support masakari and designate

add masakari and designate policies file and configs.

Change-Id: Ic2d3431df3cb8d33e74d061337514ea3d91bb7ac
This commit is contained in:
iauhsnaiq 2023-10-25 17:23:50 +08:00
parent 454b2140f1
commit fe56f82f19
7 changed files with 802 additions and 1 deletions

View File

@ -1,6 +1,7 @@
default: default:
access_token_expire: 3600 access_token_expire: 3600
access_token_renew: 1800 access_token_renew: 1800
cafile: ''
cors_allow_origins: [] cors_allow_origins: []
database_url: sqlite:////tmp/skyline.db database_url: sqlite:////tmp/skyline.db
debug: false debug: false
@ -33,8 +34,10 @@ openstack:
container: zun container: zun
container-infra: magnum container-infra: magnum
database: trove database: trove
dns: designate
identity: keystone identity: keystone
image: glance image: glance
instance-ha: masakari
key-manager: barbican key-manager: barbican
load-balancer: octavia load-balancer: octavia
network: neutron network: neutron

View File

@ -0,0 +1,6 @@
---
features:
- |
Add masakari related policies. So that we provide policies of masakari to skyline-console.
- |
Add designate related policies. So that we provide policies of designate to skyline-console.

View File

@ -123,8 +123,10 @@ service_mapping = Opt(
"container": "zun", "container": "zun",
"container-infra": "magnum", "container-infra": "magnum",
"database": "trove", "database": "trove",
"dns": "designate",
"identity": "keystone", "identity": "keystone",
"image": "glance", "image": "glance",
"instance-ha": "masakari",
"key-manager": "barbican", "key-manager": "barbican",
"load-balancer": "octavia", "load-balancer": "octavia",
"network": "neutron", "network": "neutron",

View File

@ -0,0 +1,592 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa
# fmt: off
from . import base
list_rules = (
base.Rule(
name="admin",
check_str=("role:admin or is_admin:True"),
description="No description",
),
base.Rule(
name="owner",
check_str=("project_id:%(tenant_id)s"),
description="No description",
),
base.Rule(
name="admin_or_owner",
check_str=("rule:admin or rule:owner"),
description="No description",
),
base.Rule(
name="default",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="all_tenants",
check_str=("role:admin"),
description="Action on all tenants.",
),
base.Rule(
name="edit_managed_records",
check_str=("role:admin"),
description="Edit managed records.",
),
base.Rule(
name="use_low_ttl",
check_str=("role:admin"),
description="Use low TTL.",
),
base.Rule(
name="use_sudo",
check_str=("role:admin"),
description="Accept sudo from user to tenant.",
),
base.Rule(
name="hard_delete",
check_str=("role:admin"),
description="Clean backend resources associated with zone",
),
base.Rule(
name="create_pool",
check_str=("role:admin"),
description="Create pool.",
),
base.Rule(
name="update_pool",
check_str=("role:admin"),
description="Update pool.",
),
base.Rule(
name="delete_pool",
check_str=("role:admin"),
description="Delete pool.",
),
base.Rule(
name="count_records",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="get_recordsets",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="find_recordset",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="List a Recordset in a Zone",
),
base.Rule(
name="count_recordset",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Count recordsets",
),
base.Rule(
name="update_service_status",
check_str=("role:admin"),
description="No description",
),
base.Rule(
name="find_project_zone_share",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Check the can query for a specific projects shares.",
),
base.Rule(
name="find_tenants",
check_str=("role:admin"),
description="Find all Tenants.",
),
base.Rule(
name="get_tenant",
check_str=("role:admin"),
description="Get all Tenants.",
),
base.Rule(
name="count_tenants",
check_str=("role:admin"),
description="Count tenants",
),
base.Rule(
name="get_zones",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="get_zone_servers",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="count_zones",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="count_zones_pending_notify",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.Rule(
name="purge_zones",
check_str=("role:admin"),
description="No description",
),
base.Rule(
name="get_zone_transfer_request_detailed",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="No description",
),
base.APIRule(
name="create_blacklist",
check_str=("role:admin"),
description="Create blacklist.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/blacklists"}],
),
base.APIRule(
name="find_blacklists",
check_str=("role:admin"),
description="Find blacklists.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/blacklists"}],
),
base.APIRule(
name="get_blacklist",
check_str=("role:admin"),
description="Get blacklist.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/blacklists/{blacklist_id}"}],
),
base.APIRule(
name="update_blacklist",
check_str=("role:admin"),
description="Update blacklist.",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/blacklists/{blacklist_id}"}],
),
base.APIRule(
name="delete_blacklist",
check_str=("role:admin"),
description="Delete blacklist.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/blacklists/{blacklist_id}"}],
),
base.APIRule(
name="use_blacklisted_zone",
check_str=("role:admin"),
description="Allowed bypass the blacklist.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones"}],
),
base.APIRule(
name="find_pools",
check_str=("role:admin"),
description="Find pool.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/pools"}],
),
base.APIRule(
name="find_pool",
check_str=("role:admin"),
description="Find pools.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/pools"}],
),
base.APIRule(
name="get_pool",
check_str=("role:admin"),
description="Get pool.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/pools/{pool_id}"}],
),
base.APIRule(
name="zone_create_forced_pool",
check_str=("role:admin"),
description="load and set the pool to the one provided in the Zone attributes.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones"}],
),
base.APIRule(
name="get_quotas",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"),
description="View Current Project's Quotas.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/quotas"}],
),
base.APIRule(
name="set_quota",
check_str=("role:admin"),
description="Set Quotas.",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/quotas/{project_id}"}],
),
base.APIRule(
name="reset_quotas",
check_str=("role:admin"),
description="Reset Quotas.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/quotas/{project_id}"}],
),
base.APIRule(
name="find_records",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Find records.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/reverse/floatingips/{region}:{floatingip_id}"}, {"method": "GET", "path": "/v2/reverse/floatingips"}],
),
base.APIRule(
name="create_recordset",
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or (\"True\":%(zone_shared)s) and ('PRIMARY':%(zone_type)s)"),
description="Create Recordset",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/recordsets"}],
),
base.APIRule(
name="get_recordset",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"),
description="Get recordset",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
),
base.APIRule(
name="find_recordsets",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="List Recordsets in a Zone",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets"}],
),
base.APIRule(
name="update_recordset",
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"),
description="Update recordset",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
),
base.APIRule(
name="delete_recordset",
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"),
description="Delete RecordSet",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
),
base.APIRule(
name="find_service_status",
check_str=("role:admin"),
description="Find a single Service Status",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/service_status/{service_id}"}],
),
base.APIRule(
name="find_service_statuses",
check_str=("role:admin"),
description="List service statuses.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/service_status"}],
),
base.APIRule(
name="get_zone_share",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Get a Zone Share",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares/{zone_share_id}"}],
),
base.APIRule(
name="share_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Share a Zone",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/shares"}],
),
base.APIRule(
name="find_zone_shares",
check_str=("@"),
description="List Shared Zones",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares"}],
),
base.APIRule(
name="unshare_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Unshare Zone",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/shares/{shared_zone_id}"}],
),
base.APIRule(
name="create_tld",
check_str=("role:admin"),
description="Create Tld",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/tlds"}],
),
base.APIRule(
name="find_tlds",
check_str=("role:admin"),
description="List Tlds",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/tlds"}],
),
base.APIRule(
name="get_tld",
check_str=("role:admin"),
description="Show Tld",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/tlds/{tld_id}"}],
),
base.APIRule(
name="update_tld",
check_str=("role:admin"),
description="Update Tld",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/tlds/{tld_id}"}],
),
base.APIRule(
name="delete_tld",
check_str=("role:admin"),
description="Delete Tld",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/tlds/{tld_id}"}],
),
base.APIRule(
name="create_tsigkey",
check_str=("role:admin"),
description="Create Tsigkey",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/tsigkeys"}],
),
base.APIRule(
name="find_tsigkeys",
check_str=("role:admin"),
description="List Tsigkeys",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/tsigkeys"}],
),
base.APIRule(
name="get_tsigkey",
check_str=("role:admin"),
description="Show a Tsigkey",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/tsigkeys/{tsigkey_id}"}],
),
base.APIRule(
name="update_tsigkey",
check_str=("role:admin"),
description="Update Tsigkey",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/tsigkeys/{tsigkey_id}"}],
),
base.APIRule(
name="delete_tsigkey",
check_str=("role:admin"),
description="Delete a Tsigkey",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/tsigkeys/{tsigkey_id}"}],
),
base.APIRule(
name="create_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Create Zone",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones"}],
),
base.APIRule(
name="get_zone",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"),
description="Get Zone",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}"}],
),
base.APIRule(
name="get_zone_ns_records",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Get the Name Servers for a Zone",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/nameservers"}],
),
base.APIRule(
name="find_zones",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="List existing zones",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones"}],
),
base.APIRule(
name="update_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Update Zone",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/zones/{zone_id}"}],
),
base.APIRule(
name="delete_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Delete Zone",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}"}],
),
base.APIRule(
name="xfr_zone",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Manually Trigger an Update of a Secondary Zone",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/xfr"}],
),
base.APIRule(
name="abandon_zone",
check_str=("role:admin"),
description="Abandon Zone",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/abandon"}],
),
base.APIRule(
name="zone_export",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Retrive a Zone Export from the Designate Datastore",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}/export"}],
),
base.APIRule(
name="create_zone_export",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Create Zone Export",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}],
),
base.APIRule(
name="find_zone_exports",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="List Zone Exports",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports"}],
),
base.APIRule(
name="get_zone_export",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Get Zone Exports",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}"}],
),
base.APIRule(
name="update_zone_export",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Update Zone Exports",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}],
),
base.APIRule(
name="delete_zone_export",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Delete a zone export",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/exports/{zone_export_id}"}],
),
base.APIRule(
name="create_zone_import",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Create Zone Import",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}],
),
base.APIRule(
name="find_zone_imports",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="List all Zone Imports",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/imports"}],
),
base.APIRule(
name="get_zone_import",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Get Zone Imports",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/imports/{zone_import_id}"}],
),
base.APIRule(
name="update_zone_import",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Update Zone Imports",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}],
),
base.APIRule(
name="delete_zone_import",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Delete a Zone Import",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/imports/{zone_import_id}"}],
),
base.APIRule(
name="create_zone_transfer_accept",
check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"),
description="Create Zone Transfer Accept",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/tasks/transfer_accepts"}],
),
base.APIRule(
name="get_zone_transfer_accept",
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
description="Get Zone Transfer Accept",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_accept_id}"}],
),
base.APIRule(
name="find_zone_transfer_accepts",
check_str=("role:admin"),
description="List Zone Transfer Accepts",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_accepts"}],
),
base.APIRule(
name="create_zone_transfer_request",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Create Zone Transfer Accept",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/transfer_requests"}],
),
base.APIRule(
name="get_zone_transfer_request",
check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"),
description="Show a Zone Transfer Request",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
),
base.APIRule(
name="find_zone_transfer_requests",
check_str=("@"),
description="List Zone Transfer Requests",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests"}],
),
base.APIRule(
name="update_zone_transfer_request",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Update a Zone Transfer Request",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
),
base.APIRule(
name="delete_zone_transfer_request",
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
description="Delete a Zone Transfer Request",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
),
)
__all__ = ("list_rules",)

View File

@ -0,0 +1,194 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa
# fmt: off
from . import base
list_rules = (
base.Rule(
name="context_is_admin",
check_str=("role:admin"),
description="Decides what is required for the 'is_admin:True' check to succeed.",
),
base.Rule(
name="admin_or_owner",
check_str=("is_admin:True or project_id:%(project_id)s"),
description="Default rule for most non-Admin APIs.",
),
base.Rule(
name="admin_api",
check_str=("is_admin:True"),
description="Default rule for most Admin APIs.",
),
base.Rule(
name="os_masakari_api:extensions:discoverable",
check_str=("rule:admin_api"),
description="Extension Info API extensions to change the API.",
),
base.Rule(
name="os_masakari_api:os-hosts:discoverable",
check_str=("rule:admin_api"),
description="Host API extensions to change the API.",
),
base.Rule(
name="os_masakari_api:notifications:discoverable",
check_str=("rule:admin_api"),
description="Notification API extensions to change the API.",
),
base.Rule(
name="os_masakari_api:segments:discoverable",
check_str=("rule:admin_api"),
description="Segment API extensions to change the API.",
),
base.Rule(
name="os_masakari_api:versions:discoverable",
check_str=("@"),
description="Version API extensions to change the API.",
),
base.Rule(
name="os_masakari_api:vmoves:discoverable",
check_str=("rule:admin_api"),
description="VM moves API extensions to change the API.",
),
base.APIRule(
name="os_masakari_api:extensions:index",
check_str=("rule:admin_api"),
description="List available extensions.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/extensions"}],
),
base.APIRule(
name="os_masakari_api:extensions:detail",
check_str=("rule:admin_api"),
description="Shows information for an extension.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/extensions/{extensions_id}"}],
),
base.APIRule(
name="os_masakari_api:os-hosts:index",
check_str=("rule:admin_api"),
description="Lists IDs, names, type, reserved, on_maintenance for all hosts.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts"}],
),
base.APIRule(
name="os_masakari_api:os-hosts:detail",
check_str=("rule:admin_api"),
description="Shows details for a host.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts/{host_id}"}],
),
base.APIRule(
name="os_masakari_api:os-hosts:create",
check_str=("rule:admin_api"),
description="Creates a host under given segment.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/segments/{segment_id}/hosts"}],
),
base.APIRule(
name="os_masakari_api:os-hosts:update",
check_str=("rule:admin_api"),
description="Updates the editable attributes of an existing host.",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/segments/{segment_id}/hosts/{host_id}"}],
),
base.APIRule(
name="os_masakari_api:os-hosts:delete",
check_str=("rule:admin_api"),
description="Deletes a host from given segment.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/segments/{segment_id}/hosts/{host_id}"}],
),
base.APIRule(
name="os_masakari_api:notifications:index",
check_str=("rule:admin_api"),
description="Lists IDs, notification types, host_name, generated_time, payload and status for all notifications.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/notifications"}],
),
base.APIRule(
name="os_masakari_api:notifications:detail",
check_str=("rule:admin_api"),
description="Shows details for a notification.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/notifications/{notification_id}"}],
),
base.APIRule(
name="os_masakari_api:notifications:create",
check_str=("rule:admin_api"),
description="Creates a notification.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/notifications"}],
),
base.APIRule(
name="os_masakari_api:segments:index",
check_str=("rule:admin_api"),
description="Lists IDs, names, description, recovery_method, service_type for all segments.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/segments"}],
),
base.APIRule(
name="os_masakari_api:segments:detail",
check_str=("rule:admin_api"),
description="Shows details for a segment.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/segments/{segment_id}"}],
),
base.APIRule(
name="os_masakari_api:segments:create",
check_str=("rule:admin_api"),
description="Creates a segment.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/segments"}],
),
base.APIRule(
name="os_masakari_api:segments:update",
check_str=("rule:admin_api"),
description="Updates the editable attributes of an existing host.",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/segments/{segment_id}"}],
),
base.APIRule(
name="os_masakari_api:segments:delete",
check_str=("rule:admin_api"),
description="Deletes a segment.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/segments/{segment_id}"}],
),
base.APIRule(
name="os_masakari_api:versions:index",
check_str=("@"),
description="List all versions.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/"}],
),
base.APIRule(
name="os_masakari_api:vmoves:index",
check_str=("rule:admin_api"),
description="Lists IDs, notification_id, instance_id, source_host, dest_host, status and type for all VM moves.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves"}],
),
base.APIRule(
name="os_masakari_api:vmoves:detail",
check_str=("rule:admin_api"),
description="Shows details for one VM move.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves/{vmove_id}"}],
),
)
__all__ = ("list_rules",)

View File

@ -51,6 +51,7 @@ SUPPORTED_SERVICE_EPS = {
# openstack_service: [<entry_point_name>, <entry_point_name>,] # openstack_service: [<entry_point_name>, <entry_point_name>,]
"barbican": ["barbican"], "barbican": ["barbican"],
"cinder": ["cinder"], "cinder": ["cinder"],
"designate": ["designate"],
"glance": ["glance"], "glance": ["glance"],
"heat": ["heat"], "heat": ["heat"],
"ironic": ["ironic.api"], "ironic": ["ironic.api"],
@ -58,6 +59,7 @@ SUPPORTED_SERVICE_EPS = {
"keystone": ["keystone"], "keystone": ["keystone"],
"magnum": ["magnum"], "magnum": ["magnum"],
"manila": ["manila"], "manila": ["manila"],
"masakari": ["masakari"],
"neutron": ["neutron", "neutron-vpnaas"], "neutron": ["neutron", "neutron-vpnaas"],
"nova": ["nova"], "nova": ["nova"],
"octavia": ["octavia"], "octavia": ["octavia"],

View File

@ -16,7 +16,9 @@ INSTALL_PROJECTS="keystone \
manila \ manila \
magnum \ magnum \
zun\ zun\
barbican" barbican \
designate \
masakari"
BRANCH=`git rev-parse --abbrev-ref HEAD` BRANCH=`git rev-parse --abbrev-ref HEAD`
for project in ${INSTALL_PROJECTS} for project in ${INSTALL_PROJECTS}