Coverage for manila/policies/shares.py: 100%
44 statements
« prev ^ index » next coverage.py v7.11.0, created at 2026-02-18 22:19 +0000
1# Licensed under the Apache License, Version 2.0 (the "License"); you may
2# not use this file except in compliance with the License. You may obtain
3# a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10# License for the specific language governing permissions and limitations
11# under the License.
13from oslo_log import versionutils
14from oslo_policy import policy
16from manila.common import constants
17from manila.policies import base
20BASE_POLICY_NAME = 'share:%s'
22DEPRECATED_REASON = """
23The share API now supports scope and default roles.
24"""
26# Deprecated share policies
27deprecated_share_create = policy.DeprecatedRule(
28 name=BASE_POLICY_NAME % 'create',
29 check_str="",
30 deprecated_reason=DEPRECATED_REASON,
31 deprecated_since=versionutils.deprecated.WALLABY
32)
33deprecated_share_create_public = policy.DeprecatedRule(
34 name=BASE_POLICY_NAME % 'create_public_share',
35 check_str=base.RULE_ADMIN_API,
36 deprecated_reason=DEPRECATED_REASON,
37 deprecated_since=versionutils.deprecated.WALLABY
38)
39deprecated_share_get = policy.DeprecatedRule(
40 name=BASE_POLICY_NAME % 'get',
41 check_str=base.RULE_DEFAULT,
42 deprecated_reason=DEPRECATED_REASON,
43 deprecated_since=versionutils.deprecated.WALLABY
44)
45deprecated_share_get_all = policy.DeprecatedRule(
46 name=BASE_POLICY_NAME % 'get_all',
47 check_str=base.RULE_DEFAULT,
48 deprecated_reason=DEPRECATED_REASON,
49 deprecated_since=versionutils.deprecated.WALLABY
50)
51deprecated_share_update = policy.DeprecatedRule(
52 name=BASE_POLICY_NAME % 'update',
53 check_str=base.RULE_DEFAULT,
54 deprecated_reason=DEPRECATED_REASON,
55 deprecated_since=versionutils.deprecated.WALLABY
56)
57deprecated_share_set_public = policy.DeprecatedRule(
58 name=BASE_POLICY_NAME % 'set_public_share',
59 check_str=base.RULE_ADMIN_API,
60 deprecated_reason=DEPRECATED_REASON,
61 deprecated_since=versionutils.deprecated.WALLABY
62)
63deprecated_share_delete = policy.DeprecatedRule(
64 name=BASE_POLICY_NAME % 'delete',
65 check_str=base.RULE_DEFAULT,
66 deprecated_reason=DEPRECATED_REASON,
67 deprecated_since=versionutils.deprecated.WALLABY
68)
69deprecated_share_force_delete = policy.DeprecatedRule(
70 name=BASE_POLICY_NAME % 'force_delete',
71 check_str=base.RULE_ADMIN_API,
72 deprecated_reason=DEPRECATED_REASON,
73 deprecated_since=versionutils.deprecated.WALLABY
74)
75deprecated_share_manage = policy.DeprecatedRule(
76 name=BASE_POLICY_NAME % 'manage',
77 check_str=base.RULE_ADMIN_API,
78 deprecated_reason=DEPRECATED_REASON,
79 deprecated_since=versionutils.deprecated.WALLABY
80)
81deprecated_share_unmanage = policy.DeprecatedRule(
82 name=BASE_POLICY_NAME % 'unmanage',
83 check_str=base.RULE_ADMIN_API,
84 deprecated_reason=DEPRECATED_REASON,
85 deprecated_since=versionutils.deprecated.WALLABY
86)
87deprecated_share_list_by_host = policy.DeprecatedRule(
88 name=BASE_POLICY_NAME % 'list_by_host',
89 check_str=base.RULE_ADMIN_API,
90 deprecated_reason=DEPRECATED_REASON,
91 deprecated_since=versionutils.deprecated.WALLABY
92)
93deprecated_share_list_by_server_id = policy.DeprecatedRule(
94 name=BASE_POLICY_NAME % 'list_by_share_server_id',
95 check_str=base.RULE_ADMIN_API,
96 deprecated_reason=DEPRECATED_REASON,
97 deprecated_since=versionutils.deprecated.WALLABY
98)
99deprecated_share_access_get = policy.DeprecatedRule(
100 name=BASE_POLICY_NAME % 'access_get',
101 check_str=base.RULE_DEFAULT,
102 deprecated_reason=DEPRECATED_REASON,
103 deprecated_since=versionutils.deprecated.WALLABY
104)
105deprecated_share_access_get_all = policy.DeprecatedRule(
106 name=BASE_POLICY_NAME % 'access_get_all',
107 check_str=base.RULE_DEFAULT,
108 deprecated_reason=DEPRECATED_REASON,
109 deprecated_since=versionutils.deprecated.WALLABY
110)
111deprecated_share_extend = policy.DeprecatedRule(
112 name=BASE_POLICY_NAME % 'extend',
113 check_str=base.RULE_DEFAULT,
114 deprecated_reason=DEPRECATED_REASON,
115 deprecated_since=versionutils.deprecated.WALLABY
116)
117deprecated_share_shrink = policy.DeprecatedRule(
118 name=BASE_POLICY_NAME % 'shrink',
119 check_str=base.RULE_DEFAULT,
120 deprecated_reason=DEPRECATED_REASON,
121 deprecated_since=versionutils.deprecated.WALLABY
122)
123deprecated_share_migration_start = policy.DeprecatedRule(
124 name=BASE_POLICY_NAME % 'migration_start',
125 check_str=base.RULE_ADMIN_API,
126 deprecated_reason=DEPRECATED_REASON,
127 deprecated_since=versionutils.deprecated.WALLABY
128)
129deprecated_share_migration_complete = policy.DeprecatedRule(
130 name=BASE_POLICY_NAME % 'migration_complete',
131 check_str=base.RULE_ADMIN_API,
132 deprecated_reason=DEPRECATED_REASON,
133 deprecated_since=versionutils.deprecated.WALLABY
134)
135deprecated_share_migration_cancel = policy.DeprecatedRule(
136 name=BASE_POLICY_NAME % 'migration_cancel',
137 check_str=base.RULE_ADMIN_API,
138 deprecated_reason=DEPRECATED_REASON,
139 deprecated_since=versionutils.deprecated.WALLABY
140)
141deprecated_share_migration_get_progress = policy.DeprecatedRule(
142 name=BASE_POLICY_NAME % 'migration_get_progress',
143 check_str=base.RULE_ADMIN_API,
144 deprecated_reason=DEPRECATED_REASON,
145 deprecated_since=versionutils.deprecated.WALLABY
146)
147deprecated_share_reset_task_state = policy.DeprecatedRule(
148 name=BASE_POLICY_NAME % 'reset_task_state',
149 check_str=base.RULE_ADMIN_API,
150 deprecated_reason=DEPRECATED_REASON,
151 deprecated_since=versionutils.deprecated.WALLABY
152)
153deprecated_share_reset_status = policy.DeprecatedRule(
154 name=BASE_POLICY_NAME % 'reset_status',
155 check_str=base.RULE_ADMIN_API,
156 deprecated_reason=DEPRECATED_REASON,
157 deprecated_since=versionutils.deprecated.WALLABY
158)
159deprecated_share_revert_to_snapshot = policy.DeprecatedRule(
160 name=BASE_POLICY_NAME % 'revert_to_snapshot',
161 check_str=base.RULE_DEFAULT,
162 deprecated_reason=DEPRECATED_REASON,
163 deprecated_since=versionutils.deprecated.WALLABY
164)
165deprecated_share_allow_access = policy.DeprecatedRule(
166 name=BASE_POLICY_NAME % 'allow_access',
167 check_str=base.RULE_DEFAULT,
168 deprecated_reason=DEPRECATED_REASON,
169 deprecated_since=versionutils.deprecated.WALLABY
170)
171deprecated_share_deny_access = policy.DeprecatedRule(
172 name=BASE_POLICY_NAME % 'deny_access',
173 check_str=base.RULE_DEFAULT,
174 deprecated_reason=DEPRECATED_REASON,
175 deprecated_since=versionutils.deprecated.WALLABY
176)
177deprecated_share_update_metadata = policy.DeprecatedRule(
178 name=BASE_POLICY_NAME % 'update_share_metadata',
179 check_str=base.RULE_DEFAULT,
180 deprecated_reason=DEPRECATED_REASON,
181 deprecated_since=versionutils.deprecated.WALLABY
182)
183deprecated_share_delete_metadata = policy.DeprecatedRule(
184 name=BASE_POLICY_NAME % 'delete_share_metadata',
185 check_str=base.RULE_DEFAULT,
186 deprecated_reason=DEPRECATED_REASON,
187 deprecated_since=versionutils.deprecated.WALLABY
188)
189deprecated_share_get_metadata = policy.DeprecatedRule(
190 name=BASE_POLICY_NAME % 'get_share_metadata',
191 check_str=base.RULE_DEFAULT,
192 deprecated_reason=DEPRECATED_REASON,
193 deprecated_since=versionutils.deprecated.WALLABY
194)
196# deprecated legacy snapshot policies with "share" as base resource
197deprecated_share_create_snapshot = policy.DeprecatedRule(
198 name=BASE_POLICY_NAME % 'create_snapshot',
199 check_str=base.RULE_DEFAULT,
200 deprecated_reason=DEPRECATED_REASON,
201 deprecated_since=versionutils.deprecated.WALLABY
202)
203deprecated_share_delete_snapshot = policy.DeprecatedRule(
204 name=BASE_POLICY_NAME % 'delete_snapshot',
205 check_str=base.RULE_DEFAULT,
206 deprecated_reason=DEPRECATED_REASON,
207 deprecated_since=versionutils.deprecated.WALLABY
208)
209deprecated_share_snapshot_update = policy.DeprecatedRule(
210 name=BASE_POLICY_NAME % 'snapshot_update',
211 check_str=base.RULE_DEFAULT,
212 deprecated_reason=DEPRECATED_REASON,
213 deprecated_since=versionutils.deprecated.WALLABY
214)
216deprecated_update_admin_only_metadata = policy.DeprecatedRule(
217 name=BASE_POLICY_NAME % 'update_admin_only_metadata',
218 check_str=base.RULE_ADMIN_API,
219 deprecated_reason=DEPRECATED_REASON,
220 deprecated_since="YOGA"
221)
223deprecated_list_shares_in_deferred_deletion_states = policy.DeprecatedRule(
224 name=BASE_POLICY_NAME % 'list_shares_in_deferred_deletion_states',
225 check_str=base.RULE_ADMIN_API,
226 deprecated_reason=DEPRECATED_REASON,
227 deprecated_since='2024.1/Caracal'
228)
230deprecated_list_all_projects = policy.DeprecatedRule(
231 name=BASE_POLICY_NAME % 'list_all_projects',
232 check_str=base.RULE_ADMIN_API,
233 deprecated_reason=DEPRECATED_REASON,
234 deprecated_since='2025.1/Epoxy'
235)
237shares_policies = [
238 policy.DocumentedRuleDefault(
239 name=BASE_POLICY_NAME % 'create',
240 check_str=base.ADMIN_OR_PROJECT_MEMBER,
241 scope_types=['project'],
242 description="Create share.",
243 operations=[
244 {
245 'method': 'POST',
246 'path': '/shares',
247 }
248 ],
249 deprecated_rule=deprecated_share_create
250 ),
251 policy.DocumentedRuleDefault(
252 name=BASE_POLICY_NAME % 'create_public_share',
253 check_str=base.ADMIN,
254 scope_types=['project'],
255 description="Create shares visible across all projects in the cloud.",
256 operations=[
257 {
258 'method': 'POST',
259 'path': '/shares',
260 }
261 ],
262 deprecated_rule=deprecated_share_create_public
263 ),
264 policy.DocumentedRuleDefault(
265 name=BASE_POLICY_NAME % 'get',
266 check_str=base.ADMIN_OR_PROJECT_READER,
267 scope_types=['project'],
268 description="Get share.",
269 operations=[
270 {
271 'method': 'GET',
272 'path': '/shares/{share_id}',
273 }
274 ],
275 deprecated_rule=deprecated_share_get
276 ),
277 policy.DocumentedRuleDefault(
278 name=BASE_POLICY_NAME % 'get_all',
279 check_str=base.ADMIN_OR_PROJECT_READER,
280 scope_types=['project'],
281 description="List shares.",
282 operations=[
283 {
284 'method': 'GET',
285 'path': '/shares?{query}',
286 },
287 {
288 'method': 'GET',
289 'path': '/shares/detail?{query}',
290 }
291 ],
292 deprecated_rule=deprecated_share_get_all
293 ),
294 policy.DocumentedRuleDefault(
295 name=BASE_POLICY_NAME % 'update',
296 check_str=base.ADMIN_OR_PROJECT_MEMBER,
297 scope_types=['project'],
298 description="Update a share.",
299 operations=[
300 {
301 'method': 'PUT',
302 'path': '/shares/{share_id}',
303 }
304 ],
305 deprecated_rule=deprecated_share_update
306 ),
307 policy.DocumentedRuleDefault(
308 name=BASE_POLICY_NAME % 'set_public_share',
309 check_str=base.ADMIN,
310 scope_types=['project'],
311 description="Update a share to be visible across all projects in the "
312 "cloud.",
313 operations=[
314 {
315 'method': 'PUT',
316 'path': '/shares/{share_id}',
317 }
318 ],
319 deprecated_rule=deprecated_share_set_public
320 ),
321 policy.DocumentedRuleDefault(
322 name=BASE_POLICY_NAME % 'delete',
323 check_str=base.ADMIN_OR_PROJECT_MEMBER,
324 scope_types=['project'],
325 description="Delete share.",
326 operations=[
327 {
328 'method': 'DELETE',
329 'path': '/shares/{share_id}',
330 }
331 ],
332 deprecated_rule=deprecated_share_delete
333 ),
334 policy.DocumentedRuleDefault(
335 name=BASE_POLICY_NAME % 'soft_delete',
336 check_str=base.ADMIN_OR_PROJECT_MEMBER,
337 scope_types=['project'],
338 description="Soft Delete a share.",
339 operations=[
340 {
341 'method': 'POST',
342 'path': '/shares/{share_id}/action',
343 }
344 ],
345 ),
346 policy.DocumentedRuleDefault(
347 name=BASE_POLICY_NAME % 'restore',
348 check_str=base.ADMIN_OR_PROJECT_MEMBER,
349 scope_types=['project'],
350 description="Restore a share.",
351 operations=[
352 {
353 'method': 'POST',
354 'path': '/shares/{share_id}/action',
355 }
356 ],
357 ),
358 policy.DocumentedRuleDefault(
359 name=BASE_POLICY_NAME % 'force_delete',
360 check_str=base.ADMIN,
361 scope_types=['project'],
362 description="Force Delete a share.",
363 operations=[
364 {
365 'method': 'DELETE',
366 'path': '/shares/{share_id}',
367 }
368 ],
369 deprecated_rule=deprecated_share_force_delete
370 ),
371 policy.DocumentedRuleDefault(
372 name=BASE_POLICY_NAME % 'manage',
373 check_str=base.ADMIN,
374 scope_types=['project'],
375 description="Manage share.",
376 operations=[
377 {
378 'method': 'POST',
379 'path': '/shares/manage',
380 }
381 ],
382 deprecated_rule=deprecated_share_manage
383 ),
384 policy.DocumentedRuleDefault(
385 name=BASE_POLICY_NAME % 'unmanage',
386 check_str=base.ADMIN,
387 scope_types=['project'],
388 description="Unmanage share.",
389 operations=[
390 {
391 'method': 'POST',
392 'path': '/shares/unmanage',
393 }
394 ],
395 deprecated_rule=deprecated_share_unmanage
396 ),
397 policy.DocumentedRuleDefault(
398 name=BASE_POLICY_NAME % 'list_by_host',
399 check_str=base.ADMIN,
400 scope_types=['project'],
401 description="List share by host.",
402 operations=[
403 {
404 'method': 'GET',
405 'path': '/shares?host={host}',
406 },
407 {
408 'method': 'GET',
409 'path': '/shares/detail?host={host}',
410 }
411 ],
412 deprecated_rule=deprecated_share_list_by_host
413 ),
414 policy.DocumentedRuleDefault(
415 name=BASE_POLICY_NAME % 'list_by_share_server_id',
416 check_str=base.ADMIN,
417 scope_types=['project'],
418 description="List share by server id.",
419 operations=[
420 {
421 'method': 'GET',
422 'path': '/shares?share_server_id={share_server_id}'
423 },
424 {
425 'method': 'GET',
426 'path': '/shares/detail?share_server_id={share_server_id}',
427 }
428 ],
429 deprecated_rule=deprecated_share_list_by_server_id
430 ),
431 policy.DocumentedRuleDefault(
432 name=BASE_POLICY_NAME % 'access_get',
433 check_str=base.ADMIN_OR_PROJECT_READER,
434 scope_types=['project'],
435 description="Get share access rule (deprecated in API version 2.45).",
436 operations=[
437 {
438 'method': 'POST',
439 'path': '/shares/{share_id}/action',
440 }
441 ],
442 deprecated_rule=deprecated_share_access_get
443 ),
444 policy.DocumentedRuleDefault(
445 name=BASE_POLICY_NAME % 'access_get_all',
446 check_str=base.ADMIN_OR_PROJECT_READER,
447 scope_types=['project'],
448 description=("List share access rules (deprecated in API "
449 "version 2.45)."),
450 operations=[
451 {
452 'method': 'GET',
453 'path': '/shares/{share_id}/action',
454 }
455 ],
456 deprecated_rule=deprecated_share_access_get_all
457 ),
458 policy.DocumentedRuleDefault(
459 name=BASE_POLICY_NAME % 'extend',
460 check_str=base.ADMIN_OR_PROJECT_MEMBER,
461 scope_types=['project'],
462 description="Extend share.",
463 operations=[
464 {
465 'method': 'POST',
466 'path': '/shares/{share_id}/action',
467 }
468 ],
469 deprecated_rule=deprecated_share_extend
470 ),
471 policy.DocumentedRuleDefault(
472 name=BASE_POLICY_NAME % 'force_extend',
473 check_str=base.ADMIN,
474 scope_types=['project'],
475 description="Force extend share.",
476 operations=[
477 {
478 'method': 'POST',
479 'path': '/shares/{share_id}/action',
480 }
481 ]),
482 policy.DocumentedRuleDefault(
483 name=BASE_POLICY_NAME % constants.POLICY_EXTEND_BEYOND_MAX_SHARE_SIZE,
484 check_str=base.ADMIN,
485 scope_types=['project'],
486 description="Extend share beyond max share size.",
487 operations=[
488 {
489 'method': 'POST',
490 'path': '/shares/{share_id}/action',
491 }
492 ]),
493 policy.DocumentedRuleDefault(
494 name=BASE_POLICY_NAME % 'shrink',
495 check_str=base.ADMIN_OR_PROJECT_MEMBER,
496 scope_types=['project'],
497 description="Shrink share.",
498 operations=[
499 {
500 'method': 'POST',
501 'path': '/shares/{share_id}/action',
502 }
503 ],
504 deprecated_rule=deprecated_share_shrink
505 ),
506 policy.DocumentedRuleDefault(
507 name=BASE_POLICY_NAME % 'migration_start',
508 check_str=base.ADMIN,
509 scope_types=['project'],
510 description="Migrate a share to the specified host.",
511 operations=[
512 {
513 'method': 'POST',
514 'path': '/shares/{share_id}/action',
515 }
516 ],
517 deprecated_rule=deprecated_share_migration_start
518 ),
519 policy.DocumentedRuleDefault(
520 name=BASE_POLICY_NAME % 'migration_complete',
521 check_str=base.ADMIN,
522 scope_types=['project'],
523 description="Invoke 2nd phase of share migration.",
524 operations=[
525 {
526 'method': 'POST',
527 'path': '/shares/{share_id}/action',
528 }
529 ],
530 deprecated_rule=deprecated_share_migration_complete
531 ),
532 policy.DocumentedRuleDefault(
533 name=BASE_POLICY_NAME % 'migration_cancel',
534 check_str=base.ADMIN,
535 scope_types=['project'],
536 description="Attempt to cancel share migration.",
537 operations=[
538 {
539 'method': 'POST',
540 'path': '/shares/{share_id}/action',
541 }
542 ],
543 deprecated_rule=deprecated_share_migration_cancel
544 ),
545 policy.DocumentedRuleDefault(
546 name=BASE_POLICY_NAME % 'migration_get_progress',
547 check_str=base.ADMIN,
548 scope_types=['project'],
549 description=("Retrieve share migration progress for a given "
550 "share."),
551 operations=[
552 {
553 'method': 'POST',
554 'path': '/shares/{share_id}/action',
555 }
556 ],
557 deprecated_rule=deprecated_share_migration_get_progress
558 ),
559 policy.DocumentedRuleDefault(
560 name=BASE_POLICY_NAME % 'reset_task_state',
561 check_str=base.ADMIN,
562 scope_types=['project'],
563 description="Reset task state.",
564 operations=[
565 {
566 'method': 'POST',
567 'path': '/shares/{share_id}/action',
568 }
569 ],
570 deprecated_rule=deprecated_share_reset_task_state
571 ),
572 policy.DocumentedRuleDefault(
573 name=BASE_POLICY_NAME % 'reset_status',
574 check_str=base.ADMIN,
575 scope_types=['project'],
576 description="Reset status.",
577 operations=[
578 {
579 'method': 'POST',
580 'path': '/shares/{share_id}/action',
581 }
582 ],
583 deprecated_rule=deprecated_share_reset_status
584 ),
585 policy.DocumentedRuleDefault(
586 name=BASE_POLICY_NAME % 'revert_to_snapshot',
587 check_str=base.ADMIN_OR_PROJECT_MEMBER,
588 scope_types=['project'],
589 description="Revert a share to a snapshot.",
590 operations=[
591 {
592 'method': 'POST',
593 'path': '/shares/{share_id}/action',
594 }
595 ],
596 deprecated_rule=deprecated_share_revert_to_snapshot
597 ),
598 policy.DocumentedRuleDefault(
599 name=BASE_POLICY_NAME % 'allow_access',
600 check_str=base.ADMIN_OR_PROJECT_MEMBER,
601 scope_types=['project'],
602 description="Add share access rule.",
603 operations=[
604 {
605 'method': 'POST',
606 'path': '/shares/{share_id}/action',
607 }
608 ],
609 deprecated_rule=deprecated_share_allow_access
610 ),
611 policy.DocumentedRuleDefault(
612 name=BASE_POLICY_NAME % 'deny_access',
613 check_str=base.ADMIN_OR_PROJECT_MEMBER,
614 scope_types=['project'],
615 description="Remove share access rule.",
616 operations=[
617 {
618 'method': 'POST',
619 'path': '/shares/{share_id}/action',
620 }
621 ],
622 deprecated_rule=deprecated_share_deny_access
623 ),
624 policy.DocumentedRuleDefault(
625 name=BASE_POLICY_NAME % 'update_share_metadata',
626 check_str=base.ADMIN_OR_PROJECT_MEMBER,
627 scope_types=['project'],
628 description="Update share metadata.",
629 operations=[
630 {
631 'method': 'PUT',
632 'path': '/shares/{share_id}/metadata',
633 },
634 {
635 'method': 'POST',
636 'path': '/shares/{share_id}/metadata/{key}',
637 },
638 {
639 'method': 'POST',
640 'path': '/shares/{share_id}/metadata',
641 },
642 ],
643 deprecated_rule=deprecated_share_update_metadata
644 ),
645 policy.DocumentedRuleDefault(
646 name=BASE_POLICY_NAME % 'delete_share_metadata',
647 check_str=base.ADMIN_OR_PROJECT_MEMBER,
648 scope_types=['project'],
649 description="Delete share metadata.",
650 operations=[
651 {
652 'method': 'DELETE',
653 'path': '/shares/{share_id}/metadata/{key}',
654 }
655 ],
656 deprecated_rule=deprecated_share_delete_metadata
657 ),
658 policy.DocumentedRuleDefault(
659 name=BASE_POLICY_NAME % 'get_share_metadata',
660 check_str=base.ADMIN_OR_PROJECT_READER,
661 scope_types=['project'],
662 description="Get share metadata.",
663 operations=[
664 {
665 'method': 'GET',
666 'path': '/shares/{share_id}/metadata',
667 },
668 {
669 'method': 'GET',
670 'path': '/shares/{share_id}/metadata/{key}',
671 }
672 ],
673 deprecated_rule=deprecated_share_get_metadata
674 ),
675 policy.DocumentedRuleDefault(
676 name=BASE_POLICY_NAME % 'list_shares_in_deferred_deletion_states',
677 check_str=base.ADMIN,
678 scope_types=['project'],
679 description="List (or get) shares whose deletion has been deferred",
680 operations=[
681 {
682 'method': 'GET',
683 'path': '/v2/shares',
684 },
685 {
686 'method': 'GET',
687 'path': '/shares/{share_id}',
688 }
689 ],
690 deprecated_rule=deprecated_list_shares_in_deferred_deletion_states
691 ),
692 policy.DocumentedRuleDefault(
693 name=BASE_POLICY_NAME % 'list_all_projects',
694 check_str=base.ADMIN,
695 scope_types=['project'],
696 description="List share by all projects.",
697 operations=[
698 {
699 'method': 'GET',
700 'path': '/shares?all_tenants=1',
701 },
702 {
703 'method': 'GET',
704 'path': '/shares/detail?all_tenants=1',
705 }
706 ],
707 deprecated_rule=deprecated_list_all_projects
708 ),
710]
712# NOTE(gouthamr) For historic reasons, some snapshot policies used
713# "share" as the resource. We could deprecate these and move them to using
714# "share_snapshot" as the base resource in the future.
715base_snapshot_policies = [
716 policy.DocumentedRuleDefault(
717 name=BASE_POLICY_NAME % 'create_snapshot',
718 check_str=base.ADMIN_OR_PROJECT_MEMBER,
719 scope_types=['project'],
720 description="Create share snapshot.",
721 operations=[
722 {
723 'method': 'POST',
724 'path': '/snapshots',
725 }
726 ],
727 deprecated_rule=deprecated_share_create_snapshot
728 ),
729 policy.DocumentedRuleDefault(
730 name=BASE_POLICY_NAME % 'delete_snapshot',
731 check_str=base.ADMIN_OR_PROJECT_MEMBER,
732 scope_types=['project'],
733 description="Delete share snapshot.",
734 operations=[
735 {
736 'method': 'DELETE',
737 'path': '/snapshots/{snapshot_id}',
738 }
739 ],
740 deprecated_rule=deprecated_share_delete_snapshot
741 ),
742 policy.DocumentedRuleDefault(
743 name=BASE_POLICY_NAME % 'snapshot_update',
744 check_str=base.ADMIN_OR_PROJECT_MEMBER,
745 scope_types=['project'],
746 description="Update share snapshot.",
747 operations=[
748 {
749 'method': 'PUT',
750 'path': '/snapshots/{snapshot_id}/action',
751 }
752 ],
753 deprecated_rule=deprecated_share_snapshot_update
754 ),
755 policy.DocumentedRuleDefault(
756 name=BASE_POLICY_NAME % 'update_admin_only_metadata',
757 check_str=base.ADMIN,
758 scope_types=['project'],
759 description=(
760 "Update metadata items that are considered \"admin only\" "
761 "by the service."),
762 operations=[
763 {
764 'method': 'PUT',
765 'path': '/shares/{share_id}/metadata',
766 }
767 ],
768 deprecated_rule=deprecated_update_admin_only_metadata
769 ),
770]
773def list_rules():
774 return shares_policies + base_snapshot_policies