x/group-based-policy
Code Issues Proposed changes
81f5f3cb02
group-based-policy/gbpservice/contrib/nfp/bin/policy.json
dpaks d2aa07e5e9 NFP (contrib) - Configurator 
NFP configurator runs over the cloud inside a vm launched
on service management network.

a) Implements NFP service configuration APIs described in NFP blue
   print. Listed below,
	a.1) create_network_function_device_config
	a.2) delete_network_function_device_config
	a.3) create_network_function_config
	a.4) delete_network_function_config
	a.5) get_notifications
b) Supports framework for service specific drivers. Service drivers
   translates generic config APIs into service specific configuration
   APIs. Currently configurator stack includes following drivers,
	b.1) vyos FW
	b.2) vyos VPN
	b.3) haproxy LB
c) Supports health monitor API. Asynchronously polls for service to be
   UP and notifies under the cloud.
d) Supports asynchronous notifications for,
	d.1) Configuration API result, SUCCESS/FAILURE
	d.2) Initial Health check status of a service
	d.3) Heat request

Change-Id: I63ae91648ccfec1ff28c584594c74e7bc36efe36
Implements: blueprint gbp-network-services-framework
2016-07-26 05:55:37 -07:00

287 lines
12 KiB
JSON
Raw Blame History

{
"context_is_admin": "user_id:e41bc340893e4fd19f8a9f420dcf5fe8",
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"shared": "field:networks:shared=True",
"shared_firewalls": "field:firewalls:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"create_subnet": "rule:admin_only",
"get_subnet": "rule:admin_or_owner or rule:shared",
"update_subnet": "rule:admin_only",
"delete_subnet": "rule:admin_only",
"create_network": "rule:admin_only",
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_only",
"update_network:segments": "rule:admin_only",
"update_network:shared": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_only",
"create_port": "rule:admin_only",
"create_port:mac_address": "rule:admin_or_network_owner",
"create_port:fixed_ips": "rule:admin_or_network_owner",
"create_port:port_security_enabled": "rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:admin_or_network_owner",
"get_port": "rule:admin_or_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:vif_details": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_only",
"update_port:fixed_ips": "rule:admin_or_network_owner",
"update_port:port_security_enabled": "rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
"delete_port": "rule:admin_only",
"get_router:ha": "rule:admin_only",
"create_router": "rule:admin_only",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_router:distributed": "rule:admin_only",
"create_router:ha": "rule:admin_only",
"get_router": "rule:admin_or_owner",
"get_router:distributed": "rule:admin_only",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:distributed": "rule:admin_only",
"update_router:ha": "rule:admin_only",
"delete_router": "rule:admin_only",
"add_router_interface": "rule:admin_only",
"remove_router_interface": "rule:admin_only",
"create_firewall": "rule:admin_only",
"get_firewall": "rule:admin_or_owner",
"create_firewall:shared": "rule:admin_only",
"get_firewall:shared": "rule:admin_only",
"update_firewall": "rule:admin_only",
"update_firewall:shared": "rule:admin_only",
"delete_firewall": "rule:admin_only",
"create_firewall_policy": "rule:admin_only",
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
"create_firewall_policy:shared": "rule:admin_or_owner",
"update_firewall_policy": "rule:admin_only",
"delete_firewall_policy": "rule:admin_only",
"create_firewall_rule": "rule:admin_only",
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
"update_firewall_rule": "rule:admin_only",
"delete_firewall_rule": "rule:admin_only",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"create_floatingip": "rule:regular_user",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"get_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_policy_profiles": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"create_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"get_service_provider": "rule:regular_user",
"get_lsn": "rule:admin_only",
"create_lsn": "rule:admin_only",
"shared_ptg": "field:policy_target_groups:shared=True",
"shared_pt": "field:policy_targets:shared=True",
"shared_prs": "field:policy_rule_sets:shared=True",
"shared_l3p": "field:l3_policies:shared=True",
"shared_l2p": "field:l2_policies:shared=True",
"shared_es": "field:external_segments:shared=True",
"shared_ep": "field:external_policies:shared=True",
"shared_pc": "field:policy_classifiers:shared=True",
"shared_pa": "field:policy_actions:shared=True",
"shared_pr": "field:policy_rules:shared=True",
"shared_np": "field:nat_pools:shared=True",
"shared_nsp": "field:network_service_policies:shared=True",
"shared_scn": "field:servicechain_nodes:shared=True",
"shared_scs": "field:servicechain_specs:shared=True",
"shared_sp": "field:service_profiles:shared=True",
"create_policy_target_group": "",
"create_policy_target_group:shared": "rule:admin_only",
"get_policy_target_group": "rule:admin_or_owner or rule:shared_ptg",
"update_policy_target_group:shared": "rule:admin_only",
"create_l2_policy": "",
"create_l2_policy:shared": "rule:admin_only",
"get_l2_policy": "rule:admin_or_owner or rule:shared_l2p",
"update_l2_policy:shared": "rule:admin_only",
"create_l3_policy": "",
"create_l3_policy:shared": "rule:admin_only",
"get_l3_policy": "rule:admin_or_owner or rule:shared_l3p",
"update_l3_policy:shared": "rule:admin_only",
"create_policy_classifier": "",
"create_policy_classifier:shared": "rule:admin_only",
"get_policy_classifier": "rule:admin_or_owner or rule:shared_pc",
"update_policy_classifier:shared": "rule:admin_only",
"create_policy_action": "",
"create_policy_action:shared": "rule:admin_only",
"get_policy_action": "rule:admin_or_owner or rule:shared_pa",
"update_policy_action:shared": "rule:admin_only",
"create_policy_rule": "",
"create_policy_rule:shared": "rule:admin_only",
"get_policy_rule": "rule:admin_or_owner or rule:shared_pr",
"update_policy_rule:shared": "rule:admin_only",
"create_policy_rule_set": "",
"create_policy_rule_set:shared": "rule:admin_only",
"get_policy_rule_set": "rule:admin_or_owner or rule:shared_prs",
"update_policy_rule_set:shared": "rule:admin_only",
"create_network_service_policy": "",
"create_network_service_policy:shared": "rule:admin_only",
"get_network_service_policy": "rule:admin_or_owner or rule:shared_nsp",
"update_network_service_policy:shared": "rule:admin_only",
"create_external_segment": "",
"create_external_segment:shared": "rule:admin_only",
"get_external_segment": "rule:admin_or_owner or rule:shared_es",
"update_external_segment:shared": "rule:admin_only",
"create_external_policy": "",
"create_external_policy:shared": "rule:admin_only",
"get_external_policy": "rule:admin_or_owner or rule:shared_ep",
"update_external_policy:shared": "rule:admin_only",
"create_nat_pool": "",
"create_nat_pool:shared": "rule:admin_only",
"get_nat_pool": "rule:admin_or_owner or rule:shared_np",
"update_nat_pool:shared": "rule:admin_only",
"create_servicechain_node": "",
"create_servicechain_node:shared": "rule:admin_only",
"get_servicechain_node": "rule:admin_or_owner or rule:shared_scn",
"update_servicechain_node:shared": "rule:admin_only",
"create_servicechain_spec": "",
"create_servicechain_spec:shared": "rule:admin_only",
"get_servicechain_spec": "rule:admin_or_owner or rule:shared_scs",
"update_servicechain_spec:shared": "rule:admin_only",
"create_servicechain_instance": "",
"get_servicechain_instance": "rule:admin_or_owner",
"update_servicechain_instance:shared": "rule:admin_only",
"create_service_profile": "",
"create_service_profile:shared": "rule:admin_only",
"get_service_profile": "rule:admin_or_owner or rule:shared_sp",
"update_service_profile:shared": "rule:admin_only",
"create_ipsec_site_connection": "rule:admin_only",
"update_ipsec_site_connection": "rule:admin_only",
"delete_ipsec_site_connection": "rule:admin_only",
"get_ipsec_site_connection": "rule:admin_or_owner",
"update_ipsec_site_conn_status": "rule:admin_only",
"create_ikepolicy": "rule:admin_only",
"update_ikepolicy": "rule:admin_only",
"delete_ikepolicy": "rule:admin_only",
"get_ikepolicy": "rule:admin_or_owner",
"create_ipsecpolicy": "rule:admin_only",
"update_ipsecpolicy": "rule:admin_only",
"delete_ipsecpolicy": "rule:admin_only",
"get_ipsecpolicy": "rule:admin_or_owner",
"create_vpnservice": "rule:admin_only",
"update_vpnservice": "rule:admin_only",
"delete_vpnservice": "rule:admin_only",
"get_vpnservice": "rule:admin_or_owner",
"create_ssl_vpn_connection": "rule:admin_only",
"update_ssl_vpn_connection": "rule:admin_only",
"delete_ssl_vpn_connection": "rule:admin_only",
"get_ssl_vpn_connection": "rule:admin_or_owner",
"create_vpn_credential": "rule:admin_only",
"update_vpn_credential": "rule:admin_only",
"delete_vpn_credential": "rule:admin_only",
"get_vpn_credential": "rule:admin_or_owner",
"create_vip": "rule:admin_only",
"update_vip": "rule:admin_only",
"delete_vip": "rule:admin_only",
"get_vip": "rule:admin_or_owner",
"create_pool": "rule:admin_only",
"update_pool": "rule:admin_only",
"delete_pool": "rule:admin_only",
"get_pool": "rule:admin_or_owner",
"create_pool_health_monitor": "rule:admin_only",
"delete_pool_health_monitor": "rule:admin_only",
"get_pool_health_monitor": "rule:admin_or_owner",
"update_pool_health_monitor": "rule:admin_only",
"create_member": "rule:admin_only",
"update_member": "rule:admin_only",
"delete_member": "rule:admin_only",
"get_member": "rule:admin_or_owner",
"create_health_monitor": "rule:admin_only",
"update_health_monitor": "rule:admin_only",
"delete_health_monitor": "rule:admin_only",
"get_health_monitor": "rule:admin_or_owner"
}
View Git Blame Copy Permalink