you can't turn any extensions off and we report the API version number, it is basically useless. Note the change in the policy cmd unit test is to ensure now there are no rules that use the ANY rule, we correctly check we return an empty list of rules that match. blueprint remove-discoverable-policy-rules Change-Id: I61d8063708731133177534888ba7f5f05a6bd901
This commit is contained in:
John Garbutt
parent
52b22b09f0
commit
4a34b790d3
@ -13,8 +13,6 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from nova.policies import base
|
||||
|
||||
|
||||
@ -42,9 +40,6 @@ aggregates_policies = [
|
||||
'method': 'POST'
|
||||
}
|
||||
]),
|
||||
policy.RuleDefault(
|
||||
name=POLICY_ROOT % 'discoverable',
|
||||
check_str=base.RULE_ANY),
|
||||
base.create_rule_default(
|
||||
POLICY_ROOT % 'create',
|
||||
base.RULE_ADMIN_API,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user