519e5a22d1
This adds a granular policy checking framework for placement based on nova.policy but with a lot of the legacy cruft removed, like the is_admin and context_is_admin rules. A new PlacementPolicyFixture is added along with a new configuration option, [placement]/policy_file, which is needed because the default policy file that gets used in config is from [oslo_policy]/policy_file which is being used as the nova policy file. As far as I can tell, oslo.policy doesn't allow for multiple policy files with different names unless I'm misunderstanding how the policy_dirs option works. With these changes, we can have something like: /etc/nova/policy.json - for nova policy rules /etc/nova/placement-policy.yaml - for placement rules The docs are also updated to include the placement policy sample along with a tox builder for the sample. This starts by adding granular rules for CRUD operations on the /resource_providers and /resource_providers/{uuid} routes which use the same descriptions from the placement API reference. Subsequent patches will add new granular rules for the other routes. Part of blueprint granular-placement-policy Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
25 lines
620 B
Plaintext
25 lines
620 B
Plaintext
Nova
|
|
====
|
|
|
|
To generate the sample nova policy.yaml file, run the following command from
|
|
the top level of the nova directory:
|
|
|
|
tox -egenpolicy
|
|
|
|
For a pre-generated example of the latest nova policy.yaml, see:
|
|
|
|
https://docs.openstack.org/nova/latest/configuration/sample-policy.html
|
|
|
|
|
|
Placement
|
|
=========
|
|
|
|
To generate the sample placement policy.yaml file, run the following command
|
|
from the top level of the nova directory:
|
|
|
|
tox -e genplacementpolicy
|
|
|
|
For a pre-generated example of the latest placement policy.yaml, see:
|
|
|
|
https://docs.openstack.org/nova/latest/configuration/sample-placement-policy.html
|