refactor: Remove base_roles and add more into extension_mapping

1. remove base_roles from openstack group
2. add qos and floating-ip-port-forwarding into extention_mapping

Change-Id: I461ae3f8979377ae22ec851bf3315e509b22cfbd

docs/api/swagger.json

@@ -2487,14 +2487,6 @@
                         "type": "string",
                         "description": "Keystone token expiration time"
                     },
-                    "base_roles": {
-                        "title": "Base Roles",
-                        "type": "array",
-                        "items": {
-                            "type": "string"
-                        },
-                        "description": "User base roles"
-                    },
                     "base_domains": {
                         "title": "Base Domains",
                         "type": "array",

etc/skyline.yaml.sample

@@ -14,54 +14,11 @@ default:
 openstack:
   base_domains:
   - heat_user_domain
-  base_roles:
-  - keystone_system_admin
-  - keystone_system_reader
-  - keystone_project_admin
-  - keystone_project_member
-  - keystone_project_reader
-  - nova_system_admin
-  - nova_system_reader
-  - nova_project_admin
-  - nova_project_member
-  - nova_project_reader
-  - cinder_system_admin
-  - cinder_system_reader
-  - cinder_project_admin
-  - cinder_project_member
-  - cinder_project_reader
-  - glance_system_admin
-  - glance_system_reader
-  - glance_project_admin
-  - glance_project_member
-  - glance_project_reader
-  - neutron_system_admin
-  - neutron_system_reader
-  - neutron_project_admin
-  - neutron_project_member
-  - neutron_project_reader
-  - heat_system_admin
-  - heat_system_reader
-  - heat_project_admin
-  - heat_project_member
-  - heat_project_reader
-  - placement_system_admin
-  - placement_system_reader
-  - panko_system_admin
-  - panko_system_reader
-  - panko_project_admin
-  - panko_project_member
-  - panko_project_reader
-  - ironic_system_admin
-  - ironic_system_reader
-  - octavia_system_admin
-  - octavia_system_reader
-  - octavia_project_admin
-  - octavia_project_member
-  - octavia_project_reader
   default_region: RegionOne
   extension_mapping:
+    floating-ip-port-forwarding: neutron_port_forwarding
     fwaas_v2: neutron_firewall
+    qos: neutron_qos
     vpnaas: neutron_vpn
   interface_type: public
   keystone_url: http://localhost:5000/v3/

skyline_apiserver/config/openstack.py

@@ -84,57 +84,6 @@ nginx_prefix = Opt(
     default="/api/openstack",
 )
 
-base_roles = Opt(
-    name="base_roles",
-    description="base roles list",
-    schema=List[StrictStr],
-    default=[
-        "keystone_system_admin",
-        "keystone_system_reader",
-        "keystone_project_admin",
-        "keystone_project_member",
-        "keystone_project_reader",
-        "nova_system_admin",
-        "nova_system_reader",
-        "nova_project_admin",
-        "nova_project_member",
-        "nova_project_reader",
-        "cinder_system_admin",
-        "cinder_system_reader",
-        "cinder_project_admin",
-        "cinder_project_member",
-        "cinder_project_reader",
-        "glance_system_admin",
-        "glance_system_reader",
-        "glance_project_admin",
-        "glance_project_member",
-        "glance_project_reader",
-        "neutron_system_admin",
-        "neutron_system_reader",
-        "neutron_project_admin",
-        "neutron_project_member",
-        "neutron_project_reader",
-        "heat_system_admin",
-        "heat_system_reader",
-        "heat_project_admin",
-        "heat_project_member",
-        "heat_project_reader",
-        "placement_system_admin",
-        "placement_system_reader",
-        "panko_system_admin",
-        "panko_system_reader",
-        "panko_project_admin",
-        "panko_project_member",
-        "panko_project_reader",
-        "ironic_system_admin",
-        "ironic_system_reader",
-        "octavia_system_admin",
-        "octavia_system_reader",
-        "octavia_project_admin",
-        "octavia_project_member",
-        "octavia_project_reader",
-    ],
-)
 
 base_domains = Opt(
     name="base_domains",
@@ -189,8 +138,10 @@ extension_mapping = Opt(
     description="Mapping of extension from extensions api",
     schema=Dict[StrictStr, StrictStr],
     default={
-        "vpnaas": "neutron_vpn",
+        "floating-ip-port-forwarding": "neutron_port_forwarding",
         "fwaas_v2": "neutron_firewall",
+        "qos": "neutron_qos",
+        "vpnaas": "neutron_vpn",
     },
 )
 
@@ -213,7 +164,6 @@ ALL_OPTS = (
     default_region,
     interface_type,
     nginx_prefix,
-    base_roles,
     base_domains,
     system_admin_roles,
     system_reader_roles,

skyline_apiserver/core/security.py

@@ -68,7 +68,6 @@ async def generate_profile(
             user=token_data["token"]["user"],
             roles=token_data["token"]["roles"],
             keystone_token_exp=token_data["token"]["expires_at"],
-            base_roles=CONF.openstack.base_roles,
             base_domains=CONF.openstack.base_domains,
             exp=exp or int(time.time()) + CONF.default.access_token_expire,
             uuid=uuid_value or uuid.uuid4().hex,

skyline_apiserver/schemas/login.py

@@ -91,7 +91,6 @@ class Profile(PayloadBase):
     user: User = Field(..., description="User")
     roles: List[Role] = Field(..., description="User roles")
     keystone_token_exp: str = Field(..., description="Keystone token expiration time")
-    base_roles: Optional[List[str]] = Field(None, description="User base roles")
     base_domains: Optional[List[str]] = Field(None, description="User base domains")
     endpoints: Optional[Dict[str, Any]] = Field(None, description="Keystone endpoints")
     projects: Optional[Dict[str, Any]] = Field(None, description="User projects")