womax/nova - nova - Gitea: Git with a cup of tea

womax/nova

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matt Riedemann	0a461979df	Implement granular policy rules for placement This adds a granular policy checking framework for placement based on nova.policy but with a lot of the legacy cruft removed, like the is_admin and context_is_admin rules. A new PlacementPolicyFixture is added along with a new configuration option, [placement]/policy_file, which is needed because the default policy file that gets used in config is from [oslo_policy]/policy_file which is being used as the nova policy file. As far as I can tell, oslo.policy doesn't allow for multiple policy files with different names unless I'm misunderstanding how the policy_dirs option works. With these changes, we can have something like: /etc/nova/policy.json - for nova policy rules /etc/nova/placement-policy.yaml - for placement rules The docs are also updated to include the placement policy sample along with a tox builder for the sample. This starts by adding granular rules for CRUD operations on the /resource_providers and /resource_providers/{uuid} routes which use the same descriptions from the placement API reference. Subsequent patches will add new granular rules for the other routes. Part of blueprint granular-placement-policy Change-Id: I17573f5210314341c332fdcb1ce462a989c21940	2018-05-17 11:12:16 -04:00
Stephen Finucane	b03e815134	doc: Start using oslo_policy.sphinxext Providing a sample policy file is all well and good, but it's not exactly designed for readability on the web. Make use of the 'sphinxext' module built into oslo.policy to do this. Change-Id: I6cceeca7edcacb762daa1f22f2138e2d2334b3a2	2017-08-03 16:06:14 -04:00
Stephen Finucane	18be5324d6	doc: Populate the 'configuration' section Per the spec [1]: configuration/ – automatically generated configuration reference information based on oslo.config’s sphinx integration (or manually written for projects not using oslo.config). Step-by-step guides for doing things like enabling cells or configuring a specific driver should be placed in the admin/ section. Only the 'sample_policy' and 'sample_config' files fit into this category at present. We may wish to add files that use the oslo.config and oslo.policy Sphinx integrations, but that can come later. [1] specs.openstack.org/openstack/docs-specs/specs/pike/os-manuals-migration Change-Id: I587551ada1932876bca51a362f8dfeef6f7dd70b	2017-07-18 15:41:19 +01:00

Author

SHA1

Message

Date

Matt Riedemann

0a461979df

Implement granular policy rules for placement

This adds a granular policy checking framework for
placement based on nova.policy but with a lot of
the legacy cruft removed, like the is_admin and
context_is_admin rules.

A new PlacementPolicyFixture is added along with
a new configuration option, [placement]/policy_file,
which is needed because the default policy file
that gets used in config is from [oslo_policy]/policy_file
which is being used as the nova policy file. As
far as I can tell, oslo.policy doesn't allow for
multiple policy files with different names unless
I'm misunderstanding how the policy_dirs option works.

With these changes, we can have something like:

  /etc/nova/policy.json - for nova policy rules
  /etc/nova/placement-policy.yaml - for placement rules

The docs are also updated to include the placement
policy sample along with a tox builder for the sample.

This starts by adding granular rules for CRUD operations
on the /resource_providers and /resource_providers/{uuid}
routes which use the same descriptions from the placement
API reference. Subsequent patches will add new granular
rules for the other routes.

Part of blueprint granular-placement-policy

Change-Id: I17573f5210314341c332fdcb1ce462a989c21940

2018-05-17 11:12:16 -04:00

Stephen Finucane

b03e815134

doc: Start using oslo_policy.sphinxext

Providing a sample policy file is all well and good, but it's not
exactly designed for readability on the web. Make use of the 'sphinxext'
module built into oslo.policy to do this.

Change-Id: I6cceeca7edcacb762daa1f22f2138e2d2334b3a2

2017-08-03 16:06:14 -04:00

Stephen Finucane

18be5324d6

doc: Populate the 'configuration' section

Per the spec [1]:

  configuration/ – automatically generated configuration reference
  information based on oslo.config’s sphinx integration (or manually
  written for projects not using oslo.config). Step-by-step guides for
  doing things like enabling cells or configuring a specific driver
  should be placed in the admin/ section.

Only the 'sample_policy' and 'sample_config' files fit into this
category at present. We may wish to add files that use the oslo.config
and oslo.policy Sphinx integrations, but that can come later.

[1] specs.openstack.org/openstack/docs-specs/specs/pike/os-manuals-migration

Change-Id: I587551ada1932876bca51a362f8dfeef6f7dd70b

2017-07-18 15:41:19 +01:00

3 Commits