d2aa07e5e9
NFP configurator runs over the cloud inside a vm launched on service management network. a) Implements NFP service configuration APIs described in NFP blue print. Listed below, a.1) create_network_function_device_config a.2) delete_network_function_device_config a.3) create_network_function_config a.4) delete_network_function_config a.5) get_notifications b) Supports framework for service specific drivers. Service drivers translates generic config APIs into service specific configuration APIs. Currently configurator stack includes following drivers, b.1) vyos FW b.2) vyos VPN b.3) haproxy LB c) Supports health monitor API. Asynchronously polls for service to be UP and notifies under the cloud. d) Supports asynchronous notifications for, d.1) Configuration API result, SUCCESS/FAILURE d.2) Initial Health check status of a service d.3) Heat request Change-Id: I63ae91648ccfec1ff28c584594c74e7bc36efe36 Implements: blueprint gbp-network-services-framework
287 lines
12 KiB
JSON
287 lines
12 KiB
JSON
{
|
|
"context_is_admin": "user_id:e41bc340893e4fd19f8a9f420dcf5fe8",
|
|
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
|
|
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
|
|
"admin_only": "rule:context_is_admin",
|
|
"regular_user": "",
|
|
"shared": "field:networks:shared=True",
|
|
"shared_firewalls": "field:firewalls:shared=True",
|
|
"external": "field:networks:router:external=True",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"create_subnet": "rule:admin_only",
|
|
"get_subnet": "rule:admin_or_owner or rule:shared",
|
|
"update_subnet": "rule:admin_only",
|
|
"delete_subnet": "rule:admin_only",
|
|
|
|
"create_network": "rule:admin_only",
|
|
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
|
|
"get_network:router:external": "rule:regular_user",
|
|
"get_network:segments": "rule:admin_only",
|
|
"get_network:provider:network_type": "rule:admin_only",
|
|
"get_network:provider:physical_network": "rule:admin_only",
|
|
"get_network:provider:segmentation_id": "rule:admin_only",
|
|
"get_network:queue_id": "rule:admin_only",
|
|
"create_network:shared": "rule:admin_only",
|
|
"create_network:router:external": "rule:admin_only",
|
|
"create_network:segments": "rule:admin_only",
|
|
"create_network:provider:network_type": "rule:admin_only",
|
|
"create_network:provider:physical_network": "rule:admin_only",
|
|
"create_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network": "rule:admin_only",
|
|
"update_network:segments": "rule:admin_only",
|
|
"update_network:shared": "rule:admin_only",
|
|
"update_network:provider:network_type": "rule:admin_only",
|
|
"update_network:provider:physical_network": "rule:admin_only",
|
|
"update_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network:router:external": "rule:admin_only",
|
|
"delete_network": "rule:admin_only",
|
|
|
|
"create_port": "rule:admin_only",
|
|
"create_port:mac_address": "rule:admin_or_network_owner",
|
|
"create_port:fixed_ips": "rule:admin_or_network_owner",
|
|
"create_port:port_security_enabled": "rule:admin_or_network_owner",
|
|
"create_port:binding:host_id": "rule:admin_only",
|
|
"create_port:binding:profile": "rule:admin_only",
|
|
"create_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
|
"get_port": "rule:admin_or_owner",
|
|
"get_port:queue_id": "rule:admin_only",
|
|
"get_port:binding:vif_type": "rule:admin_only",
|
|
"get_port:binding:vif_details": "rule:admin_only",
|
|
"get_port:binding:host_id": "rule:admin_only",
|
|
"get_port:binding:profile": "rule:admin_only",
|
|
"update_port": "rule:admin_only",
|
|
"update_port:fixed_ips": "rule:admin_or_network_owner",
|
|
"update_port:port_security_enabled": "rule:admin_or_network_owner",
|
|
"update_port:binding:host_id": "rule:admin_only",
|
|
"update_port:binding:profile": "rule:admin_only",
|
|
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
|
"delete_port": "rule:admin_only",
|
|
|
|
"get_router:ha": "rule:admin_only",
|
|
"create_router": "rule:admin_only",
|
|
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"create_router:distributed": "rule:admin_only",
|
|
"create_router:ha": "rule:admin_only",
|
|
"get_router": "rule:admin_or_owner",
|
|
"get_router:distributed": "rule:admin_only",
|
|
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"update_router:distributed": "rule:admin_only",
|
|
"update_router:ha": "rule:admin_only",
|
|
"delete_router": "rule:admin_only",
|
|
|
|
"add_router_interface": "rule:admin_only",
|
|
"remove_router_interface": "rule:admin_only",
|
|
|
|
"create_firewall": "rule:admin_only",
|
|
"get_firewall": "rule:admin_or_owner",
|
|
"create_firewall:shared": "rule:admin_only",
|
|
"get_firewall:shared": "rule:admin_only",
|
|
"update_firewall": "rule:admin_only",
|
|
"update_firewall:shared": "rule:admin_only",
|
|
"delete_firewall": "rule:admin_only",
|
|
|
|
"create_firewall_policy": "rule:admin_only",
|
|
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
|
|
"create_firewall_policy:shared": "rule:admin_or_owner",
|
|
"update_firewall_policy": "rule:admin_only",
|
|
"delete_firewall_policy": "rule:admin_only",
|
|
|
|
"create_firewall_rule": "rule:admin_only",
|
|
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
|
"update_firewall_rule": "rule:admin_only",
|
|
"delete_firewall_rule": "rule:admin_only",
|
|
|
|
"create_qos_queue": "rule:admin_only",
|
|
"get_qos_queue": "rule:admin_only",
|
|
|
|
"update_agent": "rule:admin_only",
|
|
"delete_agent": "rule:admin_only",
|
|
"get_agent": "rule:admin_only",
|
|
|
|
"create_dhcp-network": "rule:admin_only",
|
|
"delete_dhcp-network": "rule:admin_only",
|
|
"get_dhcp-networks": "rule:admin_only",
|
|
"create_l3-router": "rule:admin_only",
|
|
"delete_l3-router": "rule:admin_only",
|
|
"get_l3-routers": "rule:admin_only",
|
|
"get_dhcp-agents": "rule:admin_only",
|
|
"get_l3-agents": "rule:admin_only",
|
|
"get_loadbalancer-agent": "rule:admin_only",
|
|
"get_loadbalancer-pools": "rule:admin_only",
|
|
|
|
"create_floatingip": "rule:regular_user",
|
|
"update_floatingip": "rule:admin_or_owner",
|
|
"delete_floatingip": "rule:admin_or_owner",
|
|
"get_floatingip": "rule:admin_or_owner",
|
|
|
|
"create_network_profile": "rule:admin_only",
|
|
"update_network_profile": "rule:admin_only",
|
|
"delete_network_profile": "rule:admin_only",
|
|
"get_network_profiles": "",
|
|
"get_network_profile": "",
|
|
"update_policy_profiles": "rule:admin_only",
|
|
"get_policy_profiles": "",
|
|
"get_policy_profile": "",
|
|
|
|
"create_metering_label": "rule:admin_only",
|
|
"delete_metering_label": "rule:admin_only",
|
|
"get_metering_label": "rule:admin_only",
|
|
|
|
"create_metering_label_rule": "rule:admin_only",
|
|
"delete_metering_label_rule": "rule:admin_only",
|
|
"get_metering_label_rule": "rule:admin_only",
|
|
|
|
"get_service_provider": "rule:regular_user",
|
|
"get_lsn": "rule:admin_only",
|
|
"create_lsn": "rule:admin_only",
|
|
|
|
"shared_ptg": "field:policy_target_groups:shared=True",
|
|
"shared_pt": "field:policy_targets:shared=True",
|
|
"shared_prs": "field:policy_rule_sets:shared=True",
|
|
"shared_l3p": "field:l3_policies:shared=True",
|
|
"shared_l2p": "field:l2_policies:shared=True",
|
|
"shared_es": "field:external_segments:shared=True",
|
|
"shared_ep": "field:external_policies:shared=True",
|
|
"shared_pc": "field:policy_classifiers:shared=True",
|
|
"shared_pa": "field:policy_actions:shared=True",
|
|
"shared_pr": "field:policy_rules:shared=True",
|
|
"shared_np": "field:nat_pools:shared=True",
|
|
"shared_nsp": "field:network_service_policies:shared=True",
|
|
"shared_scn": "field:servicechain_nodes:shared=True",
|
|
"shared_scs": "field:servicechain_specs:shared=True",
|
|
"shared_sp": "field:service_profiles:shared=True",
|
|
|
|
"create_policy_target_group": "",
|
|
"create_policy_target_group:shared": "rule:admin_only",
|
|
"get_policy_target_group": "rule:admin_or_owner or rule:shared_ptg",
|
|
"update_policy_target_group:shared": "rule:admin_only",
|
|
|
|
"create_l2_policy": "",
|
|
"create_l2_policy:shared": "rule:admin_only",
|
|
"get_l2_policy": "rule:admin_or_owner or rule:shared_l2p",
|
|
"update_l2_policy:shared": "rule:admin_only",
|
|
|
|
"create_l3_policy": "",
|
|
"create_l3_policy:shared": "rule:admin_only",
|
|
"get_l3_policy": "rule:admin_or_owner or rule:shared_l3p",
|
|
"update_l3_policy:shared": "rule:admin_only",
|
|
"create_policy_classifier": "",
|
|
"create_policy_classifier:shared": "rule:admin_only",
|
|
"get_policy_classifier": "rule:admin_or_owner or rule:shared_pc",
|
|
"update_policy_classifier:shared": "rule:admin_only",
|
|
|
|
"create_policy_action": "",
|
|
"create_policy_action:shared": "rule:admin_only",
|
|
"get_policy_action": "rule:admin_or_owner or rule:shared_pa",
|
|
"update_policy_action:shared": "rule:admin_only",
|
|
|
|
"create_policy_rule": "",
|
|
"create_policy_rule:shared": "rule:admin_only",
|
|
"get_policy_rule": "rule:admin_or_owner or rule:shared_pr",
|
|
"update_policy_rule:shared": "rule:admin_only",
|
|
|
|
"create_policy_rule_set": "",
|
|
"create_policy_rule_set:shared": "rule:admin_only",
|
|
"get_policy_rule_set": "rule:admin_or_owner or rule:shared_prs",
|
|
"update_policy_rule_set:shared": "rule:admin_only",
|
|
|
|
"create_network_service_policy": "",
|
|
"create_network_service_policy:shared": "rule:admin_only",
|
|
"get_network_service_policy": "rule:admin_or_owner or rule:shared_nsp",
|
|
"update_network_service_policy:shared": "rule:admin_only",
|
|
|
|
"create_external_segment": "",
|
|
"create_external_segment:shared": "rule:admin_only",
|
|
"get_external_segment": "rule:admin_or_owner or rule:shared_es",
|
|
"update_external_segment:shared": "rule:admin_only",
|
|
|
|
"create_external_policy": "",
|
|
"create_external_policy:shared": "rule:admin_only",
|
|
"get_external_policy": "rule:admin_or_owner or rule:shared_ep",
|
|
"update_external_policy:shared": "rule:admin_only",
|
|
|
|
"create_nat_pool": "",
|
|
"create_nat_pool:shared": "rule:admin_only",
|
|
"get_nat_pool": "rule:admin_or_owner or rule:shared_np",
|
|
"update_nat_pool:shared": "rule:admin_only",
|
|
|
|
"create_servicechain_node": "",
|
|
"create_servicechain_node:shared": "rule:admin_only",
|
|
"get_servicechain_node": "rule:admin_or_owner or rule:shared_scn",
|
|
"update_servicechain_node:shared": "rule:admin_only",
|
|
|
|
"create_servicechain_spec": "",
|
|
"create_servicechain_spec:shared": "rule:admin_only",
|
|
"get_servicechain_spec": "rule:admin_or_owner or rule:shared_scs",
|
|
"update_servicechain_spec:shared": "rule:admin_only",
|
|
|
|
"create_servicechain_instance": "",
|
|
"get_servicechain_instance": "rule:admin_or_owner",
|
|
"update_servicechain_instance:shared": "rule:admin_only",
|
|
|
|
"create_service_profile": "",
|
|
"create_service_profile:shared": "rule:admin_only",
|
|
"get_service_profile": "rule:admin_or_owner or rule:shared_sp",
|
|
"update_service_profile:shared": "rule:admin_only",
|
|
|
|
"create_ipsec_site_connection": "rule:admin_only",
|
|
"update_ipsec_site_connection": "rule:admin_only",
|
|
"delete_ipsec_site_connection": "rule:admin_only",
|
|
"get_ipsec_site_connection": "rule:admin_or_owner",
|
|
"update_ipsec_site_conn_status": "rule:admin_only",
|
|
|
|
"create_ikepolicy": "rule:admin_only",
|
|
"update_ikepolicy": "rule:admin_only",
|
|
"delete_ikepolicy": "rule:admin_only",
|
|
"get_ikepolicy": "rule:admin_or_owner",
|
|
|
|
"create_ipsecpolicy": "rule:admin_only",
|
|
"update_ipsecpolicy": "rule:admin_only",
|
|
"delete_ipsecpolicy": "rule:admin_only",
|
|
"get_ipsecpolicy": "rule:admin_or_owner",
|
|
|
|
"create_vpnservice": "rule:admin_only",
|
|
"update_vpnservice": "rule:admin_only",
|
|
"delete_vpnservice": "rule:admin_only",
|
|
"get_vpnservice": "rule:admin_or_owner",
|
|
|
|
"create_ssl_vpn_connection": "rule:admin_only",
|
|
"update_ssl_vpn_connection": "rule:admin_only",
|
|
"delete_ssl_vpn_connection": "rule:admin_only",
|
|
"get_ssl_vpn_connection": "rule:admin_or_owner",
|
|
|
|
"create_vpn_credential": "rule:admin_only",
|
|
"update_vpn_credential": "rule:admin_only",
|
|
"delete_vpn_credential": "rule:admin_only",
|
|
"get_vpn_credential": "rule:admin_or_owner",
|
|
|
|
"create_vip": "rule:admin_only",
|
|
"update_vip": "rule:admin_only",
|
|
"delete_vip": "rule:admin_only",
|
|
"get_vip": "rule:admin_or_owner",
|
|
|
|
"create_pool": "rule:admin_only",
|
|
"update_pool": "rule:admin_only",
|
|
"delete_pool": "rule:admin_only",
|
|
"get_pool": "rule:admin_or_owner",
|
|
|
|
"create_pool_health_monitor": "rule:admin_only",
|
|
"delete_pool_health_monitor": "rule:admin_only",
|
|
"get_pool_health_monitor": "rule:admin_or_owner",
|
|
"update_pool_health_monitor": "rule:admin_only",
|
|
|
|
"create_member": "rule:admin_only",
|
|
"update_member": "rule:admin_only",
|
|
"delete_member": "rule:admin_only",
|
|
"get_member": "rule:admin_or_owner",
|
|
|
|
"create_health_monitor": "rule:admin_only",
|
|
"update_health_monitor": "rule:admin_only",
|
|
"delete_health_monitor": "rule:admin_only",
|
|
"get_health_monitor": "rule:admin_or_owner"
|
|
|
|
|
|
|
|
}
|