From 68135fc2ea9ed2f8a1eb0dcae3feff3653043a72 Mon Sep 17 00:00:00 2001 From: "Kevin L. Mitchell" Date: Fri, 12 Oct 2012 13:41:52 -0500 Subject: Update policies Merge in update openstack-common policy code. Updates Nova-specific policy glue code to eliminate deprecated openstack-common policy interfaces. Also cleans up policy code to allow for returning fine-grained policy values. As a side effect, fixes bug 1039132. Change-Id: I2951a0de3751bd2ec868e7a661070fed624e4af2 --- etc/nova/policy.json | 210 +++++++++++++++++++++++++-------------------------- 1 file changed, 105 insertions(+), 105 deletions(-) (limited to 'etc') diff --git a/etc/nova/policy.json b/etc/nova/policy.json index a6936af08..f77f733c6 100644 --- a/etc/nova/policy.json +++ b/etc/nova/policy.json @@ -1,120 +1,120 @@ { - "context_is_admin": [["role:admin"]], - "admin_or_owner": [["is_admin:True"], ["project_id:%(project_id)s"]], - "default": [["rule:admin_or_owner"]], + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", - "compute:create": [], - "compute:create:attach_network": [], - "compute:create:attach_volume": [], - "compute:get_all": [], + "compute:create": "", + "compute:create:attach_network": "", + "compute:create:attach_volume": "", + "compute:get_all": "", - "admin_api": [["is_admin:True"]], - "compute_extension:accounts": [["rule:admin_api"]], - "compute_extension:admin_actions": [["rule:admin_api"]], - "compute_extension:admin_actions:pause": [["rule:admin_or_owner"]], - "compute_extension:admin_actions:unpause": [["rule:admin_or_owner"]], - "compute_extension:admin_actions:suspend": [["rule:admin_or_owner"]], - "compute_extension:admin_actions:resume": [["rule:admin_or_owner"]], - "compute_extension:admin_actions:lock": [["rule:admin_api"]], - "compute_extension:admin_actions:unlock": [["rule:admin_api"]], - "compute_extension:admin_actions:resetNetwork": [["rule:admin_api"]], - "compute_extension:admin_actions:injectNetworkInfo": [["rule:admin_api"]], - "compute_extension:admin_actions:createBackup": [["rule:admin_or_owner"]], - "compute_extension:admin_actions:migrateLive": [["rule:admin_api"]], - "compute_extension:admin_actions:resetState": [["rule:admin_api"]], - "compute_extension:admin_actions:migrate": [["rule:admin_api"]], - "compute_extension:aggregates": [["rule:admin_api"]], - "compute_extension:certificates": [], - "compute_extension:cloudpipe": [["rule:admin_api"]], - "compute_extension:console_output": [], - "compute_extension:consoles": [], - "compute_extension:createserverext": [], - "compute_extension:deferred_delete": [], - "compute_extension:disk_config": [], - "compute_extension:extended_server_attributes": [["rule:admin_api"]], - "compute_extension:extended_status": [], - "compute_extension:flavor_access": [], - "compute_extension:flavor_disabled": [], - "compute_extension:flavor_rxtx": [], - "compute_extension:flavor_swap": [], - "compute_extension:flavorextradata": [], - "compute_extension:flavorextraspecs": [], - "compute_extension:flavormanage": [["rule:admin_api"]], - "compute_extension:floating_ip_dns": [], - "compute_extension:floating_ip_pools": [], - "compute_extension:floating_ips": [], - "compute_extension:hosts": [["rule:admin_api"]], - "compute_extension:hypervisors": [["rule:admin_api"]], - "compute_extension:instance_usage_audit_log": [["rule:admin_api"]], - "compute_extension:keypairs": [], - "compute_extension:multinic": [], - "compute_extension:networks": [["rule:admin_api"]], - "compute_extension:networks:view": [], - "compute_extension:quotas:show": [], - "compute_extension:quotas:update": [["rule:admin_api"]], - "compute_extension:quota_classes": [], - "compute_extension:rescue": [], - "compute_extension:security_groups": [], - "compute_extension:server_diagnostics": [["rule:admin_api"]], - "compute_extension:simple_tenant_usage:show": [["rule:admin_or_owner"]], - "compute_extension:simple_tenant_usage:list": [["rule:admin_api"]], - "compute_extension:users": [["rule:admin_api"]], - "compute_extension:virtual_interfaces": [], - "compute_extension:virtual_storage_arrays": [], - "compute_extension:volumes": [], - "compute_extension:volumetypes": [], + "admin_api": "is_admin:True", + "compute_extension:accounts": "rule:admin_api", + "compute_extension:admin_actions": "rule:admin_api", + "compute_extension:admin_actions:pause": "rule:admin_or_owner", + "compute_extension:admin_actions:unpause": "rule:admin_or_owner", + "compute_extension:admin_actions:suspend": "rule:admin_or_owner", + "compute_extension:admin_actions:resume": "rule:admin_or_owner", + "compute_extension:admin_actions:lock": "rule:admin_api", + "compute_extension:admin_actions:unlock": "rule:admin_api", + "compute_extension:admin_actions:resetNetwork": "rule:admin_api", + "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", + "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", + "compute_extension:admin_actions:migrateLive": "rule:admin_api", + "compute_extension:admin_actions:resetState": "rule:admin_api", + "compute_extension:admin_actions:migrate": "rule:admin_api", + "compute_extension:aggregates": "rule:admin_api", + "compute_extension:certificates": "", + "compute_extension:cloudpipe": "rule:admin_api", + "compute_extension:console_output": "", + "compute_extension:consoles": "", + "compute_extension:createserverext": "", + "compute_extension:deferred_delete": "", + "compute_extension:disk_config": "", + "compute_extension:extended_server_attributes": "rule:admin_api", + "compute_extension:extended_status": "", + "compute_extension:flavor_access": "", + "compute_extension:flavor_disabled": "", + "compute_extension:flavor_rxtx": "", + "compute_extension:flavor_swap": "", + "compute_extension:flavorextradata": "", + "compute_extension:flavorextraspecs": "", + "compute_extension:flavormanage": "rule:admin_api", + "compute_extension:floating_ip_dns": "", + "compute_extension:floating_ip_pools": "", + "compute_extension:floating_ips": "", + "compute_extension:hosts": "rule:admin_api", + "compute_extension:hypervisors": "rule:admin_api", + "compute_extension:instance_usage_audit_log": "rule:admin_api", + "compute_extension:keypairs": "", + "compute_extension:multinic": "", + "compute_extension:networks": "rule:admin_api", + "compute_extension:networks:view": "", + "compute_extension:quotas:show": "", + "compute_extension:quotas:update": "rule:admin_api", + "compute_extension:quota_classes": "", + "compute_extension:rescue": "", + "compute_extension:security_groups": "", + "compute_extension:server_diagnostics": "rule:admin_api", + "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", + "compute_extension:simple_tenant_usage:list": "rule:admin_api", + "compute_extension:users": "rule:admin_api", + "compute_extension:virtual_interfaces": "", + "compute_extension:virtual_storage_arrays": "", + "compute_extension:volumes": "", + "compute_extension:volumetypes": "", - "volume:create": [], - "volume:get_all": [], - "volume:get_volume_metadata": [], - "volume:get_snapshot": [], - "volume:get_all_snapshots": [], + "volume:create": "", + "volume:get_all": "", + "volume:get_volume_metadata": "", + "volume:get_snapshot": "", + "volume:get_all_snapshots": "", - "volume_extension:types_manage": [["rule:admin_api"]], - "volume_extension:types_extra_specs": [["rule:admin_api"]], - "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]], - "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]], - "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]], + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", - "network:get_all_networks": [], - "network:get_network": [], - "network:delete_network": [], - "network:disassociate_network": [], - "network:get_vifs_by_instance": [], - "network:allocate_for_instance": [], - "network:deallocate_for_instance": [], - "network:validate_networks": [], - "network:get_instance_uuids_by_ip_filter": [], + "network:get_all_networks": "", + "network:get_network": "", + "network:delete_network": "", + "network:disassociate_network": "", + "network:get_vifs_by_instance": "", + "network:allocate_for_instance": "", + "network:deallocate_for_instance": "", + "network:validate_networks": "", + "network:get_instance_uuids_by_ip_filter": "", - "network:get_floating_ip": [], - "network:get_floating_ip_pools": [], - "network:get_floating_ip_by_address": [], - "network:get_floating_ips_by_project": [], - "network:get_floating_ips_by_fixed_address": [], - "network:allocate_floating_ip": [], - "network:deallocate_floating_ip": [], - "network:associate_floating_ip": [], - "network:disassociate_floating_ip": [], + "network:get_floating_ip": "", + "network:get_floating_ip_pools": "", + "network:get_floating_ip_by_address": "", + "network:get_floating_ips_by_project": "", + "network:get_floating_ips_by_fixed_address": "", + "network:allocate_floating_ip": "", + "network:deallocate_floating_ip": "", + "network:associate_floating_ip": "", + "network:disassociate_floating_ip": "", - "network:get_fixed_ip": [], - "network:get_fixed_ip_by_address": [], - "network:add_fixed_ip_to_instance": [], - "network:remove_fixed_ip_from_instance": [], - "network:add_network_to_project": [], - "network:get_instance_nw_info": [], + "network:get_fixed_ip": "", + "network:get_fixed_ip_by_address": "", + "network:add_fixed_ip_to_instance": "", + "network:remove_fixed_ip_from_instance": "", + "network:add_network_to_project": "", + "network:get_instance_nw_info": "", - "network:get_dns_domains": [], - "network:add_dns_entry": [], - "network:modify_dns_entry": [], - "network:delete_dns_entry": [], - "network:get_dns_entries_by_address": [], - "network:get_dns_entries_by_name": [], - "network:create_private_dns_domain": [], - "network:create_public_dns_domain": [], - "network:delete_dns_domain": [] + "network:get_dns_domains": "", + "network:add_dns_entry": "", + "network:modify_dns_entry": "", + "network:delete_dns_entry": "", + "network:get_dns_entries_by_address": "", + "network:get_dns_entries_by_name": "", + "network:create_private_dns_domain": "", + "network:create_public_dns_domain": "", + "network:delete_dns_domain": "" } -- cgit