openstack/skyline-apiserver
Code Issues Proposed changes

refactor: Use source code instead of release packages

Browse Source 
We install the service projects from opendev instead of
release packages. If the service projects are DEPRECATED,
then we will install them by latest release packages.

Update the neutron policy with the master branch.

Change-Id: I56a10452e731fd6e2597501659ce84e96c4c91ab
This commit is contained in:
zhu.boxiang 2022-06-07 13:29:04 +08:00
parent 32a00a6529
commit 10c910c6d5
2 changed files with 63 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
skyline_apiserver/policy/manager/neutron.py
View File

@ -86,7 +86,7 @@ list_rules = (
),
base.Rule(
name="get_flavor_service_profile",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"),
check_str=("(rule:admin_only) or (role:reader and project_id:%(project_id)s)"),
description="Get a flavor associated with a given service profiles. There is no corresponding GET operations in API currently. This rule is currently referred only in the DELETE of flavor_service_profile.",
),
base.Rule(
@ -175,77 +175,77 @@ list_rules = (
),
base.APIRule(
name="get_agent",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get an agent",
scope_types=["system"],
operations=[{"method": "GET", "path": "/agents"}, {"method": "GET", "path": "/agents/{id}"}],
),
base.APIRule(
name="update_agent",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update an agent",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/agents/{id}"}],
),
base.APIRule(
name="delete_agent",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete an agent",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{id}"}],
),
base.APIRule(
name="create_dhcp-network",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Add a network to a DHCP agent",
scope_types=["system"],
operations=[{"method": "POST", "path": "/agents/{agent_id}/dhcp-networks"}],
),
base.APIRule(
name="get_dhcp-networks",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="List networks on a DHCP agent",
scope_types=["system"],
operations=[{"method": "GET", "path": "/agents/{agent_id}/dhcp-networks"}],
),
base.APIRule(
name="delete_dhcp-network",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Remove a network from a DHCP agent",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}],
),
base.APIRule(
name="create_l3-router",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Add a router to an L3 agent",
scope_types=["system"],
operations=[{"method": "POST", "path": "/agents/{agent_id}/l3-routers"}],
),
base.APIRule(
name="get_l3-routers",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="List routers on an L3 agent",
scope_types=["system"],
operations=[{"method": "GET", "path": "/agents/{agent_id}/l3-routers"}],
),
base.APIRule(
name="delete_l3-router",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Remove a router from an L3 agent",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{agent_id}/l3-routers/{router_id}"}],
),
base.APIRule(
name="get_dhcp-agents",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="List DHCP agents hosting a network",
scope_types=["system"],
operations=[{"method": "GET", "path": "/networks/{network_id}/dhcp-agents"}],
),
base.APIRule(
name="get_l3-agents",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="List L3 agents hosting a router",
scope_types=["system"],
operations=[{"method": "GET", "path": "/routers/{router_id}/l3-agents"}],
@ -266,77 +266,77 @@ list_rules = (
),
base.APIRule(
name="get_availability_zone",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="List availability zones",
scope_types=["system"],
operations=[{"method": "GET", "path": "/availability_zones"}],
),
base.APIRule(
name="create_flavor",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Create a flavor",
scope_types=["system"],
operations=[{"method": "POST", "path": "/flavors"}],
),
base.APIRule(
name="get_flavor",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"),
check_str=("(rule:admin_only) or (role:reader and project_id:%(project_id)s)"),
description="Get a flavor",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/flavors"}, {"method": "GET", "path": "/flavors/{id}"}],
),
base.APIRule(
name="update_flavor",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a flavor",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/flavors/{id}"}],
),
base.APIRule(
name="delete_flavor",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a flavor",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/flavors/{id}"}],
),
base.APIRule(
name="create_service_profile",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Create a service profile",
scope_types=["system"],
operations=[{"method": "POST", "path": "/service_profiles"}],
),
base.APIRule(
name="get_service_profile",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get a service profile",
scope_types=["system"],
operations=[{"method": "GET", "path": "/service_profiles"}, {"method": "GET", "path": "/service_profiles/{id}"}],
),
base.APIRule(
name="update_service_profile",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a service profile",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/service_profiles/{id}"}],
),
base.APIRule(
name="delete_service_profile",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a service profile",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/service_profiles/{id}"}],
),
base.APIRule(
name="create_flavor_service_profile",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Associate a flavor with a service profile",
scope_types=["system"],
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/service_profiles"}],
),
base.APIRule(
name="delete_flavor_service_profile",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Disassociate a flavor with a service profile",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}],
@ -490,35 +490,35 @@ list_rules = (
),
base.APIRule(
name="get_loggable_resource",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get loggable resources",
scope_types=["system"],
operations=[{"method": "GET", "path": "/log/loggable-resources"}],
),
base.APIRule(
name="create_log",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Create a network log",
scope_types=["system"],
operations=[{"method": "POST", "path": "/log/logs"}],
),
base.APIRule(
name="get_log",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get a network log",
scope_types=["system"],
operations=[{"method": "GET", "path": "/log/logs"}, {"method": "GET", "path": "/log/logs/{id}"}],
),
base.APIRule(
name="update_log",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a network log",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/log/logs/{id}"}],
),
base.APIRule(
name="delete_log",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a network log",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/log/logs/{id}"}],
@ -770,35 +770,35 @@ list_rules = (
),
base.APIRule(
name="get_network_ip_availability",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get network IP availability",
scope_types=["system"],
operations=[{"method": "GET", "path": "/network-ip-availabilities"}, {"method": "GET", "path": "/network-ip-availabilities/{network_id}"}],
),
base.APIRule(
name="create_network_segment_range",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Create a network segment range",
scope_types=["system"],
operations=[{"method": "POST", "path": "/network_segment_ranges"}],
),
base.APIRule(
name="get_network_segment_range",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get a network segment range",
scope_types=["system"],
operations=[{"method": "GET", "path": "/network_segment_ranges"}, {"method": "GET", "path": "/network_segment_ranges/{id}"}],
),
base.APIRule(
name="update_network_segment_range",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a network segment range",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/network_segment_ranges/{id}"}],
),
base.APIRule(
name="delete_network_segment_range",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a network segment range",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/network_segment_ranges/{id}"}],
@ -813,7 +813,7 @@ list_rules = (
base.APIRule(
name="create_port:device_owner",
check_str=("not rule:network_device or role:admin and project_id:%(project_id)s or rule:context_is_advsvc or rule:network_owner"),
description="Specify ``device_owner`` attribute when creting a port",
description="Specify ``device_owner`` attribute when creating a port",
scope_types=["project"],
operations=[{"method": "POST", "path": "/ports"}],
),
@ -1071,7 +1071,7 @@ list_rules = (
),
base.APIRule(
name="get_rule_type",
check_str=("role:admin or role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get available QoS rule types",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/qos/rule-types"}, {"method": "GET", "path": "/qos/rule-types/{rule_type}"}],
@ -1274,21 +1274,21 @@ list_rules = (
),
base.APIRule(
name="get_quota",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get a resource quota",
scope_types=["system"],
operations=[{"method": "GET", "path": "/quota"}, {"method": "GET", "path": "/quota/{id}"}],
),
base.APIRule(
name="update_quota",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a resource quota",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/quota/{id}"}],
),
base.APIRule(
name="delete_quota",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a resource quota",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/quota/{id}"}],
@ -1540,28 +1540,28 @@ list_rules = (
),
base.APIRule(
name="create_segment",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Create a segment",
scope_types=["system"],
operations=[{"method": "POST", "path": "/segments"}],
),
base.APIRule(
name="get_segment",
check_str=("role:reader and system_scope:all"),
check_str=("rule:admin_only"),
description="Get a segment",
scope_types=["system"],
operations=[{"method": "GET", "path": "/segments"}, {"method": "GET", "path": "/segments/{id}"}],
),
base.APIRule(
name="update_segment",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Update a segment",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/segments/{id}"}],
),
base.APIRule(
name="delete_segment",
check_str=("role:admin and system_scope:all"),
check_str=("rule:admin_only"),
description="Delete a segment",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/segments/{id}"}],

28
tools/post_install.sh
View File

@ -1,19 +1,33 @@
#!/usr/bin/env bash
# Install openstack service package
pip install -U \
keystone \
openstack-placement \
set -ex
# Some projects have been DEPRECATED.
# panko: https://opendev.org/openstack/panko
INSTALL_DEPRECATED_PROJECTS="panko"
INSTALL_PROJECTS="keystone \
placement \
nova \
cinder \
glance \
trove \
neutron neutron-vpnaas \
openstack-heat \
heat \
ironic \
ironic-inspector \
octavia \
panko \
manila \
magnum \
zun
zun"
BRANCH=`git rev-parse --abbrev-ref HEAD`
for project in ${INSTALL_PROJECTS}
do
pip install -U git+https://opendev.org/openstack/${project}@${BRANCH}
done
for deprecated_project in ${INSTALL_DEPRECATED_PROJECTS}
do
pip install -U ${deprecated_project}
done