This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.
A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.
With these changes, we can have something like:
/etc/nova/policy.json - for nova policy rules
/etc/nova/placement-policy.yaml - for placement rules
The docs are also updated to include the placement
policy sample along with a tox builder for the sample.
This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.
Part of blueprint granular-placement-policy
Change-Id: I17573f5210314341c332fdcb1ce462a989c21940
The top level index (home page) was duplicating the
configuration/index content, so this simply changes
the home page into a table of contents for the configuration
sub-tree and leaves the config/policy content in the
sub-tree. This will be needed when we add docs about
placement policy.
The hidden configuration toc tree items are moved
into the sub-tree configuration/index to be closer
to the actual documents we're hiding from the toc tree.
Related to blueprint granular-placement-policy
Change-Id: Iad87dc339278ee7e7cf8de5eea252bbb7a5f75c2
Providing a sample policy file is all well and good, but it's not
exactly designed for readability on the web. Make use of the 'sphinxext'
module built into oslo.policy to do this.
Change-Id: I6cceeca7edcacb762daa1f22f2138e2d2334b3a2
Providing a sample configuration file is all well and good, but it's not
exactly designed for readability on the web. Make use of the 'sphinxext'
module built into oslo.config to do this.
Change-Id: I75e8f0adae7cfaaa6020870cdb20dc2144fc70eb
Per the spec [1]:
configuration/ – automatically generated configuration reference
information based on oslo.config’s sphinx integration (or manually
written for projects not using oslo.config). Step-by-step guides for
doing things like enabling cells or configuring a specific driver
should be placed in the admin/ section.
Only the 'sample_policy' and 'sample_config' files fit into this
category at present. We may wish to add files that use the oslo.config
and oslo.policy Sphinx integrations, but that can come later.
[1] specs.openstack.org/openstack/docs-specs/specs/pike/os-manuals-migration
Change-Id: I587551ada1932876bca51a362f8dfeef6f7dd70b
Matt Riedemann