Brianna Poulos
8c7ca368b1
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
27 lines
669 B
JSON
27 lines
669 B
JSON
{
|
|
"version": {
|
|
"id": "v2.1",
|
|
"links": [
|
|
{
|
|
"href": "http://openstack.example.com/v2.1/",
|
|
"rel": "self"
|
|
},
|
|
{
|
|
"href": "http://docs.openstack.org/",
|
|
"rel": "describedby",
|
|
"type": "text/html"
|
|
}
|
|
],
|
|
"media-types": [
|
|
{
|
|
"base": "application/json",
|
|
"type": "application/vnd.openstack.compute+json;version=2.1"
|
|
}
|
|
],
|
|
"status": "CURRENT",
|
|
"version": "2.63",
|
|
"min_version": "2.1",
|
|
"updated": "2013-07-23T11:33:21Z"
|
|
}
|
|
}
|