"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "cyborg/policies/device_profiles.py" between
openstack-cyborg-6.0.0.tar.gz and openstack-cyborg-7.0.0.tar.gz

About: OpenStack Cyborg provides a general purpose management framework for acceleration resources.
The "Xena" series (latest release).

device_profiles.py  (openstack-cyborg-6.0.0):device_profiles.py  (openstack-cyborg-7.0.0)
skipping to change at line 33 skipping to change at line 33
# To ensure API works fine with both old policies and new policies, we set # To ensure API works fine with both old policies and new policies, we set
# ``cyborg.conf [oslo_policy] enforce_scope = False`` by default. With this, # ``cyborg.conf [oslo_policy] enforce_scope = False`` by default. With this,
# policy authorization check will pass those who comply with either new policy # policy authorization check will pass those who comply with either new policy
# rules or old policy rules by invoking oslo_policy.policy.OrCheck # rules or old policy rules by invoking oslo_policy.policy.OrCheck
# (REF:https://github.com/openstack/oslo.policy/blob/cab28649c689067970a51a2f9b3 29bdd6a0f0501/oslo_policy/policy.py#L726) # (REF:https://github.com/openstack/oslo.policy/blob/cab28649c689067970a51a2f9b3 29bdd6a0f0501/oslo_policy/policy.py#L726)
# And once we move to new defaults only world, we will set # And once we move to new defaults only world, we will set
# ``cyborg.conf [oslo_policy] enforce_scope = True`` by default, at which time # ``cyborg.conf [oslo_policy] enforce_scope = True`` by default, at which time
# we can totally remove these deprecated device_profile policies from code. # we can totally remove these deprecated device_profile policies from code.
deprecated_get_all = policy.DeprecatedRule( deprecated_get_all = policy.DeprecatedRule(
name='cyborg:device_profile:get_all', name='cyborg:device_profile:get_all',
check_str=base.deprecated_default) check_str=base.deprecated_default,
deprecated_reason=('request admin_or_owmer rule is too strict for '
'listing device_profile'),
deprecated_since=versionutils.deprecated.WALLABY)
deprecated_get_one = policy.DeprecatedRule( deprecated_get_one = policy.DeprecatedRule(
name='cyborg:device_profile:get_one', name='cyborg:device_profile:get_one',
check_str=base.deprecated_default) check_str=base.deprecated_default,
deprecated_reason=('request admin_or_owmer rule is too strict for '
'retrieving a device_profile'),
deprecated_since=versionutils.deprecated.WALLABY)
deprecated_create = policy.DeprecatedRule( deprecated_create = policy.DeprecatedRule(
name='cyborg:device_profile:create', name='cyborg:device_profile:create',
check_str=base.deprecated_is_admin) check_str=base.deprecated_is_admin,
deprecated_reason=('project_admin_or_owner is too permissive, '
'introduce system_scoped admin for creation'),
deprecated_since=versionutils.deprecated.WALLABY)
deprecated_delete = policy.DeprecatedRule( deprecated_delete = policy.DeprecatedRule(
name='cyborg:device_profile:delete', name='cyborg:device_profile:delete',
check_str=base.deprecated_default) check_str=base.deprecated_default,
deprecated_reason=('project_admin_or_owner is too permissive, '
'introduce system_scoped admin for deletion'),
deprecated_since=versionutils.deprecated.WALLABY)
# new device_profile policies # new device_profile policies
device_profile_policies = [ device_profile_policies = [
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='cyborg:device_profile:get_all', name='cyborg:device_profile:get_all',
check_str=base.PROJECT_READER_OR_SYSTEM_READER, check_str=base.PROJECT_READER_OR_SYSTEM_READER,
description='Retrieve all device_profiles', description='Retrieve all device_profiles',
operations=[ operations=[
{ {
'path': '/v2/device_profiles', 'path': '/v2/device_profiles',
'method': 'GET' 'method': 'GET'
}], }],
scope_types=['system', 'project'], scope_types=['system', 'project'],
deprecated_rule=deprecated_get_all, deprecated_rule=deprecated_get_all),
deprecated_reason=('request admin_or_owmer rule is too strict for '
'listing device_profile'),
deprecated_since=versionutils.deprecated.WALLABY),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='cyborg:device_profile:get_one', name='cyborg:device_profile:get_one',
check_str=base.PROJECT_READER_OR_SYSTEM_READER, check_str=base.PROJECT_READER_OR_SYSTEM_READER,
description='Retrieve a specific device_profile', description='Retrieve a specific device_profile',
operations=[ operations=[
{ {
'path': '/v2/device_profiles/{device_profiles_uuid}', 'path': '/v2/device_profiles/{device_profiles_uuid}',
'method': 'GET' 'method': 'GET'
}], }],
scope_types=['system', 'project'], scope_types=['system', 'project'],
deprecated_rule=deprecated_get_one, deprecated_rule=deprecated_get_one),
deprecated_reason=('request admin_or_owmer rule is too strict for '
'retrieving a device_profile'),
deprecated_since=versionutils.deprecated.WALLABY),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='cyborg:device_profile:create', name='cyborg:device_profile:create',
check_str=base.SYSTEM_ADMIN, check_str=base.SYSTEM_ADMIN,
description='Create a device_profile', description='Create a device_profile',
operations=[ operations=[
{ {
'path': '/v2/device_profiles', 'path': '/v2/device_profiles',
'method': 'POST' 'method': 'POST'
}], }],
scope_types=['system'], scope_types=['system'],
deprecated_rule=deprecated_create, deprecated_rule=deprecated_create),
deprecated_reason=('project_admin_or_owner is too permissive, '
'introduce system_scoped admin for creation'),
deprecated_since=versionutils.deprecated.WALLABY),
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='cyborg:device_profile:delete', name='cyborg:device_profile:delete',
check_str=base.SYSTEM_ADMIN, check_str=base.SYSTEM_ADMIN,
description='Delete device_profile(s)', description='Delete device_profile(s)',
operations=[ operations=[
{ {
'path': '/v2/device_profiles/{device_profiles_uuid}', 'path': '/v2/device_profiles/{device_profiles_uuid}',
'method': 'DELETE'}, 'method': 'DELETE'},
{ {
'path': '/v2/device_profiles?value={device_profile_name1}', 'path': '/v2/device_profiles?value={device_profile_name1}',
'method': 'DELETE'}, 'method': 'DELETE'},
], ],
scope_types=['system'], scope_types=['system'],
deprecated_rule=deprecated_delete, deprecated_rule=deprecated_delete),
deprecated_reason=('project_admin_or_owner is too permissive, '
'introduce system_scoped admin for deletion'),
deprecated_since=versionutils.deprecated.WALLABY),
] ]
def list_policies(): def list_policies():
return device_profile_policies return device_profile_policies
 End of changes. 8 change blocks. 
20 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)