[DOC BLD FIX] Fix remote-code-block warnings

There were a number of configuration sample files (i.e. rootwrap.conf, policy.json and api-paste.ini) that were trying to be included with the remote-code-block directive which is no longer supported. I have copied over the latest sample files for Pike and made them .inc files. In the future these should be dynamically created, but at this point we just need to get something out there to fix the Sphinx build warnings. The work to make things dynamically generated requires more invasive changes like policy-in-code. I also discovered that the link from the landing page for the configuration page had a broken link to the sample cinder.conf file. I fix that problem in this patch as well. Change-Id: I2b587abbdeaee1cfe32b100c98d99131759c2171
2017-08-28 14:58:13 -05:00 · 2017-08-28 14:58:13 -05:00 · bd22a5d61e
commit bd22a5d61e
parent 8db6335bb5
7 changed files with 269 additions and 10 deletions
--- a/doc/source/configuration/block-storage/samples/api-paste.ini.inc
+++ b/doc/source/configuration/block-storage/samples/api-paste.ini.inc
@ -0,0 +1,75 @@
+#############
+# OpenStack #
+#############
+
+[composite:osapi_volume]
+use = call:cinder.api:root_app_factory
+/: apiversions
+/v1: openstack_volume_api_v1
+/v2: openstack_volume_api_v2
+/v3: openstack_volume_api_v3
+
+[composite:openstack_volume_api_v1]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
+
+[composite:openstack_volume_api_v2]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
+
+[composite:openstack_volume_api_v3]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
+keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
+
+[filter:request_id]
+paste.filter_factory = oslo_middleware.request_id:RequestId.factory
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = cinder
+
+[filter:faultwrap]
+paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+
+[filter:noauth]
+paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
+
+[app:apiv1]
+paste.app_factory = cinder.api.v1.router:APIRouter.factory
+
+[app:apiv2]
+paste.app_factory = cinder.api.v2.router:APIRouter.factory
+
+[app:apiv3]
+paste.app_factory = cinder.api.v3.router:APIRouter.factory
+
+[pipeline:apiversions]
+pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = cinder.api.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
--- a/doc/source/configuration/block-storage/samples/api-paste.ini.rst
+++ b/doc/source/configuration/block-storage/samples/api-paste.ini.rst
@ -5,6 +5,4 @@ api-paste.ini
 Use the ``api-paste.ini`` file to configure the Block Storage API
 service.

-.. remote-code-block:: none
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/api-paste.ini?h=stable/ocata
+.. literalinclude:: api-paste.ini.inc
--- a/doc/source/configuration/block-storage/samples/policy.json.inc
+++ b/doc/source/configuration/block-storage/samples/policy.json.inc
@ -0,0 +1,162 @@
+{
+    "admin_or_owner":  "is_admin:True or (role:admin and is_admin_project:True) or  project_id:%(project_id)s",
+    "default": "rule:admin_or_owner",
+
+    "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
+
+    "volume:create": "",
+    "volume:create_from_image": "",
+    "volume:delete": "rule:admin_or_owner",
+    "volume:force_delete": "rule:admin_api",
+    "volume:get": "rule:admin_or_owner",
+    "volume:get_all": "rule:admin_or_owner",
+    "volume:get_volume_metadata": "rule:admin_or_owner",
+    "volume:create_volume_metadata": "rule:admin_or_owner",
+    "volume:delete_volume_metadata": "rule:admin_or_owner",
+    "volume:update_volume_metadata": "rule:admin_or_owner",
+    "volume:get_volume_admin_metadata": "rule:admin_api",
+    "volume:update_volume_admin_metadata": "rule:admin_api",
+    "volume:get_snapshot": "rule:admin_or_owner",
+    "volume:get_all_snapshots": "rule:admin_or_owner",
+    "volume:create_snapshot": "rule:admin_or_owner",
+    "volume:delete_snapshot": "rule:admin_or_owner",
+    "volume:update_snapshot": "rule:admin_or_owner",
+    "volume:get_snapshot_metadata": "rule:admin_or_owner",
+    "volume:delete_snapshot_metadata": "rule:admin_or_owner",
+    "volume:update_snapshot_metadata": "rule:admin_or_owner",
+    "volume:extend": "rule:admin_or_owner",
+    "volume:extend_attached_volume": "rule:admin_or_owner",
+    "volume:update_readonly_flag": "rule:admin_or_owner",
+    "volume:retype": "rule:admin_or_owner",
+    "volume:update": "rule:admin_or_owner",
+    "volume:revert_to_snapshot": "rule:admin_or_owner",
+
+    "volume_extension:types_manage": "rule:admin_api",
+    "volume_extension:types_extra_specs:create": "rule:admin_api",
+    "volume_extension:types_extra_specs:delete": "rule:admin_api",
+    "volume_extension:types_extra_specs:index": "rule:admin_api",
+    "volume_extension:types_extra_specs:show": "rule:admin_api",
+    "volume_extension:types_extra_specs:update": "rule:admin_api",
+    "volume_extension:access_types_qos_specs_id": "rule:admin_api",
+    "volume_extension:access_types_extra_specs": "rule:admin_api",
+    "volume_extension:volume_type_access": "rule:admin_or_owner",
+    "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
+    "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
+    "volume_extension:volume_type_encryption": "rule:admin_api",
+    "volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
+    "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
+    "volume_extension:volume_image_metadata": "rule:admin_or_owner",
+
+    "volume_extension:qos_specs_manage:create": "rule:admin_api",
+    "volume_extension:qos_specs_manage:get": "rule:admin_api",
+    "volume_extension:qos_specs_manage:get_all": "rule:admin_api",
+    "volume_extension:qos_specs_manage:update": "rule:admin_api",
+    "volume_extension:qos_specs_manage:delete": "rule:admin_api",
+
+    "volume_extension:quotas:show": "",
+    "volume_extension:quotas:update": "rule:admin_api",
+    "volume_extension:quotas:delete": "rule:admin_api",
+    "volume_extension:quota_classes": "rule:admin_api",
+    "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
+
+    "volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
+    "volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
+    "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
+    "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
+    "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
+
+    "volume_extension:volume_actions:upload_public": "rule:admin_api",
+    "volume_extension:volume_actions:upload_image": "rule:admin_or_owner",
+
+    "volume_extension:volume_host_attribute": "rule:admin_api",
+    "volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
+    "volume_extension:volume_mig_status_attribute": "rule:admin_api",
+    "volume_extension:hosts": "rule:admin_api",
+    "volume_extension:services:index": "rule:admin_api",
+    "volume_extension:services:update" : "rule:admin_api",
+
+    "volume_extension:volume_manage": "rule:admin_api",
+    "volume_extension:volume_unmanage": "rule:admin_api",
+    "volume_extension:list_manageable": "rule:admin_api",
+
+    "volume_extension:capabilities": "rule:admin_api",
+
+    "volume:create_transfer": "rule:admin_or_owner",
+    "volume:accept_transfer": "",
+    "volume:delete_transfer": "rule:admin_or_owner",
+    "volume:get_transfer": "rule:admin_or_owner",
+    "volume:get_all_transfers": "rule:admin_or_owner",
+
+    "volume:failover_host": "rule:admin_api",
+    "volume:freeze_host": "rule:admin_api",
+    "volume:thaw_host": "rule:admin_api",
+
+    "backup:create" : "",
+    "backup:delete": "rule:admin_or_owner",
+    "backup:get": "rule:admin_or_owner",
+    "backup:get_all": "rule:admin_or_owner",
+    "backup:restore": "rule:admin_or_owner",
+    "backup:backup-import": "rule:admin_api",
+    "backup:backup-export": "rule:admin_api",
+    "backup:update": "rule:admin_or_owner",
+    "backup:backup_project_attribute": "rule:admin_api",
+
+    "volume:attachment_create": "",
+    "volume:attachment_update": "rule:admin_or_owner",
+    "volume:attachment_delete": "rule:admin_or_owner",
+
+    "snapshot_extension:snapshot_actions:update_snapshot_status": "",
+    "snapshot_extension:snapshot_manage": "rule:admin_api",
+    "snapshot_extension:snapshot_unmanage": "rule:admin_api",
+    "snapshot_extension:list_manageable": "rule:admin_api",
+
+    "consistencygroup:create" : "group:nobody",
+    "consistencygroup:delete": "group:nobody",
+    "consistencygroup:update": "group:nobody",
+    "consistencygroup:get": "group:nobody",
+    "consistencygroup:get_all": "group:nobody",
+
+    "consistencygroup:create_cgsnapshot" : "group:nobody",
+    "consistencygroup:delete_cgsnapshot": "group:nobody",
+    "consistencygroup:get_cgsnapshot": "group:nobody",
+    "consistencygroup:get_all_cgsnapshots": "group:nobody",
+
+    "group:group_types_manage": "rule:admin_api",
+    "group:group_types_specs": "rule:admin_api",
+    "group:access_group_types_specs": "rule:admin_api",
+    "group:group_type_access": "rule:admin_or_owner",
+
+    "group:create" : "",
+    "group:delete": "rule:admin_or_owner",
+    "group:update": "rule:admin_or_owner",
+    "group:get": "rule:admin_or_owner",
+    "group:get_all": "rule:admin_or_owner",
+
+    "group:create_group_snapshot": "",
+    "group:delete_group_snapshot": "rule:admin_or_owner",
+    "group:update_group_snapshot": "rule:admin_or_owner",
+    "group:get_group_snapshot": "rule:admin_or_owner",
+    "group:get_all_group_snapshots": "rule:admin_or_owner",
+    "group:reset_group_snapshot_status":"rule:admin_api",
+    "group:reset_status":"rule:admin_api",
+
+    "group:enable_replication": "rule:admin_or_owner",
+    "group:disable_replication": "rule:admin_or_owner",
+    "group:failover_replication": "rule:admin_or_owner",
+    "group:list_replication_targets": "rule:admin_or_owner",
+
+    "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
+    "message:delete": "rule:admin_or_owner",
+    "message:get": "rule:admin_or_owner",
+    "message:get_all": "rule:admin_or_owner",
+
+    "clusters:get": "rule:admin_api",
+    "clusters:get_all": "rule:admin_api",
+    "clusters:update": "rule:admin_api",
+
+    "workers:cleanup": "rule:admin_api"
+}
--- a/doc/source/configuration/block-storage/samples/policy.json.rst
+++ b/doc/source/configuration/block-storage/samples/policy.json.rst
@ -5,6 +5,4 @@ policy.json
 The ``policy.json`` file defines additional access controls that apply
 to the Block Storage service.

-.. remote-code-block:: none
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/policy.json?h=stable/ocata
+.. literalinclude:: policy.json.inc
--- a/doc/source/configuration/block-storage/samples/rootwrap.conf.inc
+++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.inc
@ -0,0 +1,28 @@
+# Configuration for cinder-rootwrap
+# This file should be owned by (and only-writeable by) the root user
+
+[DEFAULT]
+# List of directories to load filter definitions from (separated by ',').
+# These directories MUST all be only writeable by root !
+filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
+
+# List of directories to search executables in, in case filters do not
+# explicitely specify a full path (separated by ',')
+# If not specified, defaults to system PATH environment variable.
+# These directories MUST all be only writeable by root !
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/usr/lpp/mmfs/bin
+
+# Enable logging to syslog
+# Default value is False
+use_syslog=False
+
+# Which syslog facility to use.
+# Valid values include auth, authpriv, syslog, local0, local1...
+# Default value is 'syslog'
+syslog_log_facility=syslog
+
+# Which messages to log.
+# INFO means log all usage
+# ERROR means only log unsuccessful attempts
+syslog_log_level=ERROR
+
--- a/doc/source/configuration/block-storage/samples/rootwrap.conf.rst
+++ b/doc/source/configuration/block-storage/samples/rootwrap.conf.rst
@ -6,6 +6,4 @@ The ``rootwrap.conf`` file defines configuration values used by the
 ``rootwrap`` script when the Block Storage service must escalate its
 privileges to those of the root user.

-.. remote-code-block:: ini
-
-   https://git.openstack.org/cgit/openstack/cinder/plain/etc/cinder/rootwrap.conf?h=stable/ocata
+.. literalinclude:: rootwrap.conf.inc
--- a/doc/source/configuration/index.rst
+++ b/doc/source/configuration/index.rst
@ -22,7 +22,7 @@ Cinder Service Configuration
   The examples of common configurations for shared
   service and libraries, such as database connections and
   RPC messaging, can be seen in Cinder's sample configuration
-   file: `cinder.conf.sample <_static/cinder.conf.sample>`_.
+   file: `cinder.conf.sample <../_static/cinder.conf.sample>`_.

 The Block Storage service works with many different storage
 drivers that you can configure by using these instructions.