519e5a22d1
This adds a granular policy checking framework for placement based on nova.policy but with a lot of the legacy cruft removed, like the is_admin and context_is_admin rules. A new PlacementPolicyFixture is added along with a new configuration option, [placement]/policy_file, which is needed because the default policy file that gets used in config is from [oslo_policy]/policy_file which is being used as the nova policy file. As far as I can tell, oslo.policy doesn't allow for multiple policy files with different names unless I'm misunderstanding how the policy_dirs option works. With these changes, we can have something like: /etc/nova/policy.json - for nova policy rules /etc/nova/placement-policy.yaml - for placement rules The docs are also updated to include the placement policy sample along with a tox builder for the sample. This starts by adding granular rules for CRUD operations on the /resource_providers and /resource_providers/{uuid} routes which use the same descriptions from the placement API reference. Subsequent patches will add new granular rules for the other routes. Part of blueprint granular-placement-policy Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
117 lines
3.5 KiB
INI
117 lines
3.5 KiB
INI
[metadata]
|
|
name = nova
|
|
summary = Cloud computing fabric controller
|
|
description-file =
|
|
README.rst
|
|
author = OpenStack
|
|
author-email = openstack-dev@lists.openstack.org
|
|
home-page = https://docs.openstack.org/nova/latest/
|
|
classifier =
|
|
Environment :: OpenStack
|
|
Intended Audience :: Information Technology
|
|
Intended Audience :: System Administrators
|
|
License :: OSI Approved :: Apache Software License
|
|
Operating System :: POSIX :: Linux
|
|
Programming Language :: Python
|
|
Programming Language :: Python :: 2
|
|
Programming Language :: Python :: 2.7
|
|
Programming Language :: Python :: 3
|
|
Programming Language :: Python :: 3.5
|
|
|
|
[global]
|
|
setup-hooks =
|
|
pbr.hooks.setup_hook
|
|
|
|
[files]
|
|
data_files =
|
|
etc/nova =
|
|
etc/nova/api-paste.ini
|
|
etc/nova/rootwrap.conf
|
|
etc/nova/rootwrap.d = etc/nova/rootwrap.d/*
|
|
packages =
|
|
nova
|
|
|
|
[entry_points]
|
|
oslo.config.opts =
|
|
nova.conf = nova.conf.opts:list_opts
|
|
|
|
oslo.config.opts.defaults =
|
|
nova.conf = nova.common.config:set_middleware_defaults
|
|
|
|
oslo.policy.enforcer =
|
|
nova = nova.policy:get_enforcer
|
|
placement = nova.api.openstack.placement.policy:get_enforcer
|
|
|
|
oslo.policy.policies =
|
|
# The sample policies will be ordered by entry point and then by list
|
|
# returned from that entry point. If more control is desired split out each
|
|
# list_rules method into a separate entry point rather than using the
|
|
# aggregate method.
|
|
nova = nova.policies:list_rules
|
|
placement = nova.api.openstack.placement.policies:list_rules
|
|
|
|
nova.compute.monitors.cpu =
|
|
virt_driver = nova.compute.monitors.cpu.virt_driver:Monitor
|
|
|
|
console_scripts =
|
|
nova-api = nova.cmd.api:main
|
|
nova-api-metadata = nova.cmd.api_metadata:main
|
|
nova-api-os-compute = nova.cmd.api_os_compute:main
|
|
nova-cells = nova.cmd.cells:main
|
|
nova-compute = nova.cmd.compute:main
|
|
nova-conductor = nova.cmd.conductor:main
|
|
nova-console = nova.cmd.console:main
|
|
nova-consoleauth = nova.cmd.consoleauth:main
|
|
nova-dhcpbridge = nova.cmd.dhcpbridge:main
|
|
nova-manage = nova.cmd.manage:main
|
|
nova-network = nova.cmd.network:main
|
|
nova-novncproxy = nova.cmd.novncproxy:main
|
|
nova-policy = nova.cmd.policy:main
|
|
nova-rootwrap = oslo_rootwrap.cmd:main
|
|
nova-rootwrap-daemon = oslo_rootwrap.cmd:daemon
|
|
nova-scheduler = nova.cmd.scheduler:main
|
|
nova-serialproxy = nova.cmd.serialproxy:main
|
|
nova-spicehtml5proxy = nova.cmd.spicehtml5proxy:main
|
|
nova-status = nova.cmd.status:main
|
|
nova-xvpvncproxy = nova.cmd.xvpvncproxy:main
|
|
wsgi_scripts =
|
|
nova-placement-api = nova.api.openstack.placement.wsgi:init_application
|
|
nova-api-wsgi = nova.api.openstack.compute.wsgi:init_application
|
|
nova-metadata-wsgi = nova.api.metadata.wsgi:init_application
|
|
|
|
nova.ipv6_backend =
|
|
rfc2462 = nova.ipv6.rfc2462
|
|
account_identifier = nova.ipv6.account_identifier
|
|
|
|
nova.scheduler.driver =
|
|
filter_scheduler = nova.scheduler.filter_scheduler:FilterScheduler
|
|
caching_scheduler = nova.scheduler.caching_scheduler:CachingScheduler
|
|
chance_scheduler = nova.scheduler.chance:ChanceScheduler
|
|
fake_scheduler = nova.tests.unit.scheduler.fakes:FakeScheduler
|
|
|
|
[egg_info]
|
|
tag_build =
|
|
tag_date = 0
|
|
tag_svn_revision = 0
|
|
|
|
[compile_catalog]
|
|
directory = nova/locale
|
|
domain = nova
|
|
|
|
[update_catalog]
|
|
domain = nova
|
|
output_dir = nova/locale
|
|
input_file = nova/locale/nova.pot
|
|
|
|
[extract_messages]
|
|
keywords = _ gettext ngettext l_ lazy_gettext
|
|
mapping_file = babel.cfg
|
|
output_file = nova/locale/nova.pot
|
|
|
|
[wheel]
|
|
universal = 1
|
|
|
|
[extras]
|
|
osprofiler =
|
|
osprofiler>=1.4.0 # Apache-2.0
|