baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Use source code instead of release packages

Browse Source 
We install the service projects from opendev instead of
release packages. If the service projects are DEPRECATED,
then we will install them by latest release packages.

Update the neutron policy with the master branch.

Change-Id: I56a10452e731fd6e2597501659ce84e96c4c91ab
This commit is contained in:
zhu.boxiang 2022-06-07 13:29:04 +08:00
parent 32a00a6529
commit 10c910c6d5
2 changed files with 63 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
skyline_apiserver/policy/manager/neutron.py
View File

@ -86,7 +86,7 @@ list_rules = (
), ),
base.Rule( base.Rule(
name="get_flavor_service_profile", name="get_flavor_service_profile",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), check_str=("(rule:admin_only) or (role:reader and project_id:%(project_id)s)"),
description="Get a flavor associated with a given service profiles. There is no corresponding GET operations in API currently. This rule is currently referred only in the DELETE of flavor_service_profile.", description="Get a flavor associated with a given service profiles. There is no corresponding GET operations in API currently. This rule is currently referred only in the DELETE of flavor_service_profile.",
), ),
base.Rule( base.Rule(
@ -175,77 +175,77 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_agent", name="get_agent",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get an agent", description="Get an agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/agents"}, {"method": "GET", "path": "/agents/{id}"}], operations=[{"method": "GET", "path": "/agents"}, {"method": "GET", "path": "/agents/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_agent", name="update_agent",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update an agent", description="Update an agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/agents/{id}"}], operations=[{"method": "PUT", "path": "/agents/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_agent", name="delete_agent",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete an agent", description="Delete an agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{id}"}], operations=[{"method": "DELETE", "path": "/agents/{id}"}],
), ),
base.APIRule( base.APIRule(
name="create_dhcp-network", name="create_dhcp-network",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Add a network to a DHCP agent", description="Add a network to a DHCP agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/agents/{agent_id}/dhcp-networks"}], operations=[{"method": "POST", "path": "/agents/{agent_id}/dhcp-networks"}],
), ),
base.APIRule( base.APIRule(
name="get_dhcp-networks", name="get_dhcp-networks",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="List networks on a DHCP agent", description="List networks on a DHCP agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/agents/{agent_id}/dhcp-networks"}], operations=[{"method": "GET", "path": "/agents/{agent_id}/dhcp-networks"}],
), ),
base.APIRule( base.APIRule(
name="delete_dhcp-network", name="delete_dhcp-network",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Remove a network from a DHCP agent", description="Remove a network from a DHCP agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}], operations=[{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}],
), ),
base.APIRule( base.APIRule(
name="create_l3-router", name="create_l3-router",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Add a router to an L3 agent", description="Add a router to an L3 agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/agents/{agent_id}/l3-routers"}], operations=[{"method": "POST", "path": "/agents/{agent_id}/l3-routers"}],
), ),
base.APIRule( base.APIRule(
name="get_l3-routers", name="get_l3-routers",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="List routers on an L3 agent", description="List routers on an L3 agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/agents/{agent_id}/l3-routers"}], operations=[{"method": "GET", "path": "/agents/{agent_id}/l3-routers"}],
), ),
base.APIRule( base.APIRule(
name="delete_l3-router", name="delete_l3-router",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Remove a router from an L3 agent", description="Remove a router from an L3 agent",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/agents/{agent_id}/l3-routers/{router_id}"}], operations=[{"method": "DELETE", "path": "/agents/{agent_id}/l3-routers/{router_id}"}],
), ),
base.APIRule( base.APIRule(
name="get_dhcp-agents", name="get_dhcp-agents",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="List DHCP agents hosting a network", description="List DHCP agents hosting a network",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/networks/{network_id}/dhcp-agents"}], operations=[{"method": "GET", "path": "/networks/{network_id}/dhcp-agents"}],
), ),
base.APIRule( base.APIRule(
name="get_l3-agents", name="get_l3-agents",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="List L3 agents hosting a router", description="List L3 agents hosting a router",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/routers/{router_id}/l3-agents"}], operations=[{"method": "GET", "path": "/routers/{router_id}/l3-agents"}],
@ -266,77 +266,77 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_availability_zone", name="get_availability_zone",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="List availability zones", description="List availability zones",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/availability_zones"}], operations=[{"method": "GET", "path": "/availability_zones"}],
), ),
base.APIRule( base.APIRule(
name="create_flavor", name="create_flavor",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Create a flavor", description="Create a flavor",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/flavors"}], operations=[{"method": "POST", "path": "/flavors"}],
), ),
base.APIRule( base.APIRule(
name="get_flavor", name="get_flavor",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), check_str=("(rule:admin_only) or (role:reader and project_id:%(project_id)s)"),
description="Get a flavor", description="Get a flavor",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/flavors"}, {"method": "GET", "path": "/flavors/{id}"}], operations=[{"method": "GET", "path": "/flavors"}, {"method": "GET", "path": "/flavors/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_flavor", name="update_flavor",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a flavor", description="Update a flavor",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/flavors/{id}"}], operations=[{"method": "PUT", "path": "/flavors/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_flavor", name="delete_flavor",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a flavor", description="Delete a flavor",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/flavors/{id}"}], operations=[{"method": "DELETE", "path": "/flavors/{id}"}],
), ),
base.APIRule( base.APIRule(
name="create_service_profile", name="create_service_profile",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Create a service profile", description="Create a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/service_profiles"}], operations=[{"method": "POST", "path": "/service_profiles"}],
), ),
base.APIRule( base.APIRule(
name="get_service_profile", name="get_service_profile",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get a service profile", description="Get a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/service_profiles"}, {"method": "GET", "path": "/service_profiles/{id}"}], operations=[{"method": "GET", "path": "/service_profiles"}, {"method": "GET", "path": "/service_profiles/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_service_profile", name="update_service_profile",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a service profile", description="Update a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/service_profiles/{id}"}], operations=[{"method": "PUT", "path": "/service_profiles/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_service_profile", name="delete_service_profile",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a service profile", description="Delete a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/service_profiles/{id}"}], operations=[{"method": "DELETE", "path": "/service_profiles/{id}"}],
), ),
base.APIRule( base.APIRule(
name="create_flavor_service_profile", name="create_flavor_service_profile",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Associate a flavor with a service profile", description="Associate a flavor with a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/service_profiles"}], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/service_profiles"}],
), ),
base.APIRule( base.APIRule(
name="delete_flavor_service_profile", name="delete_flavor_service_profile",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Disassociate a flavor with a service profile", description="Disassociate a flavor with a service profile",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}], operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}],
@ -490,35 +490,35 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_loggable_resource", name="get_loggable_resource",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get loggable resources", description="Get loggable resources",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/log/loggable-resources"}], operations=[{"method": "GET", "path": "/log/loggable-resources"}],
), ),
base.APIRule( base.APIRule(
name="create_log", name="create_log",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Create a network log", description="Create a network log",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/log/logs"}], operations=[{"method": "POST", "path": "/log/logs"}],
), ),
base.APIRule( base.APIRule(
name="get_log", name="get_log",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get a network log", description="Get a network log",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/log/logs"}, {"method": "GET", "path": "/log/logs/{id}"}], operations=[{"method": "GET", "path": "/log/logs"}, {"method": "GET", "path": "/log/logs/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_log", name="update_log",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a network log", description="Update a network log",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/log/logs/{id}"}], operations=[{"method": "PUT", "path": "/log/logs/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_log", name="delete_log",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a network log", description="Delete a network log",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/log/logs/{id}"}], operations=[{"method": "DELETE", "path": "/log/logs/{id}"}],
@ -770,35 +770,35 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_network_ip_availability", name="get_network_ip_availability",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get network IP availability", description="Get network IP availability",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/network-ip-availabilities"}, {"method": "GET", "path": "/network-ip-availabilities/{network_id}"}], operations=[{"method": "GET", "path": "/network-ip-availabilities"}, {"method": "GET", "path": "/network-ip-availabilities/{network_id}"}],
), ),
base.APIRule( base.APIRule(
name="create_network_segment_range", name="create_network_segment_range",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Create a network segment range", description="Create a network segment range",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/network_segment_ranges"}], operations=[{"method": "POST", "path": "/network_segment_ranges"}],
), ),
base.APIRule( base.APIRule(
name="get_network_segment_range", name="get_network_segment_range",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get a network segment range", description="Get a network segment range",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/network_segment_ranges"}, {"method": "GET", "path": "/network_segment_ranges/{id}"}], operations=[{"method": "GET", "path": "/network_segment_ranges"}, {"method": "GET", "path": "/network_segment_ranges/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_network_segment_range", name="update_network_segment_range",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a network segment range", description="Update a network segment range",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/network_segment_ranges/{id}"}], operations=[{"method": "PUT", "path": "/network_segment_ranges/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_network_segment_range", name="delete_network_segment_range",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a network segment range", description="Delete a network segment range",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/network_segment_ranges/{id}"}], operations=[{"method": "DELETE", "path": "/network_segment_ranges/{id}"}],
@ -813,7 +813,7 @@ list_rules = (
base.APIRule( base.APIRule(
name="create_port:device_owner", name="create_port:device_owner",
check_str=("not rule:network_device or role:admin and project_id:%(project_id)s or rule:context_is_advsvc or rule:network_owner"), check_str=("not rule:network_device or role:admin and project_id:%(project_id)s or rule:context_is_advsvc or rule:network_owner"),
description="Specify ``device_owner`` attribute when creting a port", description="Specify ``device_owner`` attribute when creating a port",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/ports"}], operations=[{"method": "POST", "path": "/ports"}],
), ),
@ -1071,7 +1071,7 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_rule_type", name="get_rule_type",
check_str=("role:admin or role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get available QoS rule types", description="Get available QoS rule types",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/qos/rule-types"}, {"method": "GET", "path": "/qos/rule-types/{rule_type}"}], operations=[{"method": "GET", "path": "/qos/rule-types"}, {"method": "GET", "path": "/qos/rule-types/{rule_type}"}],
@ -1274,21 +1274,21 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_quota", name="get_quota",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get a resource quota", description="Get a resource quota",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/quota"}, {"method": "GET", "path": "/quota/{id}"}], operations=[{"method": "GET", "path": "/quota"}, {"method": "GET", "path": "/quota/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_quota", name="update_quota",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a resource quota", description="Update a resource quota",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/quota/{id}"}], operations=[{"method": "PUT", "path": "/quota/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_quota", name="delete_quota",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a resource quota", description="Delete a resource quota",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/quota/{id}"}], operations=[{"method": "DELETE", "path": "/quota/{id}"}],
@ -1540,28 +1540,28 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="create_segment", name="create_segment",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Create a segment", description="Create a segment",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "POST", "path": "/segments"}], operations=[{"method": "POST", "path": "/segments"}],
), ),
base.APIRule( base.APIRule(
name="get_segment", name="get_segment",
check_str=("role:reader and system_scope:all"), check_str=("rule:admin_only"),
description="Get a segment", description="Get a segment",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/segments"}, {"method": "GET", "path": "/segments/{id}"}], operations=[{"method": "GET", "path": "/segments"}, {"method": "GET", "path": "/segments/{id}"}],
), ),
base.APIRule( base.APIRule(
name="update_segment", name="update_segment",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Update a segment", description="Update a segment",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/segments/{id}"}], operations=[{"method": "PUT", "path": "/segments/{id}"}],
), ),
base.APIRule( base.APIRule(
name="delete_segment", name="delete_segment",
check_str=("role:admin and system_scope:all"), check_str=("rule:admin_only"),
description="Delete a segment", description="Delete a segment",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/segments/{id}"}], operations=[{"method": "DELETE", "path": "/segments/{id}"}],

28
tools/post_install.sh
View File

@ -1,19 +1,33 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Install openstack service package set -ex
pip install -U \
keystone \ # Some projects have been DEPRECATED.
openstack-placement \ # panko: https://opendev.org/openstack/panko
INSTALL_DEPRECATED_PROJECTS="panko"
INSTALL_PROJECTS="keystone \
placement \
nova \ nova \
cinder \ cinder \
glance \ glance \
trove \ trove \
neutron neutron-vpnaas \ neutron neutron-vpnaas \
openstack-heat \ heat \
ironic \ ironic \
ironic-inspector \ ironic-inspector \
octavia \ octavia \
panko \
manila \ manila \
magnum \ magnum \
zun zun"
BRANCH=`git rev-parse --abbrev-ref HEAD`
for project in ${INSTALL_PROJECTS}
do
pip install -U git+https://opendev.org/openstack/${project}@${BRANCH}
done
for deprecated_project in ${INSTALL_DEPRECATED_PROJECTS}
do
pip install -U ${deprecated_project}
done