API: Policy should be enforced at API layer where possible (partial)
Where possible policy should be enforced at the API layer rather than say in the db or compute layer.
This is continue work for kilo policy works https:/
Blueprint information
- Status:
- Complete
- Approver:
- John Garbutt
- Priority:
- High
- Drafter:
- Alex Xu
- Direction:
- Approved
- Assignee:
- Alex Xu
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
- Implemented
- Milestone target:
- 12.0.0
- Started by
- John Garbutt
- Completed by
- John Garbutt
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
API: Policy should be enforced at API layer where possible(final part)
Gerrit topic: https:/
Addressed by: https:/
Move unlock_override policy enforcement into V2.1 REST API layer
Addressed by: https:/
Remove db layer hard-code permission checks for service_
Addressed by: https:/
Remove db layer hard-code permission checks for service_
Addressed by: https:/
Remove db layer hard-code permission checks for network_
Addressed by: https:/
API: remove admin require from compute_
Addressed by: https:/
Remove db layer hard-code permission checks for v2.1 cells
Addressed by: https:/
API: remove admin require for compute_
Addressed by: https:/
API: remove admin require for compute_
Addressed by: https:/
API: Add policy enforcement test cases for pci API
Addressed by: https:/
Remove db layer hard-code permission checks for keypair_*
Addressed by: https:/
Disassociate before delete network in os-tenant-networks delete method
Addressed by: https:/
Remove db layer hard-code permission checks for network_associate
Addressed by: https:/
Remove db layer hard-code permission checks for network_create_safe
Addressed by: https:/
Pass project_id when create networks by os-tenant-networks
Addressed by: https:/
Remove db layer hard-code permission checks for quota_class_
Addressed by: https:/
Remove db layer hard-code permission checks for quota_class_
Addressed by: https:/
Cleanup quota_class unittest with appropriate request context
Addressed by: https:/
Remove db layer hard-code permission checks for quota_get_all_*
Addressed by: https:/
Remove db layer hard-code permission checks for quota_create/update
Addressed by: https:/
Remove db layer hard-code permission checks for quota_destroy_all_*
Addressed by: https:/
Remove db layer hard-code permission checks for quota_usage_update
Addressed by: https:/
Remove db layer hard-code permission checks for floating_ip_dns
Addressed by: https:/
Remove db layer hard-code permission checks for network_
Addressed by: https:/
Remove db layer hard-code permission checks for network_set_host
Gerrit topic: https:/
Addressed by: https:/
Remove db layer hard-code permission checks for fixed_ip_
Addressed by: https:/
Remove db layer hard-code permission checks for floating_ips_bulk
Addressed by: https:/
Remove db layer hard-code permission checks for security_
Addressed by: https:/
Remove db layer hard-code permission checks for security_
Addressed by: https:/
Remove db layer hard-code permission checks for network_
Addressed by: https:/
Remove db layer hard-code permission checks for fixed_ip_get_*
Addressed by: https:/
API: remove admin require from certificate_* from db layer
Addressed by: https:/
API: remove compute_
Addressed by: https:/
Remove policy check security_
Addressed by: https:/
Remove cell policy check
Addressed by: https:/
Remove useless db call instance_
Addressed by: https:/
Remove useless db call instance_
Addressed by: https:/
Remove db layer hard-code permission checks for reservation_expire
Addressed by: https:/
Remove db layer hard-code permission checks for archive_
Addressed by: https:/
Remove db layer hard-code permission checks for provider_fw_rule_*
Addressed by: https:/
Remove the useless require_
Addressed by: https:/
Remove db layer hard-code permission checks for instance_
Addressed by: https:/
Remove db layer hard-code permission checks for instance_