ad5736d3f3
This commit does the following: - separates test.yml into a number of individual task files - updates tests/inventory and adds localhost to cinder_all and cinder_volume groups - updates tests/inventory by setting localhost to use the python interpreter in the tox venv (this is needed because openstack-infra runs tox with PYTHON set to the venv's interpreter) - updates tox to symlink python-apt on host into tox venv (this is needed in the functional test as we are now running python from the venv and there is no clear way to simply pip install this) - creates a cinder volume and validates it goes active - bumps keystone and cinder SHAs in the tests to use stable/mitaka and a more recent requirements - updates paste, policy and rootwrap configurations - updates API checks to allow for both 200 and 300 status codes Change-Id: I9b62bc841f86349b60b978fcfc813afe0a313318
105 lines
4.8 KiB
Django/Jinja
105 lines
4.8 KiB
Django/Jinja
{
|
|
"context_is_admin": "role:admin",
|
|
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"admin_api": "is_admin:True",
|
|
|
|
"volume:create": "",
|
|
"volume:delete": "rule:admin_or_owner",
|
|
"volume:get": "rule:admin_or_owner",
|
|
"volume:get_all": "rule:admin_or_owner",
|
|
"volume:get_volume_metadata": "rule:admin_or_owner",
|
|
"volume:delete_volume_metadata": "rule:admin_or_owner",
|
|
"volume:update_volume_metadata": "rule:admin_or_owner",
|
|
"volume:get_volume_admin_metadata": "rule:admin_api",
|
|
"volume:update_volume_admin_metadata": "rule:admin_api",
|
|
"volume:get_snapshot": "rule:admin_or_owner",
|
|
"volume:get_all_snapshots": "rule:admin_or_owner",
|
|
"volume:create_snapshot": "rule:admin_or_owner",
|
|
"volume:delete_snapshot": "rule:admin_or_owner",
|
|
"volume:update_snapshot": "rule:admin_or_owner",
|
|
"volume:extend": "rule:admin_or_owner",
|
|
"volume:update_readonly_flag": "rule:admin_or_owner",
|
|
"volume:retype": "rule:admin_or_owner",
|
|
"volume:update": "rule:admin_or_owner",
|
|
|
|
"volume_extension:types_manage": "rule:admin_api",
|
|
"volume_extension:types_extra_specs": "rule:admin_api",
|
|
"volume_extension:access_types_qos_specs_id": "rule:admin_api",
|
|
"volume_extension:access_types_extra_specs": "rule:admin_api",
|
|
"volume_extension:volume_type_access": "rule:admin_or_owner",
|
|
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
|
|
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
|
|
"volume_extension:volume_type_encryption": "rule:admin_api",
|
|
"volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
|
|
"volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
|
|
"volume_extension:volume_image_metadata": "rule:admin_or_owner",
|
|
|
|
"volume_extension:quotas:show": "",
|
|
"volume_extension:quotas:update": "rule:admin_api",
|
|
"volume_extension:quotas:delete": "rule:admin_api",
|
|
"volume_extension:quota_classes": "rule:admin_api",
|
|
"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
|
|
|
|
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
|
|
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
|
|
"volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
|
|
"volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
|
|
"volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
|
|
"volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
|
|
"volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
|
|
"volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
|
|
"volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
|
|
|
|
"volume_extension:volume_host_attribute": "rule:admin_api",
|
|
"volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
|
|
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
|
|
"volume_extension:hosts": "rule:admin_api",
|
|
"volume_extension:services:index": "rule:admin_api",
|
|
"volume_extension:services:update" : "rule:admin_api",
|
|
|
|
"volume_extension:volume_manage": "rule:admin_api",
|
|
"volume_extension:volume_unmanage": "rule:admin_api",
|
|
|
|
"volume_extension:capabilities": "rule:admin_api",
|
|
|
|
"volume:create_transfer": "rule:admin_or_owner",
|
|
"volume:accept_transfer": "",
|
|
"volume:delete_transfer": "rule:admin_or_owner",
|
|
"volume:get_all_transfers": "rule:admin_or_owner",
|
|
|
|
"volume_extension:replication:promote": "rule:admin_api",
|
|
"volume_extension:replication:reenable": "rule:admin_api",
|
|
|
|
"volume:enable_replication": "rule:admin_api",
|
|
"volume:disable_replication": "rule:admin_api",
|
|
"volume:failover_replication": "rule:admin_api",
|
|
"volume:list_replication_targets": "rule:admin_api",
|
|
|
|
"backup:create" : "",
|
|
"backup:delete": "rule:admin_or_owner",
|
|
"backup:get": "rule:admin_or_owner",
|
|
"backup:get_all": "rule:admin_or_owner",
|
|
"backup:restore": "rule:admin_or_owner",
|
|
"backup:backup-import": "rule:admin_api",
|
|
"backup:backup-export": "rule:admin_api",
|
|
|
|
"snapshot_extension:snapshot_actions:update_snapshot_status": "",
|
|
"snapshot_extension:snapshot_manage": "rule:admin_api",
|
|
"snapshot_extension:snapshot_unmanage": "rule:admin_api",
|
|
|
|
"consistencygroup:create" : "group:nobody",
|
|
"consistencygroup:delete": "group:nobody",
|
|
"consistencygroup:update": "group:nobody",
|
|
"consistencygroup:get": "group:nobody",
|
|
"consistencygroup:get_all": "group:nobody",
|
|
|
|
"consistencygroup:create_cgsnapshot" : "group:nobody",
|
|
"consistencygroup:delete_cgsnapshot": "group:nobody",
|
|
"consistencygroup:get_cgsnapshot": "group:nobody",
|
|
"consistencygroup:get_all_cgsnapshots": "group:nobody",
|
|
|
|
"scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api"
|
|
}
|