womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add trusted_image_certificates to REST API

Browse Source 
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.

The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):

* POST /servers
* POST /servers/{server_id}/action (rebuild)

The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:

* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs

The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):

* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)

APIImpact

Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
This commit is contained in:
Brianna Poulos
2018-06-06 16:43:56 -04:00
committed by Matt Riedemann
parent ca7d23a3e7
commit 8c7ca368b1
36 changed files with 1803 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api-ref/source/servers-actions.inc
+6 -4
View File
@@ -488,10 +488,11 @@ Request
- description: server_description
- key_name: key_name_rebuild_req
- user_data: user_data_rebuild_req
- trusted_image_certificates: server_trusted_image_certificates_rebuild_req
**Example Rebuild Server (rebuild Action) (v2.54)**
**Example Rebuild Server (rebuild Action) (v2.63)**
.. literalinclude:: ../../doc/api_samples/servers/v2.54/server-action-rebuild.json
.. literalinclude:: ../../doc/api_samples/servers/v2.63/server-action-rebuild.json
:language: javascript
Response
@@ -537,10 +538,11 @@ Response
- tags: tags
- key_name: key_name_rebuild_resp
- user_data: user_data_rebuild_resp
- trusted_image_certificates: server_trusted_image_certificates_resp
**Example Rebuild Server (rebuild Action) (v2.54)**
**Example Rebuild Server (rebuild Action) (v2.63)**
.. literalinclude:: ../../doc/api_samples/servers/v2.54/server-action-rebuild-resp.json
.. literalinclude:: ../../doc/api_samples/servers/v2.63/server-action-rebuild-resp.json
:language: javascript
Remove (Disassociate) Floating Ip (removeFloatingIp Action) (DEPRECATED)