Define default neutron policies in code
This blueprint page is used to track the progress of policy-in-code
This is a community wide goal defined in https:/
NOTE: gerrit will automatically convert topic names if we include 'blueprint XXXX' in commit messages, so we don't include blueprint get-policy-
Let's use "policy-
For now, oslo.policy support us to define default policies in code base instead of keep all of them in policy file like the way that oslo.config did.
Then we can add default policies into neutron-lib first and after that, we will/can remove policy.json file in neutron deployment if operators no need to customize the policies.
Blueprint information
- Status:
- Complete
- Approver:
- Miguel Lavalle
- Priority:
- Medium
- Drafter:
- Akihiro Motoki
- Direction:
- Approved
- Assignee:
- Akihiro Motoki
- Definition:
- Approved
- Series goal:
- Accepted for stein
- Implementation:
- Implemented
- Milestone target:
- stein-3
- Started by
- Akihiro Motoki
- Completed by
- Miguel Lavalle
Related branches
Related bugs
Sprints
Whiteboard
we will use this blueprint to track policy-in-code efforts in the neutron stadium.
https:/
https:/
https:/
The work is split into three steps:
- Convert the existing policies defined in policy.json into policy-in-code for all networking projects without changing any behaviors
- Drop "default" rule from the neutron policy (Most projects including nova, cinder and so on no longer has "default" policy)
- Improve policy-in-code documentation using DocumentedRuleD
Gerrit topic: https:/
Addressed by: https:/
policy-in-code support in neutron-lib
Gerrit topic: https:/
Addressed by: https:/
Convert policy.json into policy-in-code
Addressed by: https:/
Convert policy.json into policy-in-code
Addressed by: https:/
Drop 3rd-party plugin specific policies
Addressed by: https:/
Remove unused get_<plural> rules
Addressed by: https:/
doc: Add policy reference
Addressed by: https:/
Convert policy.json into policy-in-code
Addressed by: https:/
doc: Add policy reference
Addressed by: https:/
Convert policy.json into policy-in-code
Addressed by: https:/
Define popular policy rules by constants
Addressed by: https:/
Define popular policy rules by constants (part 2)
Addressed by: https:/
doc: Add policy reference
Addressed by: https:/
Define missing policies for attributes with enforce_policy
Addressed by: https:/
Guideline on defining in-code policies
Addressed by: https:/
doc: Use DocumentedRuleD
Addressed by: https:/
doc: Add policy reference
Addressed by: https:/
Define default policies in code
Addressed by: https:/
Add policy module to neutron-lib