Move policy deprecation to base rules
All the policy rules are deprecated for base.RULE_ADMIN_API so we can add this deprecation to base rule for system scope which further can be used as new default for policies. Change-Id: Idf028b44daab0469059d036c48d7c6ca36b01d96
This commit is contained in:
parent
b2ecae242d
commit
fcb761376b
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -22,19 +21,6 @@ LIST = PREFIX % 'list'
|
|||
UPDATE = PREFIX % 'update'
|
||||
BASE_PATH = '/resource_providers/{uuid}/aggregates'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The aggregates API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_aggregates = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_aggregates = policy.DeprecatedRule(
|
||||
name=UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
LIST,
|
||||
|
@ -47,9 +33,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_aggregates,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
UPDATE,
|
||||
|
@ -62,9 +45,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_aggregates,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
]
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -25,32 +24,6 @@ ALLOC_MANAGE = ALLOC_PREFIX % 'manage'
|
|||
ALLOC_UPDATE = ALLOC_PREFIX % 'update'
|
||||
ALLOC_DELETE = ALLOC_PREFIX % 'delete'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The allocation API now supports read-only roles by default.
|
||||
"""
|
||||
|
||||
deprecated_manage_allocations = policy.DeprecatedRule(
|
||||
name=ALLOC_MANAGE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_list_allocation = policy.DeprecatedRule(
|
||||
name=ALLOC_LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_allocation = policy.DeprecatedRule(
|
||||
name=ALLOC_UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_delete_allocation = policy.DeprecatedRule(
|
||||
name=ALLOC_DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_list_resource_provider_allocations = policy.DeprecatedRule(
|
||||
name=RP_ALLOC_LIST,
|
||||
check_str=base.RULE_ADMIN_API,
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=ALLOC_MANAGE,
|
||||
|
@ -63,9 +36,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_manage_allocations,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=ALLOC_LIST,
|
||||
|
@ -78,9 +48,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_allocation,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=ALLOC_UPDATE,
|
||||
|
@ -93,9 +60,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_allocation,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=ALLOC_DELETE,
|
||||
|
@ -108,9 +72,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_delete_allocation,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=RP_ALLOC_LIST,
|
||||
|
@ -123,9 +84,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_resource_provider_allocations,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
]
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -19,16 +18,6 @@ from placement.policies import base
|
|||
|
||||
LIST = 'placement:allocation_candidates:list'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The allocation candidate API now supports read-only roles by default.
|
||||
"""
|
||||
|
||||
deprecated_list_allocation_candidates = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=LIST,
|
||||
|
@ -41,9 +30,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_allocation_candidates,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
)
|
||||
]
|
||||
|
||||
|
|
|
@ -14,14 +14,20 @@ from oslo_log import versionutils
|
|||
from oslo_policy import policy
|
||||
|
||||
RULE_ADMIN_API = 'rule:admin_api'
|
||||
|
||||
DEPRECATED_ADMIN_POLICY = policy.DeprecatedRule(
|
||||
name=RULE_ADMIN_API,
|
||||
check_str='role:admin'
|
||||
)
|
||||
|
||||
# NOTE(lbragstad): We might consider converting these generic checks into
|
||||
# RuleDefaults or DocumentedRuleDefaults, but we need to thoroughly vet the
|
||||
# approach in oslo.policy and consume a new version. Until we have that done,
|
||||
# let's continue using generic check strings.
|
||||
SYSTEM_ADMIN = 'role:admin and system_scope:all'
|
||||
SYSTEM_READER = 'role:reader and system_scope:all'
|
||||
PROJECT_READER = 'role:reader and project_id:%(project_id)s'
|
||||
PROJECT_READER_OR_SYSTEM_READER = f'({SYSTEM_READER}) or ({PROJECT_READER})'
|
||||
SYSTEM_ADMIN = 'rule:system_admin_api'
|
||||
SYSTEM_READER = 'rule:system_reader_api'
|
||||
PROJECT_READER = 'rule:project_reader_api'
|
||||
PROJECT_READER_OR_SYSTEM_READER = 'rule:system_or_project_reader'
|
||||
|
||||
_DEPRECATED_REASON = """
|
||||
Placement API policies are introducing new default roles with scope_type
|
||||
|
@ -39,6 +45,38 @@ rules = [
|
|||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
policy.RuleDefault(
|
||||
name="system_admin_api",
|
||||
check_str='role:admin and system_scope:all',
|
||||
description="Default rule for System Admin APIs.",
|
||||
deprecated_rule=DEPRECATED_ADMIN_POLICY,
|
||||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
policy.RuleDefault(
|
||||
name="system_reader_api",
|
||||
check_str="role:reader and system_scope:all",
|
||||
description="Default rule for System level read only APIs.",
|
||||
deprecated_rule=DEPRECATED_ADMIN_POLICY,
|
||||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
policy.RuleDefault(
|
||||
name="project_reader_api",
|
||||
check_str="role:reader and project_id:%(project_id)s",
|
||||
description="Default rule for Project level read only APIs.",
|
||||
deprecated_rule=DEPRECATED_ADMIN_POLICY,
|
||||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
policy.RuleDefault(
|
||||
name="system_or_project_reader",
|
||||
check_str="rule:system_reader_api or rule:project_reader_api",
|
||||
description="Default rule for System+Project read only APIs.",
|
||||
deprecated_rule=DEPRECATED_ADMIN_POLICY,
|
||||
deprecated_reason=_DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -25,32 +24,6 @@ UPDATE = PREFIX % 'update'
|
|||
DELETE = PREFIX % 'delete'
|
||||
BASE_PATH = '/resource_providers/{uuid}/inventories'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The inventory API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_inventories = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_create_inventory = policy.DeprecatedRule(
|
||||
name=CREATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_show_inventory = policy.DeprecatedRule(
|
||||
name=SHOW,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_inventory = policy.DeprecatedRule(
|
||||
name=UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_delete_inventory = policy.DeprecatedRule(
|
||||
name=DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=LIST,
|
||||
|
@ -63,9 +36,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_inventories,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=CREATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -77,9 +48,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_create_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=SHOW,
|
||||
check_str=base.SYSTEM_READER,
|
||||
|
@ -91,9 +60,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_show_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=UPDATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -109,9 +76,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=DELETE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -127,9 +92,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_delete_inventory,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -20,15 +19,6 @@ from placement.policies import base
|
|||
PREFIX = 'placement:reshaper:%s'
|
||||
RESHAPE = PREFIX % 'reshape'
|
||||
|
||||
deprecated_reshape = policy.DeprecatedRule(
|
||||
name=RESHAPE,
|
||||
check_str=base.RULE_ADMIN_API,
|
||||
)
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The reshape API now supports scoped rule by default.
|
||||
"""
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
RESHAPE,
|
||||
|
@ -41,9 +31,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_reshape,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY,
|
||||
),
|
||||
]
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -24,32 +23,6 @@ SHOW = PREFIX % 'show'
|
|||
UPDATE = PREFIX % 'update'
|
||||
DELETE = PREFIX % 'delete'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The resource classes API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_resource_classes = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_show_resource_class = policy.DeprecatedRule(
|
||||
name=SHOW,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_create_resource_class = policy.DeprecatedRule(
|
||||
name=CREATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_resource_class = policy.DeprecatedRule(
|
||||
name=UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_delete_resource_class = policy.DeprecatedRule(
|
||||
name=DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=LIST,
|
||||
|
@ -62,9 +35,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_resource_classes,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=CREATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -76,9 +47,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_create_resource_class,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=SHOW,
|
||||
check_str=base.SYSTEM_READER,
|
||||
|
@ -90,9 +59,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_show_resource_class,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=UPDATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -104,9 +71,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_resource_class,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=DELETE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -118,9 +83,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_delete_resource_class,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -24,32 +23,6 @@ SHOW = PREFIX % 'show'
|
|||
UPDATE = PREFIX % 'update'
|
||||
DELETE = PREFIX % 'delete'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The resource provider API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_resource_providers = policy.DeprecatedRule(
|
||||
name=LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_show_resource_provider = policy.DeprecatedRule(
|
||||
name=SHOW,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_create_resource_provider = policy.DeprecatedRule(
|
||||
name=CREATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_update_resource_provider = policy.DeprecatedRule(
|
||||
name=UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_delete_resource_provider = policy.DeprecatedRule(
|
||||
name=DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=LIST,
|
||||
|
@ -62,9 +35,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_resource_providers,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=CREATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -76,9 +47,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_create_resource_provider,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=SHOW,
|
||||
check_str=base.SYSTEM_READER,
|
||||
|
@ -90,9 +59,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_show_resource_provider,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=UPDATE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -104,9 +71,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_update_resource_provider,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=DELETE,
|
||||
check_str=base.SYSTEM_ADMIN,
|
||||
|
@ -118,9 +83,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_delete_resource_provider,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -28,40 +27,6 @@ TRAITS_SHOW = TRAITS_PREFIX % 'show'
|
|||
TRAITS_UPDATE = TRAITS_PREFIX % 'update'
|
||||
TRAITS_DELETE = TRAITS_PREFIX % 'delete'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The traits API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_traits = policy.DeprecatedRule(
|
||||
name=TRAITS_LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_show_trait = policy.DeprecatedRule(
|
||||
name=TRAITS_SHOW,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_rp_traits_list = policy.DeprecatedRule(
|
||||
name=RP_TRAIT_LIST,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_traits_update = policy.DeprecatedRule(
|
||||
name=TRAITS_UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_traits_delete = policy.DeprecatedRule(
|
||||
name=TRAITS_DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_rp_trait_update = policy.DeprecatedRule(
|
||||
name=RP_TRAIT_UPDATE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_rp_trait_delete = policy.DeprecatedRule(
|
||||
name=RP_TRAIT_DELETE,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=TRAITS_LIST,
|
||||
|
@ -74,9 +39,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_traits,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=TRAITS_SHOW,
|
||||
|
@ -89,9 +51,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_show_trait,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=TRAITS_UPDATE,
|
||||
|
@ -104,9 +63,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_traits_update,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=TRAITS_DELETE,
|
||||
|
@ -119,9 +75,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_traits_delete,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=RP_TRAIT_LIST,
|
||||
|
@ -134,9 +87,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_rp_traits_list,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=RP_TRAIT_UPDATE,
|
||||
|
@ -149,9 +99,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_rp_trait_update,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=RP_TRAIT_DELETE,
|
||||
|
@ -164,9 +111,6 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_rp_trait_delete,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY
|
||||
),
|
||||
]
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
# under the License.
|
||||
|
||||
|
||||
from oslo_log import versionutils
|
||||
from oslo_policy import policy
|
||||
|
||||
from placement.policies import base
|
||||
|
@ -20,20 +19,6 @@ from placement.policies import base
|
|||
PROVIDER_USAGES = 'placement:resource_providers:usages'
|
||||
TOTAL_USAGES = 'placement:usages'
|
||||
|
||||
DEPRECATED_REASON = """
|
||||
The usage API now supports a read-only role by default.
|
||||
"""
|
||||
|
||||
deprecated_list_rp_usages = policy.DeprecatedRule(
|
||||
name=PROVIDER_USAGES,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
deprecated_list_total_usages = policy.DeprecatedRule(
|
||||
name=TOTAL_USAGES,
|
||||
check_str=base.RULE_ADMIN_API
|
||||
)
|
||||
|
||||
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=PROVIDER_USAGES,
|
||||
|
@ -46,9 +31,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system'],
|
||||
deprecated_rule=deprecated_list_rp_usages,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY),
|
||||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=TOTAL_USAGES,
|
||||
check_str=base.PROJECT_READER_OR_SYSTEM_READER,
|
||||
|
@ -60,9 +43,7 @@ rules = [
|
|||
}
|
||||
],
|
||||
scope_types=['system', 'project'],
|
||||
deprecated_rule=deprecated_list_total_usages,
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY)
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue