Update manila policy management
Related: PROD-34318
Change-Id: Ia848d707441b008588c80396120848c2dd30661b
diff --git a/.kitchen.yml b/.kitchen.yml
index 4cfb1a2..0152dbc 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -15,6 +15,10 @@
grains:
noservices: True
dependencies:
+ - name: keystone
+ repo: git
+ source: https://gerrit.mcp.mirantis.com/salt-formulas/keystone
+ branch: <%=ENV['GERRIT_BRANCH'] || 'release/2019.2.0' %>
- name: linux
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/linux
diff --git a/README.rst b/README.rst
index 5871722..2ae16fa 100644
--- a/README.rst
+++ b/README.rst
@@ -45,6 +45,19 @@
host: 10.20.0.102
+Change default service policy configuration:
+--------------------------------------------
+
+.. code-block:: yaml
+
+ manila:
+ api:
+ policy:
+ quota_class_set:update: 'rule:default'
+ service:update: 'rule:admin_or_owner'
+ # Add key without value to remove line from policy.json
+ share:create:
+
Backend configuration
=====================
diff --git a/manila/api.sls b/manila/api.sls
index 2188af2..3c8476f 100644
--- a/manila/api.sls
+++ b/manila/api.sls
@@ -65,12 +65,45 @@
- require:
- manila_site_enabled
+/etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
+ file.managed:
+ - mode: 0640
+ - user: root
+ - group: manila
+ - require:
+ - pkg: manila_api_packages
+
+{%- for name, rule in api.get('policy', {}).iteritems() %}
+
+ {%- if rule != None %}
+manila_keystone_rule_{{ name }}_present:
+ keystone_policy.rule_present:
+ - path: /etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+ - name: {{ name }}
+ - rule: {{ rule }}
+ - require:
+ - pkg: manila_api_packages
+ - file: /etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+
+ {%- else %}
+
+manila_keystone_rule_{{ name }}_absent:
+ keystone_policy.rule_absent:
+ - path: /etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+ - name: {{ name }}
+ - require:
+ - pkg: manila_api_packages
+ - file: /etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
+
+ {%- endif %}
+{%- endfor %}
+
{{ api.service }}:
service.running:
- enable: true
- watch:
- file: /etc/manila/manila.conf
- - file: /etc/manila/policy.json
+ - file: /etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}
- manila_apache_wsgi_config
- manila_site_enabled
{%- if grains.get('noservices') %}
@@ -81,13 +114,4 @@
- manila_site_enabled
- sls: manila.db.offline_sync
-/etc/manila/{{ api.get('oslo_policy', {}).get('policy_file', 'policy.json') }}:
- file.managed:
- - source: salt://manila/files/{{ api.version }}/policy.json
- - template: jinja
- - mode: 0640
- - group: manila
- - require:
- - pkg: manila_api_packages
-
{%- endif %}
diff --git a/manila/files/pike/policy.json b/manila/files/pike/policy.json
deleted file mode 100644
index dc91ebf..0000000
--- a/manila/files/pike/policy.json
+++ /dev/null
@@ -1,163 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
- "default": "rule:admin_or_owner",
-
- "admin_api": "is_admin:True",
-
- "availability_zone:index": "rule:default",
-
- "quota_set:update": "rule:admin_api",
- "quota_set:show": "rule:default",
- "quota_set:delete": "rule:admin_api",
-
- "quota_class_set:show": "rule:default",
- "quota_class_set:update": "rule:admin_api",
-
- "service:index": "rule:admin_api",
- "service:update": "rule:admin_api",
-
- "share:create": "",
- "share:delete": "rule:default",
- "share:get": "rule:default",
- "share:get_all": "rule:default",
- "share:list_by_share_server_id": "rule:admin_api",
- "share:list_by_host": "rule:admin_api",
- "share:update": "rule:default",
- "share:access_get": "rule:default",
- "share:access_get_all": "rule:default",
- "share:allow_access": "rule:default",
- "share:deny_access": "rule:default",
- "share:extend": "rule:default",
- "share:shrink": "rule:default",
- "share:get_share_metadata": "rule:default",
- "share:delete_share_metadata": "rule:default",
- "share:update_share_metadata": "rule:default",
- "share:migration_start": "rule:admin_api",
- "share:migration_complete": "rule:admin_api",
- "share:migration_cancel": "rule:admin_api",
- "share:migration_get_progress": "rule:admin_api",
- "share:reset_task_state": "rule:admin_api",
- "share:manage": "rule:admin_api",
- "share:unmanage": "rule:admin_api",
- "share:force_delete": "rule:admin_api",
- "share:reset_status": "rule:admin_api",
- "share:revert_to_snapshot": "rule:default",
- "share_export_location:index": "rule:default",
- "share_export_location:show": "rule:default",
-
- "share_instance:index": "rule:admin_api",
- "share_instance:show": "rule:admin_api",
- "share_instance:force_delete": "rule:admin_api",
- "share_instance:reset_status": "rule:admin_api",
- "share_instance_export_location:index": "rule:admin_api",
- "share_instance_export_location:show": "rule:admin_api",
-
- "share:create_snapshot": "rule:default",
- "share:delete_snapshot": "rule:default",
- "share:snapshot_update": "rule:default",
- "share_snapshot:get_snapshot": "rule:default",
- "share_snapshot:get_all_snapshots": "rule:default",
- "share_snapshot:manage_snapshot": "rule:admin_api",
- "share_snapshot:unmanage_snapshot": "rule:admin_api",
- "share_snapshot:force_delete": "rule:admin_api",
- "share_snapshot:reset_status": "rule:admin_api",
- "share_snapshot:access_list": "rule:default",
- "share_snapshot:allow_access": "rule:default",
- "share_snapshot:deny_access": "rule:default",
- "share_snapshot_export_location:index": "rule:default",
- "share_snapshot_export_location:show": "rule:default",
-
- "share_snapshot_instance:detail": "rule:admin_api",
- "share_snapshot_instance:index": "rule:admin_api",
- "share_snapshot_instance:show": "rule:admin_api",
- "share_snapshot_instance:reset_status": "rule:admin_api",
- "share_snapshot_instance_export_location:index": "rule:admin_api",
- "share_snapshot_instance_export_location:show": "rule:admin_api",
-
- "share_type:index": "rule:default",
- "share_type:show": "rule:default",
- "share_type:default": "rule:default",
- "share_type:create": "rule:admin_api",
- "share_type:delete": "rule:admin_api",
- "share_type:add_project_access": "rule:admin_api",
- "share_type:list_project_access": "rule:admin_api",
- "share_type:remove_project_access": "rule:admin_api",
-
- "share_types_extra_spec:create": "rule:admin_api",
- "share_types_extra_spec:update": "rule:admin_api",
- "share_types_extra_spec:show": "rule:admin_api",
- "share_types_extra_spec:index": "rule:admin_api",
- "share_types_extra_spec:delete": "rule:admin_api",
-
- "security_service:create": "rule:default",
- "security_service:delete": "rule:default",
- "security_service:update": "rule:default",
- "security_service:show": "rule:default",
- "security_service:index": "rule:default",
- "security_service:detail": "rule:default",
- "security_service:get_all_security_services": "rule:admin_api",
-
- "share_server:index": "rule:admin_api",
- "share_server:show": "rule:admin_api",
- "share_server:details": "rule:admin_api",
- "share_server:delete": "rule:admin_api",
-
- "share_network:create": "rule:default",
- "share_network:delete": "rule:default",
- "share_network:update": "rule:default",
- "share_network:index": "rule:default",
- "share_network:detail": "rule:default",
- "share_network:show": "rule:default",
- "share_network:add_security_service": "rule:default",
- "share_network:remove_security_service": "rule:default",
- "share_network:get_all_share_networks": "rule:admin_api",
-
- "scheduler_stats:pools:index": "rule:admin_api",
- "scheduler_stats:pools:detail": "rule:admin_api",
-
- "share_group:create" : "rule:default",
- "share_group:delete": "rule:default",
- "share_group:update": "rule:default",
- "share_group:get": "rule:default",
- "share_group:get_all": "rule:default",
- "share_group:force_delete": "rule:admin_api",
- "share_group:reset_status": "rule:admin_api",
-
- "share_group_snapshot:create" : "rule:default",
- "share_group_snapshot:delete": "rule:default",
- "share_group_snapshot:update" : "rule:default",
- "share_group_snapshot:get": "rule:default",
- "share_group_snapshot:get_all": "rule:default",
- "share_group_snapshot:force_delete": "rule:admin_api",
- "share_group_snapshot:reset_status": "rule:admin_api",
-
- "share_replica:get_all": "rule:default",
- "share_replica:show": "rule:default",
- "share_replica:create" : "rule:default",
- "share_replica:delete": "rule:default",
- "share_replica:promote": "rule:default",
- "share_replica:resync": "rule:admin_api",
- "share_replica:reset_status": "rule:admin_api",
- "share_replica:force_delete": "rule:admin_api",
- "share_replica:reset_replica_state": "rule:admin_api",
-
- "share_group_type:index": "rule:default",
- "share_group_type:show": "rule:default",
- "share_group_type:default": "rule:default",
- "share_group_type:create": "rule:admin_api",
- "share_group_type:delete": "rule:admin_api",
- "share_group_type:add_project_access": "rule:admin_api",
- "share_group_type:list_project_access": "rule:admin_api",
- "share_group_type:remove_project_access": "rule:admin_api",
-
- "share_group_types_spec:create": "rule:admin_api",
- "share_group_types_spec:update": "rule:admin_api",
- "share_group_types_spec:show": "rule:admin_api",
- "share_group_types_spec:index": "rule:admin_api",
- "share_group_types_spec:delete": "rule:admin_api",
-
- "message:delete": "rule:default",
- "message:get": "rule:default",
- "message:get_all": "rule:default"
-}
diff --git a/manila/files/queens/policy.json b/manila/files/queens/policy.json
deleted file mode 100644
index 9b4b2a2..0000000
--- a/manila/files/queens/policy.json
+++ /dev/null
@@ -1,606 +0,0 @@
-#
-#"context_is_admin": "role:admin"
-
-#
-#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
-
-#
-#"default": "rule:admin_or_owner"
-
-#
-#"admin_api": "is_admin:True"
-
-# Get all storage availability zones.
-# GET /os-availability-zone
-# GET /availability-zone
-#"availability_zone:index": "rule:default"
-
-# Get information regarding backends (and storage pools) known to the
-# scheduler.
-# GET /scheduler-stats/pools
-# GET /scheduler-stats/pools?{query}
-#"scheduler_stats:pools:index": "rule:admin_api"
-
-# Get detailed information regarding backends (and storage pools)
-# known to the scheduler.
-# GET /scheduler-stats/pools/detail?{query}
-# GET /scheduler-stats/pools/detail
-#"scheduler_stats:pools:detail": "rule:admin_api"
-
-# Create share.
-# POST /shares
-#"share:create": ""
-
-# Get share.
-# GET /shares/{share_id}
-#"share:get": "rule:default"
-
-# List shares.
-# GET /shares
-# GET /shares/detail
-#"share:get_all": "rule:default"
-
-# Update share.
-# PUT /shares
-#"share:update": "rule:default"
-
-# Delete share.
-# DELETE /shares/{share_id}
-#"share:delete": "rule:default"
-
-# Force Delete a share.
-# DELETE /shares/{share_id}
-#"share:force_delete": "rule:admin_api"
-
-# Manage share.
-# POST /shares/manage
-#"share:manage": "rule:admin_api"
-
-# Unmanage share.
-# POST /shares/unmanage
-#"share:unmanage": "rule:admin_api"
-
-# Create share snapshot.
-# POST /snapshots
-#"share:create_snapshot": "rule:default"
-
-# List share by host.
-# GET /shares
-# GET /shares/detail
-#"share:list_by_host": "rule:admin_api"
-
-# List share by server id.
-# GET /shares
-# GET /shares/detail
-#"share:list_by_share_server_id": "rule:admin_api"
-
-# Get share access rule, it under deny access operation.
-# POST /shares/{share_id}/action
-#"share:access_get": "rule:default"
-
-# List share access rules.
-# GET /shares/{share_id}/action
-#"share:access_get_all": "rule:default"
-
-# Extend share.
-# POST /shares/{share_id}/action
-#"share:extend": "rule:default"
-
-# Shrink share.
-# POST /shares/{share_id}/action
-#"share:shrink": "rule:default"
-
-# Migrate a share to the specified host.
-# POST /shares/{share_id}/action
-#"share:migration_start": "rule:admin_api"
-
-# Invokes 2nd phase of share migration.
-# POST /shares/{share_id}/action
-#"share:migration_complete": "rule:admin_api"
-
-# Attempts to cancel share migration.
-# POST /shares/{share_id}/action
-#"share:migration_cancel": "rule:admin_api"
-
-# Retrieve share migration progress for a given share.
-# POST /shares/{share_id}/action
-#"share:migration_get_progress": "rule:admin_api"
-
-# Reset task state.
-# POST /shares/{share_id}/action
-#"share:reset_task_state": "rule:admin_api"
-
-# Reset status.
-# POST /shares/{share_id}/action
-#"share:reset_status": "rule:admin_api"
-
-# Revert a share to a snapshot.
-# POST /shares/{share_id}/action
-#"share:revert_to_snapshot": "rule:default"
-
-# Add share access rule.
-# POST /shares/{share_id}/action
-#"share:allow_access": "rule:default"
-
-# Remove share access rule.
-# POST /shares/{share_id}/action
-#"share:deny_access": "rule:default"
-
-# Delete share snapshot.
-# DELETE /snapshots/{snapshot_id}
-#"share:delete_snapshot": "rule:default"
-
-# Update share snapshot.
-# PUT /snapshots/{snapshot_id}/action
-#"share:snapshot_update": "rule:default"
-
-# Update share metadata.
-# PUT /shares/{share_id}/metadata
-#"share:update_share_metadata": "rule:default"
-
-# Delete share metadata.
-# DELETE /shares/{share_id}/metadata/{key}
-#"share:delete_share_metadata": "rule:default"
-
-# Get share metadata.
-# GET /shares/{share_id}/metadata
-#"share:get_share_metadata": "rule:default"
-
-# Return data about the requested export location.
-# POST /share_instances/{share_instance_id}/export_locations
-#"share_instance_export_location:index": "rule:admin_api"
-
-# Return data about the requested export location.
-# GET /share_instances/{share_instance_id}/export_locations/{export_location_id}
-#"share_instance_export_location:show": "rule:admin_api"
-
-# Create share type.
-# POST /types
-#"share_type:create": "rule:admin_api"
-
-# Get share type.
-# GET /types/{share_type_id}
-#"share_type:show": "rule:default"
-
-# List share types.
-# GET /types
-# GET /types?is_public=all
-#"share_type:index": "rule:default"
-
-# Get default share type.
-# GET /types/default
-#"share_type:default": "rule:default"
-
-# Delete share type.
-# DELETE /types/{share_type_id}
-#"share_type:delete": "rule:admin_api"
-
-# List share type project access.
-# GET /types/{share_type_id}
-#"share_type:list_project_access": "rule:admin_api"
-
-# Add share type to project.
-# POST /types/{share_type_id}/action
-#"share_type:add_project_access": "rule:admin_api"
-
-# Remove share type from project.
-# POST /types/{share_type_id}/action
-#"share_type:remove_project_access": "rule:admin_api"
-
-# Create share type extra spec.
-# POST /types/{share_type_id}/extra_specs
-#"share_types_extra_spec:create": "rule:admin_api"
-
-# Get share type extra specs of a given share type.
-# GET /types/{share_type_id}/extra_specs
-#"share_types_extra_spec:show": "rule:admin_api"
-
-# Get details of a share type extra spec.
-# GET /types/{share_type_id}/extra_specs/{extra_spec_id}
-#"share_types_extra_spec:index": "rule:admin_api"
-
-# Update share type extra spec.
-# PUT /types/{share_type_id}/extra_specs
-#"share_types_extra_spec:update": "rule:admin_api"
-
-# Delete share type extra spec.
-# DELETE /types/{share_type_id}/extra_specs/{key}
-#"share_types_extra_spec:delete": "rule:admin_api"
-
-# Get share snapshot.
-# GET /snapshots/{snapshot_id}
-#"share_snapshot:get_snapshot": "rule:default"
-
-# Get all share snapshots.
-# GET /snapshots
-# GET /snapshots/detail
-# GET /snapshots?{query}
-# GET /snapshots/detail?{query}
-#"share_snapshot:get_all_snapshots": "rule:default"
-
-# Force Delete a share snapshot.
-# DELETE /snapshots/{snapshot_id}
-#"share_snapshot:force_delete": "rule:admin_api"
-
-# Manage share snapshot.
-# POST /snapshots/manage
-#"share_snapshot:manage_snapshot": "rule:admin_api"
-
-# Unmanage share snapshot.
-# POST /snapshots/{snapshot_id}/action
-#"share_snapshot:unmanage_snapshot": "rule:admin_api"
-
-# Reset status.
-# POST /snapshots/{snapshot_id}/action
-#"share_snapshot:reset_status": "rule:admin_api"
-
-# List access rules of a share snapshot.
-# GET /snapshots/{snapshot_id}/access-list
-#"share_snapshot:access_list": "rule:default"
-
-# Allow access to a share snapshot.
-# POST /snapshots/{snapshot_id}/action
-#"share_snapshot:allow_access": "rule:default"
-
-# Deny access to a share snapshot.
-# POST /snapshots/{snapshot_id}/action
-#"share_snapshot:deny_access": "rule:default"
-
-# List export locations of a share snapshot.
-# GET /snapshots/{snapshot_id}/export-locations/
-#"share_snapshot_export_location:index": "rule:default"
-
-# Get details of a specified export location of a share snapshot.
-# GET /snapshots/{snapshot_id}/export-locations/{export_location_id}
-#"share_snapshot_export_location:show": "rule:default"
-
-# Get share snapshot instance.
-# GET /snapshot-instances/{snapshot_instance_id}
-#"share_snapshot_instance:show": "rule:admin_api"
-
-# Get all share snapshot instances.
-# GET /snapshot-instances
-# GET /snapshot-instances?{query}
-#"share_snapshot_instance:index": "rule:admin_api"
-
-# Get details of share snapshot instances.
-# GET /snapshot-instances/detail
-# GET /snapshot-instances/detail?{query}
-#"share_snapshot_instance:detail": "rule:admin_api"
-
-# Reset share snapshot instance's status.
-# POST /snapshot-instances/{snapshot_instance_id}/action
-#"share_snapshot_instance:reset_status": "rule:admin_api"
-
-# List export locations of a share snapshot instance.
-# GET /snapshot-instances/{snapshot_instance_id}/export-locations
-#"share_snapshot_instance_export_location:index": "rule:admin_api"
-
-# Show details of a specified export location of a share snapshot
-# instance.
-# GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
-#"share_snapshot_instance_export_location:show": "rule:admin_api"
-
-# Get share servers.
-# GET /share-servers
-# GET /share-servers?{query}
-#"share_server:index": "rule:admin_api"
-
-# Show share server.
-# GET /share-servers/{server_id}
-#"share_server:show": "rule:admin_api"
-
-# Get share server details.
-# GET /share-servers/{server_id}/details
-#"share_server:details": "rule:admin_api"
-
-# Delete share server.
-# DELETE /share-servers/{server_id}
-#"share_server:delete": "rule:admin_api"
-
-# Return a list of all running services.
-# GET /os-services
-# GET /os-services?{query}
-# GET /services
-# GET /services?{query}
-#"service:index": "rule:admin_api"
-
-# Enable/Disable scheduling for a service.
-# PUT /os-services/disable
-# PUT /os-services/enable
-# PUT /services/disable
-# PUT /services/enable
-#"service:update": "rule:admin_api"
-
-# Update the quotas for a project/user and/or share type.
-# PUT /quota-sets/{tenant_id}
-# PUT /quota-sets/{tenant_id}?user_id={user_id}
-# PUT /quota-sets/{tenant_id}?share_type={share_type_id}
-# PUT /os-quota-sets/{tenant_id}
-# PUT /os-quota-sets/{tenant_id}?user_id={user_id}
-#"quota_set:update": "rule:admin_api"
-
-# List the quotas for a tenant/user.
-# GET /quota-sets/{tenant_id}/defaults
-# GET /os-quota-sets/{tenant_id}/defaults
-#"quota_set:show": "rule:default"
-
-# Delete quota for a tenant/user or tenant/share-type. The quota will
-# revert back to default (Admin only).
-# DELETE /quota-sets/{tenant_id}
-# DELETE /quota-sets/{tenant_id}?user_id={user_id}
-# DELETE /quota-sets/{tenant_id}?share_type={share_type_id}
-# DELETE /os-quota-sets/{tenant_id}
-# DELETE /os-quota-sets/{tenant_id}?user_id={user_id}
-#"quota_set:delete": "rule:admin_api"
-
-# Update quota class.
-# PUT /quota-class-sets/{class_name}
-# PUT /os-quota-class-sets/{class_name}
-#"quota_class_set:update": "rule:admin_api"
-
-# Get quota class.
-# GET /quota-class-sets/{class_name}
-# GET /os-quota-class-sets/{class_name}
-#"quota_class_set:show": "rule:default"
-
-# Create share group type specs.
-# POST /share-group-types/{share_group_type_id}/group-specs
-#"share_group_types_spec:create": "rule:admin_api"
-
-# Get share group type specs.
-# GET /share-group-types/{share_group_type_id}/group-specs
-#"share_group_types_spec:index": "rule:admin_api"
-
-# Get details of a share group type spec.
-# GET /share-group-types/{share_group_type_id}/group-specs/{key}
-#"share_group_types_spec:show": "rule:admin_api"
-
-# Update a share group type spec.
-# PUT /share-group-types/{share_group_type_id}/group-specs/{key}
-#"share_group_types_spec:update": "rule:admin_api"
-
-# Delete a share group type spec.
-# DELETE /share-group-types/{share_group_type_id}/group-specs/{key}
-#"share_group_types_spec:delete": "rule:admin_api"
-
-# Create a new share group type.
-# POST /share-group-types
-#"share_group_type:create": "rule:admin_api"
-
-# Get the list of share group types.
-# GET /share-group-types
-# GET /share-group-types?is_public=all
-#"share_group_type:index": "rule:default"
-
-# Get details regarding the specified share group type.
-# GET /share-group-types/{share_group_type_id}
-#"share_group_type:show": "rule:default"
-
-# Get the default share group type.
-# GET /share-group-types/default
-#"share_group_type:default": "rule:default"
-
-# Delete an existing group type.
-# DELETE /share-group-types/{share_group_type_id}
-#"share_group_type:delete": "rule:admin_api"
-
-# Get project access by share group type.
-# POST /share-group-types/{share_group_type_id}/access
-#"share_group_type:list_project_access": "rule:admin_api"
-
-# Allow project to use the share group type.
-# POST /share-group-types/{share_group_type_id}/action
-#"share_group_type:add_project_access": "rule:admin_api"
-
-# Deny project access to use the share group type.
-# POST /share-group-types/{share_group_type_id}/action
-#"share_group_type:remove_project_access": "rule:admin_api"
-
-# Create a new share group snapshot.
-# POST /share-group-snapshots
-#"share_group_snapshot:create": "rule:default"
-
-# Get details of a share group snapshot.
-# GET /share-group-snapshots/{share_group_snapshot_id}
-#"share_group_snapshot:get": "rule:default"
-
-# Get all share group snapshots.
-# GET /share-group-snapshots
-# GET /share-group-snapshots/detail
-# GET /share-group-snapshots/{query}
-# GET /share-group-snapshots/detail?{query}
-#"share_group_snapshot:get_all": "rule:default"
-
-# Update a share group snapshot.
-# PUT /share-group-snapshots/{share_group_snapshot_id}
-#"share_group_snapshot:update": "rule:default"
-
-# Delete a share group snapshot.
-# DELETE /share-group-snapshots/{share_group_snapshot_id}
-#"share_group_snapshot:delete": "rule:default"
-
-# Force delete a share group snapshot.
-# POST /share-group-snapshots/{share_group_snapshot_id}/action
-#"share_group_snapshot:force_delete": "rule:admin_api"
-
-# Reset a share group snapshot's status.
-# POST /share-group-snapshots/{share_group_snapshot_id}/action
-#"share_group_snapshot:reset_status": "rule:admin_api"
-
-# Create share group.
-# POST /share-groups
-#"share_group:create": "rule:default"
-
-# Get details of a share group.
-# GET /share-groups/{share_group_id}
-#"share_group:get": "rule:default"
-
-# Get all share groups.
-# GET /share-groups
-# GET /share-groups/detail
-# GET /share-groups?{query}
-# GET /share-groups/detail?{query}
-#"share_group:get_all": "rule:default"
-
-# Update share group.
-# PUT /share-groups/{share_group_id}
-#"share_group:update": "rule:default"
-
-# Delete share group.
-# DELETE /share-groups/{share_group_id}
-#"share_group:delete": "rule:default"
-
-# Force delete a share group.
-# POST /share-groups/{share_group_id}/action
-#"share_group:force_delete": "rule:admin_api"
-
-# Reset share group's status.
-# POST /share-groups/{share_group_id}/action
-#"share_group:reset_status": "rule:admin_api"
-
-# Create share replica.
-# POST /share-replicas
-#"share_replica:create": "rule:default"
-
-# Get all share replicas.
-# GET /share-replicas
-# GET /share-replicas/detail
-# GET /share-replicas/detail?share_id={share_id}
-#"share_replica:get_all": "rule:default"
-
-# Get details of a share replica.
-# GET /share-replicas/{share_replica_id}
-#"share_replica:show": "rule:default"
-
-# Delete a share replica.
-# DELETE /share-replicas/{share_replica_id}
-#"share_replica:delete": "rule:default"
-
-# Force delete a share replica.
-# POST /share-replicas/{share_replica_id}/action
-#"share_replica:force_delete": "rule:admin_api"
-
-# Promote a non-active share replica to active.
-# POST /share-replicas/{share_replica_id}/action
-#"share_replica:promote": "rule:default"
-
-# Resync a share replica that is out of sync.
-# POST /share-replicas/{share_replica_id}/action
-#"share_replica:resync": "rule:admin_api"
-
-# Reset share replica's replica_state attribute.
-# POST /share-replicas/{share_replica_id}/action
-#"share_replica:reset_replica_state": "rule:admin_api"
-
-# Reset share replica's status.
-# POST /share-replicas/{share_replica_id}/action
-#"share_replica:reset_status": "rule:admin_api"
-
-# Create share network.
-# POST /share-networks
-#"share_network:create": "rule:default"
-
-# Get details of a share network.
-# GET /share-networks/{share_network_id}
-#"share_network:show": "rule:default"
-
-# Get all share networks.
-# GET /share-networks
-# GET /share-networks?{query}
-#"share_network:index": "rule:default"
-
-# Get details of share networks .
-# GET /share-networks/detail?{query}
-# GET /share-networks/detail
-#"share_network:detail": "rule:default"
-
-# Update a share network.
-# PUT /share-networks/{share_network_id}
-#"share_network:update": "rule:default"
-
-# Delete a share network.
-# DELETE /share-networks/{share_network_id}
-#"share_network:delete": "rule:default"
-
-# Add security service to share network.
-# POST /share-networks/{share_network_id}/action
-#"share_network:add_security_service": "rule:default"
-
-# Remove security service from share network.
-# POST /share-networks/{share_network_id}/action
-#"share_network:remove_security_service": "rule:default"
-
-# Get share networks belonging to all projects.
-# GET /share-networks?all_tenants=1
-# GET /share-networks/detail?all_tenants=1
-#"share_network:get_all_share_networks": "rule:admin_api"
-
-# Create security service.
-# POST /security-services
-#"security_service:create": "rule:default"
-
-# Get details of a security service.
-# GET /security-services/{security_service_id}
-#"security_service:show": "rule:default"
-
-# Get details of all security services.
-# GET /security-services/detail?{query}
-# GET /security-services/detail
-#"security_service:detail": "rule:default"
-
-# Get all security services.
-# GET /security-services
-# GET /security-services?{query}
-#"security_service:index": "rule:default"
-
-# Update a security service.
-# PUT /security-services/{security_service_id}
-#"security_service:update": "rule:default"
-
-# Delete a security service.
-# DELETE /security-services/{security_service_id}
-#"security_service:delete": "rule:default"
-
-# Get security services of all projects.
-# GET /security-services?all_tenants=1
-# GET /security-services/detail?all_tenants=1
-#"security_service:get_all_security_services": "rule:admin_api"
-
-# Get all export locations of a given share.
-# GET /shares/{share_id}/export_locations
-#"share_export_location:index": "rule:default"
-
-# Get details about the requested export location.
-# GET /shares/{share_id}/export_locations/{export_location_id}
-#"share_export_location:show": "rule:default"
-
-# Get all share instances.
-# GET /share_instances
-# GET /share_instances?{query}
-#"share_instance:index": "rule:admin_api"
-
-# Get details of a share instance.
-# GET /share_instances/{share_instance_id}
-#"share_instance:show": "rule:admin_api"
-
-# Force delete a share instance.
-# POST /share_instances/{share_instance_id}/action
-#"share_instance:force_delete": "rule:admin_api"
-
-# Reset share instance's status.
-# POST /share_instances/{share_instance_id}/action
-#"share_instance:reset_status": "rule:admin_api"
-
-# Get details of a given message.
-# GET /messages/{message_id}
-#"message:get": "rule:default"
-
-# Get all messages.
-# GET /messages
-# GET /messages?{query}
-#"message:get_all": "rule:default"
-
-# Delete a message.
-# DELETE /messages/{message_id}
-#"message:delete": "rule:default"
diff --git a/manila/map.jinja b/manila/map.jinja
index 83eff3f..e867de4 100644
--- a/manila/map.jinja
+++ b/manila/map.jinja
@@ -15,9 +15,6 @@
}
},
},
- 'oslo_policy': {
- 'policy_file': 'policy.json'
- },
}
}, merge=pillar.manila.get('common', {})) %}
@@ -27,6 +24,9 @@
'engine': {
'name': 'eventlet'
},
+ 'oslo_policy': {
+ 'policy_file': 'policy.json'
+ },
'service': 'apache2',
'cacert_file': cacert_file,
}
diff --git a/tests/pillar/server_single.sls b/tests/pillar/server_single.sls
index 09e10be..a4fa927 100644
--- a/tests/pillar/server_single.sls
+++ b/tests/pillar/server_single.sls
@@ -37,6 +37,10 @@
enabled: false
ossyslog:
enabled: false
+ policy:
+ quota_class_set:update: 'rule:default'
+ service:update: 'rule:admin_or_owner'
+ share:create:
apache:
server:
enabled: true