starlingx/distcloud
Code Issues Proposed changes
Files
2b198a80098fddd2b5a8cd8eea2ade98674142c7
distcloud/distributedcloud/dcdbsync/api
History
amantri 474c63ae4e Implement configurator role RBAC for dc related processes 
This commit implements RBAC for configurator role, this role
has the same level of access as the existing admin role.
The existing base rules are changed to accommodate the new
configurator role. For the incoming create,delete,modify requests the
admin access is provided by authorizing the user with the policy rules.

Test Plan:
PASS: Expect only admin,operator,configurator role users can
      execute the following commands
	dcmanager subcloud manage <subcloud>
	dcmanager subcloud unmanage <subcloud>
	dcmanager subcloud-backup create --subcloud
	dcmanager subcloud-backup delete --subcloud
PASS: Expect configurator,admin,operator,reader role users
      allowed to execute the following command
	dcmanager alarm summary
PASS: Verify only configurator,admin allowed to do the
      following
	dcmanager subcloud prestage
	dcmanager subcloud reconfigure
	dcmanager subcloud reinstall
	dcmanager subcloud redeploy
	dcmanager subcloud restore
	dcmanager subcloud update_status
        dcmanager subcloud update
        dcmanager subcloud delete <subcloud>
        dcmanager patch-strategy create
        dcmanager patch-strategy apply
        dcmanager patch-strategy abort
        dcmanager patch-strategy delete
        dcmanager subcloud-group add
        dcmanager subcloud-group delete
	dcmanager subcloud-deploy upload
        dcmanager kube-rootca-update-strategy create/delete
        dcmanager patch-strategy-config update
        dcmanager subcloud-peer-group add/delete
        dcmanager sw-deploy-strategy create/delete
        dcmanager peer-group-association add/delete
	dcmanager system-peer add/delete

Story: 2011348
Task: 52055

Change-Id: I9e7d5932f0d158f20db1c9741e9b6c707cedf28a
Signed-off-by: amantri <ayyappa.mantri@windriver.com>
2025-05-05 16:44:05 +00:00
..
controllers
Remove unused methods from subclouds API and dcorch
2024-11-05 10:57:00 -03:00
policies
Implement configurator role RBAC for dc related processes
2025-05-05 16:44:05 +00:00
__init__.py
Move content to subdir to support relocated packaging
2019-11-04 13:57:02 -05:00
api_config.py
Apply black formatter to dcdbsync/api
2024-06-28 13:38:23 +00:00
app.py
Apply black formatter to dcdbsync/api
2024-06-28 13:38:23 +00:00
policy.py
Apply black formatter to dcdbsync/api
2024-06-28 13:38:23 +00:00
README.rst
Move content to subdir to support relocated packaging
2019-11-04 13:57:02 -05:00

README.rst

api

DC DBsync API is Web Server Gateway Interface (WSGI) application to receive and process API calls, including keystonemiddleware to do the authentication, parameter check and validation. It receives API calls from DC Orchestrator to read/write/update resources in Databases on behalf of DC Orchestrator. The API calls are processed in synchronous way, so that the caller will wait for the response to come back.

Multiple DC DBsync API could run in parallel, and also can work in multi-worker mode.

Multiple DC DBsync API is designed and run in stateless mode.

Setup and encapsulate the API WSGI app

app.py:

Setup and encapsulate the API WSGI app, including integrate the keystonemiddleware app

api_config.py:

API configuration loading and init

enforcer.py

Enforces policies on the version2 APIs

View Git Blame Copy Permalink