Merge "policy: Remove the deprecated 'placement' rule"
This commit is contained in:
commit
d3f42f463a
|
@ -23,21 +23,6 @@ PROJECT_READER = 'role:reader and project_id:%(project_id)s'
|
|||
PROJECT_READER_OR_SYSTEM_READER = f'({SYSTEM_READER}) or ({PROJECT_READER})'
|
||||
|
||||
rules = [
|
||||
# "placement" is the default rule (action) used for all routes that do
|
||||
# not yet have granular policy rules. It is used in
|
||||
# PlacementHandler.__call__ and can be dropped once all routes have
|
||||
# granular policy handling.
|
||||
policy.RuleDefault(
|
||||
"placement",
|
||||
"role:admin",
|
||||
description="This rule is used for all routes that do not yet "
|
||||
"have granular policy rules. It will be replaced "
|
||||
"with rule:admin_api.",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="This was a catch-all rule hard-coded into "
|
||||
"the placement service and has been superseded by "
|
||||
"granular policy rules per operation.",
|
||||
deprecated_since="18.0.0"),
|
||||
policy.RuleDefault(
|
||||
"admin_api",
|
||||
"role:admin",
|
||||
|
|
|
@ -749,7 +749,7 @@ class OpenPolicyFixture(APIFixture):
|
|||
for rule in policies.list_rules():
|
||||
name = rule.name
|
||||
# Ignore "base" rules for role:admin.
|
||||
if name in ['placement', 'admin_api']:
|
||||
if name in ('admin_api',):
|
||||
continue
|
||||
rules[name] = '@'
|
||||
self.policy_fixture.set_rules(rules)
|
||||
|
|
|
@ -78,10 +78,13 @@ class PlacementPolicyTestCase(base.ContextTestCase):
|
|||
"""
|
||||
fixture = self.useFixture(
|
||||
policy_fixture.PolicyFixture(self.conf_fixture))
|
||||
fixture.set_rules({'placement': '!'})
|
||||
# It doesn't matter which policy we use here so long as it's
|
||||
# registered.
|
||||
policy_name = 'placement:resource_providers:list'
|
||||
fixture.set_rules({policy_name: '!'})
|
||||
self.assertFalse(
|
||||
policy.authorize(
|
||||
self.ctxt, 'placement', self.target, do_raise=False))
|
||||
self.ctxt, policy_name, self.target, do_raise=False))
|
||||
|
||||
def test_init_pick_policy_file_from_oslo_config_option(self):
|
||||
"""Tests a scenario where the oslo policy enforcer in init pick
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
The deprecated ``placement`` policy has now been removed. This policy was
|
||||
used prior to the introduction of granular policies in the nova 18.0.0
|
||||
(Rocky) release.
|
Loading…
Reference in New Issue