womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add trusted_image_certificates to REST API

Browse Source 
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.

The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):

* POST /servers
* POST /servers/{server_id}/action (rebuild)

The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:

* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs

The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):

* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)

APIImpact

Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
This commit is contained in:
Brianna Poulos
2018-06-06 16:43:56 -04:00
committed by Matt Riedemann
parent ca7d23a3e7
commit 8c7ca368b1
36 changed files with 1803 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nova/api/openstack/api_version_request.py
+3 -1
View File
@@ -148,6 +148,8 @@ REST_API_VERSION_HISTORY = """REST API Version History:
/flavors APIs.
* 2.62 - Add ``host`` and ``hostId`` fields to instance action detail API
responses.
* 2.63 - Add support for applying trusted certificates when creating or
rebuilding a server.
"""
# The minimum and maximum versions of the API supported
@@ -156,7 +158,7 @@ REST_API_VERSION_HISTORY = """REST API Version History:
# Note(cyeoh): This only applies for the v2.1 API once microversions
# support is fully merged. It does not affect the V2 API.
_MIN_API_VERSION = "2.1"
_MAX_API_VERSION = "2.62"
_MAX_API_VERSION = "2.63"
DEFAULT_API_VERSION = _MIN_API_VERSION
# Almost all proxy APIs which are related to network, images and baremetal