Implement policy in code (3)
This commit will move all default policies to code for: - quota - record - recordset - service_status - tenant - tld - tsigkey Change-Id: Id090b89b32116a195530484b0d92fc6c9041a6c9 Co-authored-By: Nam Nguyen Hoai <namnh@vn.fujitsu.com> Implements: blueprint policy-in-code
This commit is contained in:
parent
d43fc5fc11
commit
2fa4f50e89
|
@ -22,6 +22,13 @@ from designate.common.policies import blacklist
|
||||||
from designate.common.policies import context
|
from designate.common.policies import context
|
||||||
from designate.common.policies import diagnostics
|
from designate.common.policies import diagnostics
|
||||||
from designate.common.policies import pool
|
from designate.common.policies import pool
|
||||||
|
from designate.common.policies import quota
|
||||||
|
from designate.common.policies import record
|
||||||
|
from designate.common.policies import recordset
|
||||||
|
from designate.common.policies import service_status
|
||||||
|
from designate.common.policies import tenant
|
||||||
|
from designate.common.policies import tld
|
||||||
|
from designate.common.policies import tsigkey
|
||||||
|
|
||||||
|
|
||||||
def list_rules():
|
def list_rules():
|
||||||
|
@ -30,5 +37,12 @@ def list_rules():
|
||||||
blacklist.list_rules(),
|
blacklist.list_rules(),
|
||||||
context.list_rules(),
|
context.list_rules(),
|
||||||
diagnostics.list_rules(),
|
diagnostics.list_rules(),
|
||||||
pool.list_rules()
|
pool.list_rules(),
|
||||||
|
quota.list_rules(),
|
||||||
|
record.list_rules(),
|
||||||
|
recordset.list_rules(),
|
||||||
|
service_status.list_rules(),
|
||||||
|
tenant.list_rules(),
|
||||||
|
tld.list_rules(),
|
||||||
|
tsigkey.list_rules(),
|
||||||
)
|
)
|
||||||
|
|
|
@ -22,7 +22,8 @@ rules = [
|
||||||
policy.RuleDefault(
|
policy.RuleDefault(
|
||||||
name="create_pool",
|
name="create_pool",
|
||||||
check_str=base.RULE_ADMIN,
|
check_str=base.RULE_ADMIN,
|
||||||
description='Create pool.'),
|
description='Create pool.'
|
||||||
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name="find_pools",
|
name="find_pools",
|
||||||
check_str=base.RULE_ADMIN,
|
check_str=base.RULE_ADMIN,
|
||||||
|
@ -59,7 +60,8 @@ rules = [
|
||||||
policy.RuleDefault(
|
policy.RuleDefault(
|
||||||
name="update_pool",
|
name="update_pool",
|
||||||
check_str=base.RULE_ADMIN,
|
check_str=base.RULE_ADMIN,
|
||||||
description='Update pool.'),
|
description='Update pool.'
|
||||||
|
),
|
||||||
policy.RuleDefault(
|
policy.RuleDefault(
|
||||||
name="delete_pool",
|
name="delete_pool",
|
||||||
check_str=base.RULE_ADMIN,
|
check_str=base.RULE_ADMIN,
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_quotas",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description="View Current Project's Quotas.",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/quotas',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="get_quota",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="set_quota",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description='Set Quotas.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/quotas/{project_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="reset_quotas",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description='Reset Quotas.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/quotas/{project_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,114 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="create_record",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Create record.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records',
|
||||||
|
'method': 'POST'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_records",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Get records.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_record",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Get record.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_records",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Find records.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/reverse/floatingips/{region}:{floatingip_id}',
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/reverse/floatingips',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_record",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Find record.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'DELETE'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'PUT'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="update_record",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Update record.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'PUT'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="delete_record",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description='Delete record.',
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="count_records",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,127 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="create_recordset",
|
||||||
|
check_str=base.RULE_ZONE_PRIMARY_OR_ADMIN,
|
||||||
|
description="Create Recordset",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets',
|
||||||
|
'method': 'POST'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/reverse/floatingips/{region}:{floatingip_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="get_recordsets",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_recordset",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description="Get recordset",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'PUT'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets/{recordset_id}',
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets/{recordset_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets/{recordset_id}',
|
||||||
|
'method': 'PUT'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_recordsets",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description="Find recordsets",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_recordset",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description="Find recordset",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records',
|
||||||
|
'method': 'POST'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="update_recordset",
|
||||||
|
check_str=base.RULE_ZONE_PRIMARY_OR_ADMIN,
|
||||||
|
description="Update recordset",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'PUT'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets/{recordset_id}',
|
||||||
|
'method': 'PUT'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/reverse/floatingips/{region}:{floatingip_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="delete_recordset",
|
||||||
|
check_str=base.RULE_ZONE_PRIMARY_OR_ADMIN,
|
||||||
|
description="Delete RecordSet",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/domains/<uuid:domain_id>/records/<uuid:record_id>', # noqa
|
||||||
|
'method': 'DELETE'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/zones/{zone_id}/recordsets/{recordset_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="count_recordset",
|
||||||
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
|
description="Count recordsets"
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,50 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_service_status",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Find a single Service Status",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/service_status/{service_id}',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_service_statuses",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="List service statuses.",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/service_status',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
"update_service_service_status",
|
||||||
|
base.RULE_ADMIN)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,41 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="find_tenants",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Find all Tenants."
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="get_tenant",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Get all Tenants."
|
||||||
|
),
|
||||||
|
policy.RuleDefault(
|
||||||
|
name="count_tenants",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Count tenants"
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,80 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="create_tld",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Create Tld",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tlds',
|
||||||
|
'method': 'POST'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_tlds",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="List Tlds",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tlds',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_tld",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Show Tld",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tlds/{tld_id}',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="update_tld",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Update Tld",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tlds/{tld_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="delete_tld",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Delete Tld",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tlds/{tld_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -0,0 +1,101 @@
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from designate.common.policies import base
|
||||||
|
|
||||||
|
rules = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="create_tsigkey",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Create Tsigkey",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/tsigkeys',
|
||||||
|
'method': 'POST'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/tsigkeys',
|
||||||
|
'method': 'POST'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="find_tsigkeys",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="List Tsigkeys",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/tsigkeys',
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/tsigkeys/<uuid:tsigkey_id>',
|
||||||
|
'method': 'GET'
|
||||||
|
}, {
|
||||||
|
'path': '/v1/tsigkeys/<uuid:tsigkey_id>',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/tsigkeys',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="get_tsigkey",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Show a Tsigkey",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v2/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'GET'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="update_tsigkey",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Update Tsigkey",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'PATCH'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name="delete_tsigkey",
|
||||||
|
check_str=base.RULE_ADMIN,
|
||||||
|
description="Delete a Tsigkey",
|
||||||
|
operations=[
|
||||||
|
{
|
||||||
|
'path': '/v1/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}, {
|
||||||
|
'path': '/v2/tsigkeys/{tsigkey_id}',
|
||||||
|
'method': 'DELETE'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
)
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return rules
|
|
@ -1,25 +1,4 @@
|
||||||
{
|
{
|
||||||
"get_quotas": "rule:admin_or_owner",
|
|
||||||
"get_quota": "rule:admin_or_owner",
|
|
||||||
"set_quota": "rule:admin",
|
|
||||||
"reset_quotas": "rule:admin",
|
|
||||||
|
|
||||||
"create_tld": "rule:admin",
|
|
||||||
"find_tlds": "rule:admin",
|
|
||||||
"get_tld": "rule:admin",
|
|
||||||
"update_tld": "rule:admin",
|
|
||||||
"delete_tld": "rule:admin",
|
|
||||||
|
|
||||||
"create_tsigkey": "rule:admin",
|
|
||||||
"find_tsigkeys": "rule:admin",
|
|
||||||
"get_tsigkey": "rule:admin",
|
|
||||||
"update_tsigkey": "rule:admin",
|
|
||||||
"delete_tsigkey": "rule:admin",
|
|
||||||
|
|
||||||
"find_tenants": "rule:admin",
|
|
||||||
"get_tenant": "rule:admin",
|
|
||||||
"count_tenants": "rule:admin",
|
|
||||||
|
|
||||||
"create_zone": "rule:admin_or_owner",
|
"create_zone": "rule:admin_or_owner",
|
||||||
"get_zones": "rule:admin_or_owner",
|
"get_zones": "rule:admin_or_owner",
|
||||||
"get_zone": "rule:admin_or_owner",
|
"get_zone": "rule:admin_or_owner",
|
||||||
|
@ -35,24 +14,6 @@
|
||||||
"purge_zones": "rule:admin",
|
"purge_zones": "rule:admin",
|
||||||
"touch_zone": "rule:admin_or_owner",
|
"touch_zone": "rule:admin_or_owner",
|
||||||
|
|
||||||
"create_recordset": "rule:zone_primary_or_admin",
|
|
||||||
"get_recordsets": "rule:admin_or_owner",
|
|
||||||
"get_recordset": "rule:admin_or_owner",
|
|
||||||
"find_recordsets": "rule:admin_or_owner",
|
|
||||||
"find_recordset": "rule:admin_or_owner",
|
|
||||||
"update_recordset": "rule:zone_primary_or_admin",
|
|
||||||
"delete_recordset": "rule:zone_primary_or_admin",
|
|
||||||
"count_recordset": "rule:admin_or_owner",
|
|
||||||
|
|
||||||
"create_record": "rule:admin_or_owner",
|
|
||||||
"get_records": "rule:admin_or_owner",
|
|
||||||
"get_record": "rule:admin_or_owner",
|
|
||||||
"find_records": "rule:admin_or_owner",
|
|
||||||
"find_record": "rule:admin_or_owner",
|
|
||||||
"update_record": "rule:admin_or_owner",
|
|
||||||
"delete_record": "rule:admin_or_owner",
|
|
||||||
"count_records": "rule:admin_or_owner",
|
|
||||||
|
|
||||||
"create_zone_transfer_request": "rule:admin_or_owner",
|
"create_zone_transfer_request": "rule:admin_or_owner",
|
||||||
"get_zone_transfer_request": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
|
"get_zone_transfer_request": "rule:admin_or_owner or tenant:%(target_tenant_id)s or None:%(target_tenant_id)s",
|
||||||
"get_zone_transfer_request_detailed": "rule:admin_or_owner",
|
"get_zone_transfer_request_detailed": "rule:admin_or_owner",
|
||||||
|
@ -79,8 +40,4 @@
|
||||||
"find_zone_exports": "rule:admin_or_owner",
|
"find_zone_exports": "rule:admin_or_owner",
|
||||||
"get_zone_export": "rule:admin_or_owner",
|
"get_zone_export": "rule:admin_or_owner",
|
||||||
"update_zone_export": "rule:admin_or_owner",
|
"update_zone_export": "rule:admin_or_owner",
|
||||||
|
|
||||||
"find_service_status": "rule:admin",
|
|
||||||
"find_service_statuses": "rule:admin",
|
|
||||||
"update_service_service_status": "rule:admin"
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue