diff --git a/docs/api/swagger.json b/docs/api/swagger.json index e5ce3e5..f1bf1c1 100644 --- a/docs/api/swagger.json +++ b/docs/api/swagger.json @@ -2487,14 +2487,6 @@ "type": "string", "description": "Keystone token expiration time" }, - "base_roles": { - "title": "Base Roles", - "type": "array", - "items": { - "type": "string" - }, - "description": "User base roles" - }, "base_domains": { "title": "Base Domains", "type": "array", diff --git a/etc/skyline.yaml.sample b/etc/skyline.yaml.sample index bc71c5b..5a7b85e 100644 --- a/etc/skyline.yaml.sample +++ b/etc/skyline.yaml.sample @@ -14,54 +14,11 @@ default: openstack: base_domains: - heat_user_domain - base_roles: - - keystone_system_admin - - keystone_system_reader - - keystone_project_admin - - keystone_project_member - - keystone_project_reader - - nova_system_admin - - nova_system_reader - - nova_project_admin - - nova_project_member - - nova_project_reader - - cinder_system_admin - - cinder_system_reader - - cinder_project_admin - - cinder_project_member - - cinder_project_reader - - glance_system_admin - - glance_system_reader - - glance_project_admin - - glance_project_member - - glance_project_reader - - neutron_system_admin - - neutron_system_reader - - neutron_project_admin - - neutron_project_member - - neutron_project_reader - - heat_system_admin - - heat_system_reader - - heat_project_admin - - heat_project_member - - heat_project_reader - - placement_system_admin - - placement_system_reader - - panko_system_admin - - panko_system_reader - - panko_project_admin - - panko_project_member - - panko_project_reader - - ironic_system_admin - - ironic_system_reader - - octavia_system_admin - - octavia_system_reader - - octavia_project_admin - - octavia_project_member - - octavia_project_reader default_region: RegionOne extension_mapping: + floating-ip-port-forwarding: neutron_port_forwarding fwaas_v2: neutron_firewall + qos: neutron_qos vpnaas: neutron_vpn interface_type: public keystone_url: http://localhost:5000/v3/ diff --git a/skyline_apiserver/config/openstack.py b/skyline_apiserver/config/openstack.py index 2b18614..3d100ca 100644 --- a/skyline_apiserver/config/openstack.py +++ b/skyline_apiserver/config/openstack.py @@ -84,57 +84,6 @@ nginx_prefix = Opt( default="/api/openstack", ) -base_roles = Opt( - name="base_roles", - description="base roles list", - schema=List[StrictStr], - default=[ - "keystone_system_admin", - "keystone_system_reader", - "keystone_project_admin", - "keystone_project_member", - "keystone_project_reader", - "nova_system_admin", - "nova_system_reader", - "nova_project_admin", - "nova_project_member", - "nova_project_reader", - "cinder_system_admin", - "cinder_system_reader", - "cinder_project_admin", - "cinder_project_member", - "cinder_project_reader", - "glance_system_admin", - "glance_system_reader", - "glance_project_admin", - "glance_project_member", - "glance_project_reader", - "neutron_system_admin", - "neutron_system_reader", - "neutron_project_admin", - "neutron_project_member", - "neutron_project_reader", - "heat_system_admin", - "heat_system_reader", - "heat_project_admin", - "heat_project_member", - "heat_project_reader", - "placement_system_admin", - "placement_system_reader", - "panko_system_admin", - "panko_system_reader", - "panko_project_admin", - "panko_project_member", - "panko_project_reader", - "ironic_system_admin", - "ironic_system_reader", - "octavia_system_admin", - "octavia_system_reader", - "octavia_project_admin", - "octavia_project_member", - "octavia_project_reader", - ], -) base_domains = Opt( name="base_domains", @@ -189,8 +138,10 @@ extension_mapping = Opt( description="Mapping of extension from extensions api", schema=Dict[StrictStr, StrictStr], default={ - "vpnaas": "neutron_vpn", + "floating-ip-port-forwarding": "neutron_port_forwarding", "fwaas_v2": "neutron_firewall", + "qos": "neutron_qos", + "vpnaas": "neutron_vpn", }, ) @@ -213,7 +164,6 @@ ALL_OPTS = ( default_region, interface_type, nginx_prefix, - base_roles, base_domains, system_admin_roles, system_reader_roles, diff --git a/skyline_apiserver/core/security.py b/skyline_apiserver/core/security.py index 63ee9ea..dbea9bc 100644 --- a/skyline_apiserver/core/security.py +++ b/skyline_apiserver/core/security.py @@ -68,7 +68,6 @@ async def generate_profile( user=token_data["token"]["user"], roles=token_data["token"]["roles"], keystone_token_exp=token_data["token"]["expires_at"], - base_roles=CONF.openstack.base_roles, base_domains=CONF.openstack.base_domains, exp=exp or int(time.time()) + CONF.default.access_token_expire, uuid=uuid_value or uuid.uuid4().hex, diff --git a/skyline_apiserver/schemas/login.py b/skyline_apiserver/schemas/login.py index 3be341f..beffc5d 100644 --- a/skyline_apiserver/schemas/login.py +++ b/skyline_apiserver/schemas/login.py @@ -91,7 +91,6 @@ class Profile(PayloadBase): user: User = Field(..., description="User") roles: List[Role] = Field(..., description="User roles") keystone_token_exp: str = Field(..., description="Keystone token expiration time") - base_roles: Optional[List[str]] = Field(None, description="User base roles") base_domains: Optional[List[str]] = Field(None, description="User base domains") endpoints: Optional[Dict[str, Any]] = Field(None, description="Keystone endpoints") projects: Optional[Dict[str, Any]] = Field(None, description="User projects")