Created
June 2, 2023 10:41
-
-
Save omadjoudj/6c1b891ec3ce8445a9f1444818d52163 to your computer and use it in GitHub Desktop.
Victoria-Yoga-diff-flavor_access.py.diff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- a/nova/policies/flavor_access.py | |
+++ b/nova/policies/flavor_access.py | |
@@ -25,25 +25,27 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s' | |
# NOTE(gmann): Deprecating this policy explicitly as old defaults | |
# admin or owner is not suitable for that which should be admin (Bug#1867840) | |
# but changing that will break old deployment so let's keep supporting | |
-# the old default also and new default can be SYSTEM_READER | |
-# SYSTEM_READER rule in base class is defined with the deprecated rule of admin | |
+# the old default also and new default can be System Admin. | |
+# System Admin rule in base class is defined with the deprecated rule of admin | |
# not admin or owner which is the main reason that we need to explicitly | |
# deprecate this policy here. | |
-DEPRECATED_FLAVOR_ACCESS_POLICY = policy.DeprecatedRule( | |
- BASE_POLICY_NAME, | |
- base.RULE_ADMIN_OR_OWNER, | |
-) | |
- | |
DEPRECATED_REASON = """ | |
Nova API policies are introducing new default roles with scope_type | |
capabilities. Old policies are deprecated and silently going to be ignored | |
in nova 23.0.0 release. | |
""" | |
+DEPRECATED_FLAVOR_ACCESS_POLICY = policy.DeprecatedRule( | |
+ BASE_POLICY_NAME, | |
+ base.RULE_ADMIN_OR_OWNER, | |
+ deprecated_reason=DEPRECATED_REASON, | |
+ deprecated_since='21.0.0' | |
+) | |
+ | |
flavor_access_policies = [ | |
policy.DocumentedRuleDefault( | |
name=POLICY_ROOT % 'add_tenant_access', | |
- check_str=base.SYSTEM_ADMIN, | |
+ check_str=base.ADMIN, | |
description="Add flavor access to a tenant", | |
operations=[ | |
{ | |
@@ -54,7 +56,7 @@ flavor_access_policies = [ | |
scope_types=['system']), | |
policy.DocumentedRuleDefault( | |
name=POLICY_ROOT % 'remove_tenant_access', | |
- check_str=base.SYSTEM_ADMIN, | |
+ check_str=base.ADMIN, | |
description="Remove flavor access from a tenant", | |
operations=[ | |
{ | |
@@ -65,7 +67,7 @@ flavor_access_policies = [ | |
scope_types=['system']), | |
policy.DocumentedRuleDefault( | |
name=BASE_POLICY_NAME, | |
- check_str=base.SYSTEM_READER, | |
+ check_str=base.ADMIN, | |
description="""List flavor access information | |
Allows access to the full list of tenants that have access | |
@@ -78,9 +80,7 @@ to a flavor via an os-flavor-access API. | |
}, | |
], | |
scope_types=['system'], | |
- deprecated_rule=DEPRECATED_FLAVOR_ACCESS_POLICY, | |
- deprecated_reason=DEPRECATED_REASON, | |
- deprecated_since='21.0.0'), | |
+ deprecated_rule=DEPRECATED_FLAVOR_ACCESS_POLICY), | |
] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment