From 02eba8995369621ff71d00605af9fb9ac6942a3d Mon Sep 17 00:00:00 2001 From: Felipe Monteiro Date: Wed, 4 Jul 2018 02:11:05 -0400 Subject: [PATCH] Add policy in code documentation for os-set_bootable API This patchset adds policy in code documentation for the os-set_bootable API action, which does not directly [0] enforce any policy. However, it does internally call volume update API via self.volumes_api.update() [1] which in turn enforces the update policy [2]. Thus os-set_bootable indirectly enforces this policy. This is a unique case where an API doesn't enforce something directly, yet where policy still matters for the API to pass successfully. [0] https://github.com/openstack/cinder/blob/52deeff8d2519c1700aa880d3fae0bb0e83ea86c/cinder/api/contrib/volume_actions.py#L310 [1] https://github.com/openstack/cinder/blob/52deeff8d2519c1700aa880d3fae0bb0e83ea86c/cinder/api/contrib/volume_actions.py#L321 [2] https://github.com/openstack/cinder/blob/52deeff8d2519c1700aa880d3fae0bb0e83ea86c/cinder/volume/api.py#L535 Change-Id: I29d54fb391f4e9508d86fc93e84b4b02c1333da0 --- cinder/policies/volumes.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cinder/policies/volumes.py b/cinder/policies/volumes.py index be29f724581..9ae076a57a9 100644 --- a/cinder/policies/volumes.py +++ b/cinder/policies/volumes.py @@ -83,11 +83,17 @@ volumes_policies = [ policy.DocumentedRuleDefault( name=UPDATE_POLICY, check_str=base.RULE_ADMIN_OR_OWNER, - description="Update volume.", + description="Update volume or update a volume's bootable status.", operations=[ { 'method': 'PUT', 'path': '/volumes' + }, + # The API below calls the volume update API internally, which in + # turn enforces the update policy. + { + 'method': 'POST', + 'path': '/volumes/{volume_id}/action (os-set_bootable)' } ]), policy.DocumentedRuleDefault(