Matt Riedemann 519e5a22d1 Implement granular policy rules for placement
This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.

A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.

With these changes, we can have something like:

  /etc/nova/policy.json - for nova policy rules
  /etc/nova/placement-policy.yaml - for placement rules

The docs are also updated to include the placement
policy sample along with a tox builder for the sample.

This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.

Part of blueprint granular-placement-policy

Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
2018-05-17 11:12:16 -04:00

55 lines
747 B
Plaintext

*.DS_Store
*.egg*
*.log
*.mo
*.pyc
*.swo
*.swp
*.sqlite
*~
.autogenerated
.coverage
.nova-venv
.project
.pydevproject
.ropeproject
.stestr/
.testrepository/
.tox
.idea
.venv
AUTHORS
Authors
build-stamp
tags
build/*
CA/
ChangeLog
coverage.xml
cover/*
covhtml/*
dist/*
doc/source/api/*
doc/build/*
api-guide/build/*
api-ref/build/*
placement-api-ref/build/*
etc/nova/nova.conf.sample
etc/nova/policy.yaml.sample
etc/nova/policy.yaml.merged
instances
keeper
keys
local_settings.py
MANIFEST
nosetests.xml
nova/tests/cover/*
nova/vcsversion.py
tools/conf/nova.conf*
doc/source/_static/nova.conf.sample
doc/source/_static/nova.policy.yaml.sample
doc/source/_static/placement.policy.yaml.sample
# Files created by releasenotes build
releasenotes/build