From dfda0c0482acf579452742860cec2bdd64ac616a Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Sun, 4 Jul 2021 15:59:53 -0500 Subject: [PATCH] Fix oslo policy DeprecatedRule warnings Since 3.7.0, oslo policy started the DeprecationWarning[1] if deprecated_reason and deprecated_since param are not passed in DeprecatedRule or they are passed in RuleDefault object. [1] https://github.com/openstack/oslo.policy/blob/3.7.0/oslo_policy/policy.py#L1538 Change-Id: Idbbc203c6ae65aee29f9463a4911bae2bb541f41 --- lower-constraints.txt | 2 +- nova/policies/attach_interfaces.py | 27 +++++------- nova/policies/baremetal_nodes.py | 20 ++++----- nova/policies/base.py | 48 +++++++++------------ nova/policies/deferred_delete.py | 20 ++++----- nova/policies/flavor_access.py | 16 +++---- nova/policies/floating_ips.py | 36 ++++++---------- nova/policies/hosts.py | 36 ++++++---------- nova/policies/hypervisors.py | 41 +++++++----------- nova/policies/instance_actions.py | 21 +++++---- nova/policies/instance_usage_audit_log.py | 20 ++++----- nova/policies/limits.py | 15 ++++--- nova/policies/multinic.py | 20 ++++----- nova/policies/networks.py | 20 ++++----- nova/policies/rescue.py | 16 +++---- nova/policies/security_groups.py | 52 ++++++++--------------- nova/policies/server_password.py | 20 ++++----- nova/policies/services.py | 24 +++++------ nova/policies/tenant_networks.py | 20 ++++----- nova/policies/volumes.py | 52 ++++++++--------------- requirements.txt | 2 +- 21 files changed, 216 insertions(+), 312 deletions(-) diff --git a/lower-constraints.txt b/lower-constraints.txt index 5d339989a9..1de5eb8236 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -76,7 +76,7 @@ oslo.i18n==5.0.1 oslo.log==4.4.0 oslo.messaging==10.3.0 oslo.middleware==3.31.0 -oslo.policy==3.6.0 +oslo.policy==3.7.0 oslo.privsep==2.4.0 oslo.reports==1.18.0 oslo.rootwrap==5.8.0 diff --git a/nova/policies/attach_interfaces.py b/nova/policies/attach_interfaces.py index be751af157..cabe525674 100644 --- a/nova/policies/attach_interfaces.py +++ b/nova/policies/attach_interfaces.py @@ -20,10 +20,6 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-attach-interfaces' POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s' -DEPRECATED_INTERFACES_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type @@ -31,6 +27,13 @@ capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_INTERFACES_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0', +) + attach_interfaces_policies = [ policy.DocumentedRuleDefault( name=POLICY_ROOT % 'list', @@ -43,9 +46,7 @@ attach_interfaces_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INTERFACES_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_INTERFACES_POLICY), policy.DocumentedRuleDefault( name=POLICY_ROOT % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -57,9 +58,7 @@ attach_interfaces_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INTERFACES_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_INTERFACES_POLICY), policy.DocumentedRuleDefault( name=POLICY_ROOT % 'create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -71,9 +70,7 @@ attach_interfaces_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INTERFACES_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_INTERFACES_POLICY), policy.DocumentedRuleDefault( name=POLICY_ROOT % 'delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -85,9 +82,7 @@ attach_interfaces_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INTERFACES_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0') + deprecated_rule=DEPRECATED_INTERFACES_POLICY) ] diff --git a/nova/policies/baremetal_nodes.py b/nova/policies/baremetal_nodes.py index 2263ccdbd5..191d9db650 100644 --- a/nova/policies/baremetal_nodes.py +++ b/nova/policies/baremetal_nodes.py @@ -21,17 +21,19 @@ from nova.policies import base ROOT_POLICY = 'os_compute_api:os-baremetal-nodes' BASE_POLICY_NAME = 'os_compute_api:os-baremetal-nodes:%s' -DEPRECATED_BAREMETAL_POLICY = policy.DeprecatedRule( - ROOT_POLICY, - base.RULE_ADMIN_API, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_BAREMETAL_POLICY = policy.DeprecatedRule( + ROOT_POLICY, + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + baremetal_nodes_policies = [ policy.DocumentedRuleDefault( @@ -48,9 +50,7 @@ These APIs are proxy calls to the Ironic service and are deprecated. } ], scope_types=['system'], - deprecated_rule=DEPRECATED_BAREMETAL_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_BAREMETAL_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'show', check_str=base.SYSTEM_READER, @@ -62,9 +62,7 @@ These APIs are proxy calls to the Ironic service and are deprecated. } ], scope_types=['system'], - deprecated_rule=DEPRECATED_BAREMETAL_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0') + deprecated_rule=DEPRECATED_BAREMETAL_POLICY) ] diff --git a/nova/policies/base.py b/nova/policies/base.py index 32b18291e0..b04410425d 100644 --- a/nova/policies/base.py +++ b/nova/policies/base.py @@ -17,22 +17,26 @@ RULE_ADMIN_API = 'rule:admin_api' # Allow only users with the admin role RULE_ANY = '@' # Any user is allowed to perform the action. RULE_NOBODY = '!' # No users are allowed to perform the action. -DEPRECATED_ADMIN_POLICY = policy.DeprecatedRule( - name=RULE_ADMIN_API, - check_str='is_admin:True', -) - -DEPRECATED_ADMIN_OR_OWNER_POLICY = policy.DeprecatedRule( - name=RULE_ADMIN_OR_OWNER, - check_str='is_admin:True or project_id:%(project_id)s', -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_ADMIN_POLICY = policy.DeprecatedRule( + name=RULE_ADMIN_API, + check_str='is_admin:True', + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + +DEPRECATED_ADMIN_OR_OWNER_POLICY = policy.DeprecatedRule( + name=RULE_ADMIN_OR_OWNER, + check_str='is_admin:True or project_id:%(project_id)s', + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + # TODO(gmann): # Special string ``system_scope:all`` is added for system # scoped policies for backwards compatibility where ``nova.conf [oslo_policy] # enforce_scope = False``. @@ -103,30 +107,22 @@ rules = [ name="system_admin_api", check_str='role:admin and system_scope:all', description="Default rule for System Admin APIs.", - deprecated_rule=DEPRECATED_ADMIN_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_ADMIN_POLICY), policy.RuleDefault( name="system_reader_api", check_str="role:reader and system_scope:all", description="Default rule for System level read only APIs.", - deprecated_rule=DEPRECATED_ADMIN_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_ADMIN_POLICY), policy.RuleDefault( "project_admin_api", "role:admin and project_id:%(project_id)s", "Default rule for Project level admin APIs.", - deprecated_rule=DEPRECATED_ADMIN_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_ADMIN_POLICY), policy.RuleDefault( "project_member_api", "role:member and project_id:%(project_id)s", "Default rule for Project level non admin APIs.", - deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY), policy.RuleDefault( "project_reader_api", "role:reader and project_id:%(project_id)s", @@ -135,16 +131,12 @@ rules = [ name="system_admin_or_owner", check_str="rule:system_admin_api or rule:project_member_api", description="Default rule for System admin+owner APIs.", - deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY), policy.RuleDefault( "system_or_project_reader", "rule:system_reader_api or rule:project_reader_api", "Default rule for System+Project read only APIs.", - deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0') + deprecated_rule=DEPRECATED_ADMIN_OR_OWNER_POLICY) ] diff --git a/nova/policies/deferred_delete.py b/nova/policies/deferred_delete.py index 2493a7ddbd..32069790ed 100644 --- a/nova/policies/deferred_delete.py +++ b/nova/policies/deferred_delete.py @@ -20,17 +20,19 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-deferred-delete', - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-deferred-delete', + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + deferred_delete_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'restore', @@ -43,9 +45,7 @@ deferred_delete_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'force', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -57,9 +57,7 @@ deferred_delete_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0') + deprecated_rule=DEPRECATED_POLICY) ] diff --git a/nova/policies/flavor_access.py b/nova/policies/flavor_access.py index ee9d469bb3..b70ae71811 100644 --- a/nova/policies/flavor_access.py +++ b/nova/policies/flavor_access.py @@ -29,17 +29,19 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s' # SYSTEM_READER rule in base class is defined with the deprecated rule of admin # not admin or owner which is the main reason that we need to explicitly # deprecate this policy here. -DEPRECATED_FLAVOR_ACCESS_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_FLAVOR_ACCESS_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + flavor_access_policies = [ policy.DocumentedRuleDefault( name=POLICY_ROOT % 'add_tenant_access', @@ -78,9 +80,7 @@ to a flavor via an os-flavor-access API. }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_FLAVOR_ACCESS_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_FLAVOR_ACCESS_POLICY), ] diff --git a/nova/policies/floating_ips.py b/nova/policies/floating_ips.py index 8f567a7d07..0b8d8c53f6 100644 --- a/nova/policies/floating_ips.py +++ b/nova/policies/floating_ips.py @@ -21,17 +21,19 @@ from nova.policies import base ROOT_POLICY = 'os_compute_api:os-floating-ips' BASE_POLICY_NAME = 'os_compute_api:os-floating-ips:%s' -DEPRECATED_FIP_POLICY = policy.DeprecatedRule( - ROOT_POLICY, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_FIP_POLICY = policy.DeprecatedRule( + ROOT_POLICY, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + floating_ips_policies = [ policy.DocumentedRuleDefault( @@ -46,9 +48,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'remove', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -61,9 +61,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'list', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -75,9 +73,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -89,9 +85,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -103,9 +97,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -117,9 +109,7 @@ floating_ips_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_FIP_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_FIP_POLICY), ] diff --git a/nova/policies/hosts.py b/nova/policies/hosts.py index 97e9f8e6a8..64c36845bf 100644 --- a/nova/policies/hosts.py +++ b/nova/policies/hosts.py @@ -22,17 +22,19 @@ BASE_POLICY_NAME = 'os_compute_api:os-hosts' POLICY_NAME = 'os_compute_api:os-hosts:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_API, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + hosts_policies = [ policy.DocumentedRuleDefault( name=POLICY_NAME % 'list', @@ -47,9 +49,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'show', check_str=base.SYSTEM_READER, @@ -63,9 +63,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", } ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'update', check_str=base.SYSTEM_ADMIN, @@ -79,9 +77,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'reboot', check_str=base.SYSTEM_ADMIN, @@ -95,9 +91,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'shutdown', check_str=base.SYSTEM_ADMIN, @@ -111,9 +105,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'start', check_str=base.SYSTEM_ADMIN, @@ -127,9 +119,7 @@ This API is deprecated in favor of os-hypervisors and os-services.""", } ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/hypervisors.py b/nova/policies/hypervisors.py index 6f52b65995..02a179cb34 100644 --- a/nova/policies/hypervisors.py +++ b/nova/policies/hypervisors.py @@ -20,17 +20,20 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-hypervisors:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-hypervisors', - base.RULE_ADMIN_API, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-hypervisors', + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + + hypervisors_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'list', @@ -43,9 +46,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'list-detail', check_str=base.SYSTEM_READER, @@ -57,9 +58,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'statistics', check_str=base.SYSTEM_READER, @@ -72,9 +71,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'show', check_str=base.SYSTEM_READER, @@ -86,9 +83,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'uptime', check_str=base.SYSTEM_READER, @@ -100,9 +95,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'search', check_str=base.SYSTEM_READER, @@ -114,9 +107,7 @@ hypervisors_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'servers', check_str=base.SYSTEM_READER, @@ -130,9 +121,7 @@ hypervisors_policies = [ } ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0', + deprecated_rule=DEPRECATED_POLICY ), ] diff --git a/nova/policies/instance_actions.py b/nova/policies/instance_actions.py index 13586a8fbe..0447005b1d 100644 --- a/nova/policies/instance_actions.py +++ b/nova/policies/instance_actions.py @@ -21,17 +21,20 @@ from nova.policies import base ROOT_POLICY = 'os_compute_api:os-instance-actions' BASE_POLICY_NAME = 'os_compute_api:os-instance-actions:%s' -DEPRECATED_INSTANCE_ACTION_POLICY = policy.DeprecatedRule( - ROOT_POLICY, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_INSTANCE_ACTION_POLICY = policy.DeprecatedRule( + ROOT_POLICY, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0', +) + + instance_actions_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'events:details', @@ -82,9 +85,7 @@ passes, the name of the host.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INSTANCE_ACTION_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_INSTANCE_ACTION_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -96,9 +97,7 @@ passes, the name of the host.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_INSTANCE_ACTION_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_INSTANCE_ACTION_POLICY), ] diff --git a/nova/policies/instance_usage_audit_log.py b/nova/policies/instance_usage_audit_log.py index 132bb05011..98ab12c52e 100644 --- a/nova/policies/instance_usage_audit_log.py +++ b/nova/policies/instance_usage_audit_log.py @@ -20,17 +20,19 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-instance-usage-audit-log', - base.RULE_ADMIN_API, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-instance-usage-audit-log', + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + instance_usage_audit_log_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'list', @@ -43,9 +45,7 @@ instance_usage_audit_log_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'show', check_str=base.SYSTEM_READER, @@ -60,9 +60,7 @@ instance_usage_audit_log_policies = [ } ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/limits.py b/nova/policies/limits.py index 39ee463975..efe430c237 100644 --- a/nova/policies/limits.py +++ b/nova/policies/limits.py @@ -20,10 +20,6 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:limits' OTHER_PROJECT_LIMIT_POLICY_NAME = 'os_compute_api:limits:other_project' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-used-limits', - base.RULE_ADMIN_API, -) DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type @@ -31,6 +27,13 @@ capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-used-limits', + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + limits_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME, @@ -59,9 +62,7 @@ os_compute_api:limits passes""", } ], scope_types=['system'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/multinic.py b/nova/policies/multinic.py index b6585008d9..bd1f04c84e 100644 --- a/nova/policies/multinic.py +++ b/nova/policies/multinic.py @@ -21,17 +21,19 @@ from nova.policies import base ROOT_POLICY = 'os_compute_api:os-multinic' BASE_POLICY_NAME = 'os_compute_api:os-multinic:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - ROOT_POLICY, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + ROOT_POLICY, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + multinic_policies = [ policy.DocumentedRuleDefault( @@ -48,9 +50,7 @@ deprecated.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'remove', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -65,9 +65,7 @@ deprecated.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/networks.py b/nova/policies/networks.py index 73192a201d..59fb166708 100644 --- a/nova/policies/networks.py +++ b/nova/policies/networks.py @@ -21,17 +21,19 @@ from nova.policies import base POLICY_ROOT = 'os_compute_api:os-networks:%s' BASE_POLICY_NAME = 'os_compute_api:os-networks:view' -DEPRECATED_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + networks_policies = [ policy.DocumentedRuleDefault( @@ -47,9 +49,7 @@ This API is proxy calls to the Network service. This is deprecated.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_ROOT % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -63,9 +63,7 @@ This API is proxy calls to the Network service. This is deprecated.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/rescue.py b/nova/policies/rescue.py index 874e90884b..53612a711a 100644 --- a/nova/policies/rescue.py +++ b/nova/policies/rescue.py @@ -21,16 +21,18 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-rescue' UNRESCUE_POLICY_NAME = 'os_compute_api:os-unrescue' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-rescue', - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Rescue/Unrescue API policies are made granular with new policy for unrescue and keeping old policy for rescue. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-rescue', + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + rescue_policies = [ policy.DocumentedRuleDefault( @@ -55,9 +57,7 @@ rescue_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0' + deprecated_rule=DEPRECATED_POLICY ), ] diff --git a/nova/policies/security_groups.py b/nova/policies/security_groups.py index 332fa8c030..b09a6632c3 100644 --- a/nova/policies/security_groups.py +++ b/nova/policies/security_groups.py @@ -22,17 +22,19 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-groups' POLICY_NAME = 'os_compute_api:os-security-groups:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + security_groups_policies = [ policy.DocumentedRuleDefault( name=POLICY_NAME % 'get', @@ -45,9 +47,7 @@ security_groups_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -59,9 +59,7 @@ security_groups_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -73,9 +71,7 @@ security_groups_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'update', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -87,9 +83,7 @@ security_groups_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -101,9 +95,7 @@ security_groups_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'rule:create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -115,9 +107,7 @@ security_groups_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'rule:delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -129,9 +119,7 @@ security_groups_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'list', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -143,9 +131,7 @@ security_groups_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'add', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -157,9 +143,7 @@ security_groups_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'remove', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -171,9 +155,7 @@ security_groups_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/server_password.py b/nova/policies/server_password.py index 6015789cba..a861d3086c 100644 --- a/nova/policies/server_password.py +++ b/nova/policies/server_password.py @@ -20,17 +20,19 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-server-password:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-server-password', - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-server-password', + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0' +) + server_password_policies = [ policy.DocumentedRuleDefault( @@ -45,9 +47,7 @@ server_password_policies = [ }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'clear', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -60,9 +60,7 @@ server_password_policies = [ } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/services.py b/nova/policies/services.py index 0940c0230f..bd4e455a95 100644 --- a/nova/policies/services.py +++ b/nova/policies/services.py @@ -19,10 +19,6 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-services:%s' -DEPRECATED_SERVICE_POLICY = policy.DeprecatedRule( - 'os_compute_api:os-services', - base.RULE_ADMIN_API, -) DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type @@ -30,6 +26,14 @@ capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_SERVICE_POLICY = policy.DeprecatedRule( + 'os_compute_api:os-services', + base.RULE_ADMIN_API, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='21.0.0', +) + + services_policies = [ policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'list', @@ -42,9 +46,7 @@ services_policies = [ } ], scope_types=['system'], - deprecated_rule=DEPRECATED_SERVICE_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_SERVICE_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'update', check_str=base.SYSTEM_ADMIN, @@ -57,9 +59,7 @@ services_policies = [ }, ], scope_types=['system'], - deprecated_rule=DEPRECATED_SERVICE_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_SERVICE_POLICY), policy.DocumentedRuleDefault( name=BASE_POLICY_NAME % 'delete', check_str=base.SYSTEM_ADMIN, @@ -71,9 +71,7 @@ services_policies = [ } ], scope_types=['system'], - deprecated_rule=DEPRECATED_SERVICE_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='21.0.0'), + deprecated_rule=DEPRECATED_SERVICE_POLICY), ] diff --git a/nova/policies/tenant_networks.py b/nova/policies/tenant_networks.py index b78a6297df..a3eace29b4 100644 --- a/nova/policies/tenant_networks.py +++ b/nova/policies/tenant_networks.py @@ -21,17 +21,19 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-tenant-networks' POLICY_NAME = 'os_compute_api:os-tenant-networks:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + tenant_networks_policies = [ policy.DocumentedRuleDefault( @@ -47,9 +49,7 @@ This API is proxy calls to the Network service. This is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -63,9 +63,7 @@ This API is proxy calls to the Network service. This is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/nova/policies/volumes.py b/nova/policies/volumes.py index a66e4b1893..a4237a14e6 100644 --- a/nova/policies/volumes.py +++ b/nova/policies/volumes.py @@ -21,17 +21,19 @@ from nova.policies import base BASE_POLICY_NAME = 'os_compute_api:os-volumes' POLICY_NAME = 'os_compute_api:os-volumes:%s' -DEPRECATED_POLICY = policy.DeprecatedRule( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, -) - DEPRECATED_REASON = """ Nova API policies are introducing new default roles with scope_type capabilities. Old policies are deprecated and silently going to be ignored in nova 23.0.0 release. """ +DEPRECATED_POLICY = policy.DeprecatedRule( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + deprecated_reason=DEPRECATED_REASON, + deprecated_since='22.0.0' +) + volumes_policies = [ policy.DocumentedRuleDefault( @@ -47,9 +49,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -63,9 +63,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'detail', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -79,9 +77,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -95,9 +91,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -111,9 +105,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'snapshots:list', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -127,9 +119,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'snapshots:create', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -143,9 +133,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'snapshots:detail', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -159,9 +147,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'snapshots:show', check_str=base.PROJECT_READER_OR_SYSTEM_READER, @@ -175,9 +161,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", }, ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), policy.DocumentedRuleDefault( name=POLICY_NAME % 'snapshots:delete', check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN, @@ -191,9 +175,7 @@ This API is a proxy call to the Volume service. It is deprecated.""", } ], scope_types=['system', 'project'], - deprecated_rule=DEPRECATED_POLICY, - deprecated_reason=DEPRECATED_REASON, - deprecated_since='22.0.0'), + deprecated_rule=DEPRECATED_POLICY), ] diff --git a/requirements.txt b/requirements.txt index 4c7f340794..ae762a3c9f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -43,7 +43,7 @@ oslo.utils>=4.8.0 # Apache-2.0 oslo.db>=4.44.0 # Apache-2.0 oslo.rootwrap>=5.8.0 # Apache-2.0 oslo.messaging>=10.3.0 # Apache-2.0 -oslo.policy>=3.6.0 # Apache-2.0 +oslo.policy>=3.7.0 # Apache-2.0 oslo.privsep>=2.4.0 # Apache-2.0 oslo.i18n>=5.0.1 # Apache-2.0 oslo.service>=2.5.0 # Apache-2.0