Coverage for nova/policies/volumes.py: 100%

9 statements  

« prev     ^ index     » next       coverage.py v7.6.12, created at 2025-04-17 15:08 +0000

1# Copyright 2016 Cloudbase Solutions Srl 

2# All Rights Reserved. 

3# 

4# Licensed under the Apache License, Version 2.0 (the "License"); you may 

5# not use this file except in compliance with the License. You may obtain 

6# a copy of the License at 

7# 

8# http://www.apache.org/licenses/LICENSE-2.0 

9# 

10# Unless required by applicable law or agreed to in writing, software 

11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

13# License for the specific language governing permissions and limitations 

14# under the License. 

15 

16from oslo_policy import policy 

17 

18from nova.policies import base 

19 

20 

21BASE_POLICY_NAME = 'os_compute_api:os-volumes' 

22POLICY_NAME = 'os_compute_api:os-volumes:%s' 

23 

24DEPRECATED_REASON = """ 

25Nova API policies are introducing new default roles with scope_type 

26capabilities. Old policies are deprecated and silently going to be ignored 

27in nova 23.0.0 release. 

28""" 

29 

30DEPRECATED_POLICY = policy.DeprecatedRule( 

31 BASE_POLICY_NAME, 

32 base.RULE_ADMIN_OR_OWNER, 

33 deprecated_reason=DEPRECATED_REASON, 

34 deprecated_since='22.0.0' 

35) 

36 

37 

38volumes_policies = [ 

39 policy.DocumentedRuleDefault( 

40 name=POLICY_NAME % 'list', 

41 check_str=base.PROJECT_READER_OR_ADMIN, 

42 description="""List volumes. 

43 

44This API is a proxy call to the Volume service. It is deprecated.""", 

45 operations=[ 

46 { 

47 'method': 'GET', 

48 'path': '/os-volumes' 

49 }, 

50 ], 

51 scope_types=['project'], 

52 deprecated_rule=DEPRECATED_POLICY), 

53 policy.DocumentedRuleDefault( 

54 name=POLICY_NAME % 'create', 

55 check_str=base.PROJECT_MEMBER_OR_ADMIN, 

56 description="""Create volume. 

57 

58This API is a proxy call to the Volume service. It is deprecated.""", 

59 operations=[ 

60 { 

61 'method': 'POST', 

62 'path': '/os-volumes' 

63 }, 

64 ], 

65 scope_types=['project'], 

66 deprecated_rule=DEPRECATED_POLICY), 

67 policy.DocumentedRuleDefault( 

68 name=POLICY_NAME % 'detail', 

69 check_str=base.PROJECT_READER_OR_ADMIN, 

70 description="""List volumes detail. 

71 

72This API is a proxy call to the Volume service. It is deprecated.""", 

73 operations=[ 

74 { 

75 'method': 'GET', 

76 'path': '/os-volumes/detail' 

77 }, 

78 ], 

79 scope_types=['project'], 

80 deprecated_rule=DEPRECATED_POLICY), 

81 policy.DocumentedRuleDefault( 

82 name=POLICY_NAME % 'show', 

83 check_str=base.PROJECT_READER_OR_ADMIN, 

84 description="""Show volume. 

85 

86This API is a proxy call to the Volume service. It is deprecated.""", 

87 operations=[ 

88 { 

89 'method': 'GET', 

90 'path': '/os-volumes/{volume_id}' 

91 }, 

92 ], 

93 scope_types=['project'], 

94 deprecated_rule=DEPRECATED_POLICY), 

95 policy.DocumentedRuleDefault( 

96 name=POLICY_NAME % 'delete', 

97 check_str=base.PROJECT_MEMBER_OR_ADMIN, 

98 description="""Delete volume. 

99 

100This API is a proxy call to the Volume service. It is deprecated.""", 

101 operations=[ 

102 { 

103 'method': 'DELETE', 

104 'path': '/os-volumes/{volume_id}' 

105 }, 

106 ], 

107 scope_types=['project'], 

108 deprecated_rule=DEPRECATED_POLICY), 

109 policy.DocumentedRuleDefault( 

110 name=POLICY_NAME % 'snapshots:list', 

111 check_str=base.PROJECT_READER_OR_ADMIN, 

112 description="""List snapshots. 

113 

114This API is a proxy call to the Volume service. It is deprecated.""", 

115 operations=[ 

116 { 

117 'method': 'GET', 

118 'path': '/os-snapshots' 

119 }, 

120 ], 

121 scope_types=['project'], 

122 deprecated_rule=DEPRECATED_POLICY), 

123 policy.DocumentedRuleDefault( 

124 name=POLICY_NAME % 'snapshots:create', 

125 check_str=base.PROJECT_MEMBER_OR_ADMIN, 

126 description="""Create snapshots. 

127 

128This API is a proxy call to the Volume service. It is deprecated.""", 

129 operations=[ 

130 { 

131 'method': 'POST', 

132 'path': '/os-snapshots' 

133 }, 

134 ], 

135 scope_types=['project'], 

136 deprecated_rule=DEPRECATED_POLICY), 

137 policy.DocumentedRuleDefault( 

138 name=POLICY_NAME % 'snapshots:detail', 

139 check_str=base.PROJECT_READER_OR_ADMIN, 

140 description="""List snapshots details. 

141 

142This API is a proxy call to the Volume service. It is deprecated.""", 

143 operations=[ 

144 { 

145 'method': 'GET', 

146 'path': '/os-snapshots/detail' 

147 }, 

148 ], 

149 scope_types=['project'], 

150 deprecated_rule=DEPRECATED_POLICY), 

151 policy.DocumentedRuleDefault( 

152 name=POLICY_NAME % 'snapshots:show', 

153 check_str=base.PROJECT_READER_OR_ADMIN, 

154 description="""Show snapshot. 

155 

156This API is a proxy call to the Volume service. It is deprecated.""", 

157 operations=[ 

158 { 

159 'method': 'GET', 

160 'path': '/os-snapshots/{snapshot_id}' 

161 }, 

162 ], 

163 scope_types=['project'], 

164 deprecated_rule=DEPRECATED_POLICY), 

165 policy.DocumentedRuleDefault( 

166 name=POLICY_NAME % 'snapshots:delete', 

167 check_str=base.PROJECT_MEMBER_OR_ADMIN, 

168 description="""Delete snapshot. 

169 

170This API is a proxy call to the Volume service. It is deprecated.""", 

171 operations=[ 

172 { 

173 'method': 'DELETE', 

174 'path': '/os-snapshots/{snapshot_id}' 

175 } 

176 ], 

177 scope_types=['project'], 

178 deprecated_rule=DEPRECATED_POLICY), 

179] 

180 

181 

182def list_rules(): 

183 return volumes_policies