policy: Deprecate 'admin_api' rule
All of our granular rules have been transitioned across to the new scoped policies, which means we can deprecate this base rule itself. Change-Id: I2153099e5e6adc9fd276089194f5ec5bf4975420 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This commit is contained in:
parent
d3f42f463a
commit
6498534c3b
|
@ -10,6 +10,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
RULE_ADMIN_API = 'rule:admin_api'
|
||||
|
@ -22,12 +23,22 @@ SYSTEM_READER = 'role:reader and system_scope:all'
|
|||
PROJECT_READER = 'role:reader and project_id:%(project_id)s'
|
||||
PROJECT_READER_OR_SYSTEM_READER = f'({SYSTEM_READER}) or ({PROJECT_READER})'
|
||||
|
||||
_DEPRECATED_REASON = """
|
||||
Placement API policies are introducing new default roles with scope_type
|
||||
capabilities. Old policies are deprecated and silently going to be ignored
|
||||
in the placement 6.0.0 (Xena) release.
|
||||
"""
|
||||
|
||||
rules = [
|
||||
policy.RuleDefault(
|
||||
"admin_api",
|
||||
"role:admin",
|
||||
description="Default rule for most placement APIs.",
|
||||
scope_types=['system']),
|
||||
scope_types=['system'],
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue