baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Add skyline-policy-manager unit test

Browse Source 
1. Add skyline-policy-manager unit test case and tools
2. Update `setup` method type annotation
3. Move some constants to `skyline_policy_manager.constants`
4. Adjust import to use modules instead of functions
5. Update code format

Change-Id: Ic72e21126de0b16e4d969ad48ce64c57542c4667
This commit is contained in:
Gao Hanxiang 2021-09-22 15:50:49 -04:00 committed by Boxiang Zhu
parent da42ade264
commit 1d14b4067c
23 changed files with 1751 additions and 529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libs/skyline-policy-manager/Makefile
View File

@ -1,4 +1,5 @@
PYTHON ?= python3
PY_FILES := $(shell git ls-files -- *.py | xargs)
.PHONY: all
@ -25,24 +26,24 @@ package:
.PHONY: fmt
fmt:
poetry run isort $$(git ls-files -- **/*.py)
poetry run black --config ../../pyproject.toml $$(git ls-files -- **/*.py)
poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $$(git ls-files -- **/*.py)
poetry run isort $(PY_FILES)
poetry run black --config ../../pyproject.toml $(PY_FILES)
poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $(PY_FILES)
.PHONY: lint
lint:
poetry run mypy --config-file=../../mypy.ini $$(git ls-files -- **/*.py)
poetry run isort --check-only --diff $$(git ls-files -- **/*.py)
poetry run black --check --diff --color --config ../../pyproject.toml $$(git ls-files -- **/*.py)
poetry run flake8 $$(git ls-files -- **/*.py)
# poetry run mypy --strict --config-file=../../mypy.ini $(PY_FILES)
poetry run isort --check-only --diff $(PY_FILES)
poetry run black --check --diff --color --config ../../pyproject.toml $(PY_FILES)
poetry run flake8 --config ../../.flake8 $(PY_FILES)
.PHONY: test
test:
echo TODO
poetry run pytest
.PHONY: clean
clean:
rm -rf .venv dist
rm -rf .venv dist tmp htmlcov .coverage

261
libs/skyline-policy-manager/poetry.lock generated
View File

@ -173,6 +173,17 @@ category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[[package]]
name = "coverage"
version = "5.5"
description = "Code coverage measurement for Python"
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
[package.extras]
toml = ["toml"]
[[package]]
name = "debtcollector"
version = "2.3.0"
@ -477,6 +488,14 @@ category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "mimesis"
version = "4.1.3"
description = "Mimesis: fake data generator."
category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "msgpack"
version = "1.0.2"
@ -977,7 +996,7 @@ WebTest = ">=1.3.1"
[[package]]
name = "platformdirs"
version = "2.3.0"
version = "2.4.0"
description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
category = "dev"
optional = false
@ -1024,17 +1043,6 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
[package.extras]
twisted = ["twisted"]
[[package]]
name = "psutil"
version = "5.8.0"
description = "Cross-platform lib for process and system monitoring in Python."
category = "dev"
optional = false
python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
[package.extras]
test = ["ipaddress", "mock", "unittest2", "enum34", "pywin32", "wmi"]
[[package]]
name = "py"
version = "1.10.0"
@ -1119,6 +1127,22 @@ toml = "*"
[package.extras]
testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"]
[[package]]
name = "pytest-cov"
version = "2.12.1"
description = "Pytest plugin for measuring coverage."
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[package.dependencies]
coverage = ">=5.2.1"
pytest = ">=4.6"
toml = "*"
[package.extras]
testing = ["fields", "hunter", "process-tests", "six", "pytest-xdist", "virtualenv"]
[[package]]
name = "pytest-forked"
version = "1.3.0"
@ -1131,6 +1155,29 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
py = "*"
pytest = ">=3.10"
[[package]]
name = "pytest-html"
version = "3.1.1"
description = "pytest plugin for generating HTML reports"
category = "dev"
optional = false
python-versions = ">=3.6"
[package.dependencies]
pytest = ">=5.0,<6.0.0 || >6.0.0"
pytest-metadata = "*"
[[package]]
name = "pytest-metadata"
version = "1.11.0"
description = "pytest plugin for test session metadata"
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[package.dependencies]
pytest = ">=2.9.0"
[[package]]
name = "pytest-xdist"
version = "2.4.0"
@ -1141,7 +1188,6 @@ python-versions = ">=3.6"
[package.dependencies]
execnet = ">=1.1"
psutil = {version = ">=3.0", optional = true, markers = "extra == \"psutil\""}
pytest = ">=6.0.0"
pytest-forked = "*"
@ -1187,7 +1233,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[[package]]
name = "regex"
version = "2021.8.28"
version = "2021.9.24"
description = "Alternative regular expression module, to replace re."
category = "dev"
optional = false
@ -1584,7 +1630,7 @@ testing = ["pytest (>=4.6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytes
[metadata]
lock-version = "1.1"
python-versions = "^3.8"
content-hash = "0737b8cb1359cd19a07102e508d51d838d1950a26bc2c68bcfd8918de08586ae"
content-hash = "65ef745e584aa6eddb35354f86597f253ad4b0b90a59a933aa84c06c14f45f68"
[metadata.files]
add-trailing-comma = [
@ -1691,6 +1737,60 @@ colorama = [
{file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"},
{file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"},
]
coverage = [
{file = "coverage-5.5-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:b6d534e4b2ab35c9f93f46229363e17f63c53ad01330df9f2d6bd1187e5eaacf"},
{file = "coverage-5.5-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:b7895207b4c843c76a25ab8c1e866261bcfe27bfaa20c192de5190121770672b"},
{file = "coverage-5.5-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:c2723d347ab06e7ddad1a58b2a821218239249a9e4365eaff6649d31180c1669"},
{file = "coverage-5.5-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:900fbf7759501bc7807fd6638c947d7a831fc9fdf742dc10f02956ff7220fa90"},
{file = "coverage-5.5-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:004d1880bed2d97151facef49f08e255a20ceb6f9432df75f4eef018fdd5a78c"},
{file = "coverage-5.5-cp27-cp27m-win32.whl", hash = "sha256:06191eb60f8d8a5bc046f3799f8a07a2d7aefb9504b0209aff0b47298333302a"},
{file = "coverage-5.5-cp27-cp27m-win_amd64.whl", hash = "sha256:7501140f755b725495941b43347ba8a2777407fc7f250d4f5a7d2a1050ba8e82"},
{file = "coverage-5.5-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:372da284cfd642d8e08ef606917846fa2ee350f64994bebfbd3afb0040436905"},
{file = "coverage-5.5-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:8963a499849a1fc54b35b1c9f162f4108017b2e6db2c46c1bed93a72262ed083"},
{file = "coverage-5.5-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:869a64f53488f40fa5b5b9dcb9e9b2962a66a87dab37790f3fcfb5144b996ef5"},
{file = "coverage-5.5-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:4a7697d8cb0f27399b0e393c0b90f0f1e40c82023ea4d45d22bce7032a5d7b81"},
{file = "coverage-5.5-cp310-cp310-macosx_10_14_x86_64.whl", hash = "sha256:8d0a0725ad7c1a0bcd8d1b437e191107d457e2ec1084b9f190630a4fb1af78e6"},
{file = "coverage-5.5-cp310-cp310-manylinux1_x86_64.whl", hash = "sha256:51cb9476a3987c8967ebab3f0fe144819781fca264f57f89760037a2ea191cb0"},
{file = "coverage-5.5-cp310-cp310-win_amd64.whl", hash = "sha256:c0891a6a97b09c1f3e073a890514d5012eb256845c451bd48f7968ef939bf4ae"},
{file = "coverage-5.5-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:3487286bc29a5aa4b93a072e9592f22254291ce96a9fbc5251f566b6b7343cdb"},
{file = "coverage-5.5-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:deee1077aae10d8fa88cb02c845cfba9b62c55e1183f52f6ae6a2df6a2187160"},
{file = "coverage-5.5-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:f11642dddbb0253cc8853254301b51390ba0081750a8ac03f20ea8103f0c56b6"},
{file = "coverage-5.5-cp35-cp35m-manylinux2010_i686.whl", hash = "sha256:6c90e11318f0d3c436a42409f2749ee1a115cd8b067d7f14c148f1ce5574d701"},
{file = "coverage-5.5-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:30c77c1dc9f253283e34c27935fded5015f7d1abe83bc7821680ac444eaf7793"},
{file = "coverage-5.5-cp35-cp35m-win32.whl", hash = "sha256:9a1ef3b66e38ef8618ce5fdc7bea3d9f45f3624e2a66295eea5e57966c85909e"},
{file = "coverage-5.5-cp35-cp35m-win_amd64.whl", hash = "sha256:972c85d205b51e30e59525694670de6a8a89691186012535f9d7dbaa230e42c3"},
{file = "coverage-5.5-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:af0e781009aaf59e25c5a678122391cb0f345ac0ec272c7961dc5455e1c40066"},
{file = "coverage-5.5-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:74d881fc777ebb11c63736622b60cb9e4aee5cace591ce274fb69e582a12a61a"},
{file = "coverage-5.5-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:92b017ce34b68a7d67bd6d117e6d443a9bf63a2ecf8567bb3d8c6c7bc5014465"},
{file = "coverage-5.5-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:d636598c8305e1f90b439dbf4f66437de4a5e3c31fdf47ad29542478c8508bbb"},
{file = "coverage-5.5-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:41179b8a845742d1eb60449bdb2992196e211341818565abded11cfa90efb821"},
{file = "coverage-5.5-cp36-cp36m-win32.whl", hash = "sha256:040af6c32813fa3eae5305d53f18875bedd079960822ef8ec067a66dd8afcd45"},
{file = "coverage-5.5-cp36-cp36m-win_amd64.whl", hash = "sha256:5fec2d43a2cc6965edc0bb9e83e1e4b557f76f843a77a2496cbe719583ce8184"},
{file = "coverage-5.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:18ba8bbede96a2c3dde7b868de9dcbd55670690af0988713f0603f037848418a"},
{file = "coverage-5.5-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:2910f4d36a6a9b4214bb7038d537f015346f413a975d57ca6b43bf23d6563b53"},
{file = "coverage-5.5-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:f0b278ce10936db1a37e6954e15a3730bea96a0997c26d7fee88e6c396c2086d"},
{file = "coverage-5.5-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:796c9c3c79747146ebd278dbe1e5c5c05dd6b10cc3bcb8389dfdf844f3ead638"},
{file = "coverage-5.5-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:53194af30d5bad77fcba80e23a1441c71abfb3e01192034f8246e0d8f99528f3"},
{file = "coverage-5.5-cp37-cp37m-win32.whl", hash = "sha256:184a47bbe0aa6400ed2d41d8e9ed868b8205046518c52464fde713ea06e3a74a"},
{file = "coverage-5.5-cp37-cp37m-win_amd64.whl", hash = "sha256:2949cad1c5208b8298d5686d5a85b66aae46d73eec2c3e08c817dd3513e5848a"},
{file = "coverage-5.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:217658ec7187497e3f3ebd901afdca1af062b42cfe3e0dafea4cced3983739f6"},
{file = "coverage-5.5-cp38-cp38-manylinux1_i686.whl", hash = "sha256:1aa846f56c3d49205c952d8318e76ccc2ae23303351d9270ab220004c580cfe2"},
{file = "coverage-5.5-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:24d4a7de75446be83244eabbff746d66b9240ae020ced65d060815fac3423759"},
{file = "coverage-5.5-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d1f8bf7b90ba55699b3a5e44930e93ff0189aa27186e96071fac7dd0d06a1873"},
{file = "coverage-5.5-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:970284a88b99673ccb2e4e334cfb38a10aab7cd44f7457564d11898a74b62d0a"},
{file = "coverage-5.5-cp38-cp38-win32.whl", hash = "sha256:01d84219b5cdbfc8122223b39a954820929497a1cb1422824bb86b07b74594b6"},
{file = "coverage-5.5-cp38-cp38-win_amd64.whl", hash = "sha256:2e0d881ad471768bf6e6c2bf905d183543f10098e3b3640fc029509530091502"},
{file = "coverage-5.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d1f9ce122f83b2305592c11d64f181b87153fc2c2bbd3bb4a3dde8303cfb1a6b"},
{file = "coverage-5.5-cp39-cp39-manylinux1_i686.whl", hash = "sha256:13c4ee887eca0f4c5a247b75398d4114c37882658300e153113dafb1d76de529"},
{file = "coverage-5.5-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:52596d3d0e8bdf3af43db3e9ba8dcdaac724ba7b5ca3f6358529d56f7a166f8b"},
{file = "coverage-5.5-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2cafbbb3af0733db200c9b5f798d18953b1a304d3f86a938367de1567f4b5bff"},
{file = "coverage-5.5-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:44d654437b8ddd9eee7d1eaee28b7219bec228520ff809af170488fd2fed3e2b"},
{file = "coverage-5.5-cp39-cp39-win32.whl", hash = "sha256:d314ed732c25d29775e84a960c3c60808b682c08d86602ec2c3008e1202e3bb6"},
{file = "coverage-5.5-cp39-cp39-win_amd64.whl", hash = "sha256:13034c4409db851670bc9acd836243aeee299949bd5673e11844befcb0149f03"},
{file = "coverage-5.5-pp36-none-any.whl", hash = "sha256:f030f8873312a16414c0d8e1a1ddff2d3235655a2174e3648b4fa66b3f2f1079"},
{file = "coverage-5.5-pp37-none-any.whl", hash = "sha256:2a3859cb82dcbda1cfd3e6f71c27081d18aa251d20a17d87d26d4cd216fb0af4"},
{file = "coverage-5.5.tar.gz", hash = "sha256:ebe78fe9a0e874362175b02371bdfbee64d8edc42a044253ddf4ee7d3c15212c"},
]
debtcollector = [
{file = "debtcollector-2.3.0-py3-none-any.whl", hash = "sha256:6f1fae29c9091a6f7e8f68da7ec17f3167f98abac13c019968e144108f381b7e"},
{file = "debtcollector-2.3.0.tar.gz", hash = "sha256:c7a9fac814ab5904e23905516b18356cc907e7d27c05da58d37103f001967846"},
@ -1886,6 +1986,9 @@ mccabe = [
{file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
{file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"},
]
mimesis = [
{file = "mimesis-4.1.3.tar.gz", hash = "sha256:90f36c21c1bb9944afc17178eb5868b0c85aa1fe49eb04bcbdafafd1ad4ca2ba"},
]
msgpack = [
{file = "msgpack-1.0.2-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:b6d9e2dae081aa35c44af9c4298de4ee72991305503442a5c74656d82b581fe9"},
{file = "msgpack-1.0.2-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:a99b144475230982aee16b3d249170f1cccebf27fb0a08e9f603b69637a62192"},
@ -2084,8 +2187,8 @@ pecan = [
{file = "pecan-1.4.0.tar.gz", hash = "sha256:4b2acd6802a04b59e306d0a6ccf37701d24376f4dc044bbbafba3afdf9d3389a"},
]
platformdirs = [
{file = "platformdirs-2.3.0-py3-none-any.whl", hash = "sha256:8003ac87717ae2c7ee1ea5a84a1a61e87f3fbd16eb5aadba194ea30a9019f648"},
{file = "platformdirs-2.3.0.tar.gz", hash = "sha256:15b056538719b1c94bdaccb29e5f81879c7f7f0f4a153f46086d155dffcd4f0f"},
{file = "platformdirs-2.4.0-py3-none-any.whl", hash = "sha256:8868bbe3c3c80d42f20156f22e7131d2fb321f5bc86a2a345375c6481a67021d"},
{file = "platformdirs-2.4.0.tar.gz", hash = "sha256:367a5e80b3d04d2428ffa76d33f124cf11e8fff2acdaa9b43d545f5c7d661ef2"},
]
pluggy = [
{file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"},
@ -2099,36 +2202,6 @@ prometheus-client = [
{file = "prometheus_client-0.11.0-py2.py3-none-any.whl", hash = "sha256:b014bc76815eb1399da8ce5fc84b7717a3e63652b0c0f8804092c9363acab1b2"},
{file = "prometheus_client-0.11.0.tar.gz", hash = "sha256:3a8baade6cb80bcfe43297e33e7623f3118d660d41387593758e2fb1ea173a86"},
]
psutil = [
{file = "psutil-5.8.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64"},
{file = "psutil-5.8.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c"},
{file = "psutil-5.8.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df"},
{file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131"},
{file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60"},
{file = "psutil-5.8.0-cp27-none-win32.whl", hash = "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876"},
{file = "psutil-5.8.0-cp27-none-win_amd64.whl", hash = "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65"},
{file = "psutil-5.8.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8"},
{file = "psutil-5.8.0-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6"},
{file = "psutil-5.8.0-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac"},
{file = "psutil-5.8.0-cp36-cp36m-win32.whl", hash = "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2"},
{file = "psutil-5.8.0-cp36-cp36m-win_amd64.whl", hash = "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d"},
{file = "psutil-5.8.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935"},
{file = "psutil-5.8.0-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d"},
{file = "psutil-5.8.0-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023"},
{file = "psutil-5.8.0-cp37-cp37m-win32.whl", hash = "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394"},
{file = "psutil-5.8.0-cp37-cp37m-win_amd64.whl", hash = "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563"},
{file = "psutil-5.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef"},
{file = "psutil-5.8.0-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28"},
{file = "psutil-5.8.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b"},
{file = "psutil-5.8.0-cp38-cp38-win32.whl", hash = "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d"},
{file = "psutil-5.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d"},
{file = "psutil-5.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7"},
{file = "psutil-5.8.0-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4"},
{file = "psutil-5.8.0-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b"},
{file = "psutil-5.8.0-cp39-cp39-win32.whl", hash = "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0"},
{file = "psutil-5.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3"},
{file = "psutil-5.8.0.tar.gz", hash = "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6"},
]
py = [
{file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"},
{file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"},
@ -2180,10 +2253,22 @@ pytest = [
{file = "pytest-6.2.5-py3-none-any.whl", hash = "sha256:7310f8d27bc79ced999e760ca304d69f6ba6c6649c0b60fb0e04a4a77cacc134"},
{file = "pytest-6.2.5.tar.gz", hash = "sha256:131b36680866a76e6781d13f101efb86cf674ebb9762eb70d3082b6f29889e89"},
]
pytest-cov = [
{file = "pytest-cov-2.12.1.tar.gz", hash = "sha256:261ceeb8c227b726249b376b8526b600f38667ee314f910353fa318caa01f4d7"},
{file = "pytest_cov-2.12.1-py2.py3-none-any.whl", hash = "sha256:261bb9e47e65bd099c89c3edf92972865210c36813f80ede5277dceb77a4a62a"},
]
pytest-forked = [
{file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"},
{file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"},
]
pytest-html = [
{file = "pytest-html-3.1.1.tar.gz", hash = "sha256:3ee1cf319c913d19fe53aeb0bc400e7b0bc2dbeb477553733db1dad12eb75ee3"},
{file = "pytest_html-3.1.1-py3-none-any.whl", hash = "sha256:b7f82f123936a3f4d2950bc993c2c1ca09ce262c9ae12f9ac763a2401380b455"},
]
pytest-metadata = [
{file = "pytest-metadata-1.11.0.tar.gz", hash = "sha256:71b506d49d34e539cc3cfdb7ce2c5f072bea5c953320002c95968e0238f8ecf1"},
{file = "pytest_metadata-1.11.0-py2.py3-none-any.whl", hash = "sha256:576055b8336dd4a9006dd2a47615f76f2f8c30ab12b1b1c039d99e834583523f"},
]
pytest-xdist = [
{file = "pytest-xdist-2.4.0.tar.gz", hash = "sha256:89b330316f7fc475f999c81b577c2b926c9569f3d397ae432c0c2e2496d61ff9"},
{file = "pytest_xdist-2.4.0-py3-none-any.whl", hash = "sha256:7b61ebb46997a0820a263553179d6d1e25a8c50d8a8620cd1aa1e20e3be99168"},
@ -2240,47 +2325,47 @@ pyyaml = [
{file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"},
]
regex = [
{file = "regex-2021.8.28-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:9d05ad5367c90814099000442b2125535e9d77581855b9bee8780f1b41f2b1a2"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f3bf1bc02bc421047bfec3343729c4bbbea42605bcfd6d6bfe2c07ade8b12d2a"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5f6a808044faae658f546dd5f525e921de9fa409de7a5570865467f03a626fc0"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:a617593aeacc7a691cc4af4a4410031654f2909053bd8c8e7db837f179a630eb"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:79aef6b5cd41feff359acaf98e040844613ff5298d0d19c455b3d9ae0bc8c35a"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:0fc1f8f06977c2d4f5e3d3f0d4a08089be783973fc6b6e278bde01f0544ff308"},
{file = "regex-2021.8.28-cp310-cp310-win32.whl", hash = "sha256:6eebf512aa90751d5ef6a7c2ac9d60113f32e86e5687326a50d7686e309f66ed"},
{file = "regex-2021.8.28-cp310-cp310-win_amd64.whl", hash = "sha256:ac88856a8cbccfc14f1b2d0b829af354cc1743cb375e7f04251ae73b2af6adf8"},
{file = "regex-2021.8.28-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:c206587c83e795d417ed3adc8453a791f6d36b67c81416676cad053b4104152c"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e8690ed94481f219a7a967c118abaf71ccc440f69acd583cab721b90eeedb77c"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:328a1fad67445550b982caa2a2a850da5989fd6595e858f02d04636e7f8b0b13"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:c7cb4c512d2d3b0870e00fbbac2f291d4b4bf2634d59a31176a87afe2777c6f0"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:66256b6391c057305e5ae9209941ef63c33a476b73772ca967d4a2df70520ec1"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8e44769068d33e0ea6ccdf4b84d80c5afffe5207aa4d1881a629cf0ef3ec398f"},
{file = "regex-2021.8.28-cp36-cp36m-win32.whl", hash = "sha256:08d74bfaa4c7731b8dac0a992c63673a2782758f7cfad34cf9c1b9184f911354"},
{file = "regex-2021.8.28-cp36-cp36m-win_amd64.whl", hash = "sha256:abb48494d88e8a82601af905143e0de838c776c1241d92021e9256d5515b3645"},
{file = "regex-2021.8.28-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b4c220a1fe0d2c622493b0a1fd48f8f991998fb447d3cd368033a4b86cf1127a"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d4a332404baa6665b54e5d283b4262f41f2103c255897084ec8f5487ce7b9e8e"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c61dcc1cf9fd165127a2853e2c31eb4fb961a4f26b394ac9fe5669c7a6592892"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:ee329d0387b5b41a5dddbb6243a21cb7896587a651bebb957e2d2bb8b63c0791"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f60667673ff9c249709160529ab39667d1ae9fd38634e006bec95611f632e759"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b844fb09bd9936ed158ff9df0ab601e2045b316b17aa8b931857365ea8586906"},
{file = "regex-2021.8.28-cp37-cp37m-win32.whl", hash = "sha256:4cde065ab33bcaab774d84096fae266d9301d1a2f5519d7bd58fc55274afbf7a"},
{file = "regex-2021.8.28-cp37-cp37m-win_amd64.whl", hash = "sha256:1413b5022ed6ac0d504ba425ef02549a57d0f4276de58e3ab7e82437892704fc"},
{file = "regex-2021.8.28-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ed4b50355b066796dacdd1cf538f2ce57275d001838f9b132fab80b75e8c84dd"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:28fc475f560d8f67cc8767b94db4c9440210f6958495aeae70fac8faec631797"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bdc178caebd0f338d57ae445ef8e9b737ddf8fbc3ea187603f65aec5b041248f"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:999ad08220467b6ad4bd3dd34e65329dd5d0df9b31e47106105e407954965256"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:808ee5834e06f57978da3e003ad9d6292de69d2bf6263662a1a8ae30788e080b"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:d5111d4c843d80202e62b4fdbb4920db1dcee4f9366d6b03294f45ed7b18b42e"},
{file = "regex-2021.8.28-cp38-cp38-win32.whl", hash = "sha256:473858730ef6d6ff7f7d5f19452184cd0caa062a20047f6d6f3e135a4648865d"},
{file = "regex-2021.8.28-cp38-cp38-win_amd64.whl", hash = "sha256:31a99a4796bf5aefc8351e98507b09e1b09115574f7c9dbb9cf2111f7220d2e2"},
{file = "regex-2021.8.28-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:04f6b9749e335bb0d2f68c707f23bb1773c3fb6ecd10edf0f04df12a8920d468"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b006628fe43aa69259ec04ca258d88ed19b64791693df59c422b607b6ece8bb"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:121f4b3185feaade3f85f70294aef3f777199e9b5c0c0245c774ae884b110a2d"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:a577a21de2ef8059b58f79ff76a4da81c45a75fe0bfb09bc8b7bb4293fa18983"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1743345e30917e8c574f273f51679c294effba6ad372db1967852f12c76759d8"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:e1e8406b895aba6caa63d9fd1b6b1700d7e4825f78ccb1e5260551d168db38ed"},
{file = "regex-2021.8.28-cp39-cp39-win32.whl", hash = "sha256:ed283ab3a01d8b53de3a05bfdf4473ae24e43caee7dcb5584e86f3f3e5ab4374"},
{file = "regex-2021.8.28-cp39-cp39-win_amd64.whl", hash = "sha256:610b690b406653c84b7cb6091facb3033500ee81089867ee7d59e675f9ca2b73"},
{file = "regex-2021.8.28.tar.gz", hash = "sha256:f585cbbeecb35f35609edccb95efd95a3e35824cd7752b586503f7e6087303f1"},
{file = "regex-2021.9.24-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0628ed7d6334e8f896f882a5c1240de8c4d9b0dd7c7fb8e9f4692f5684b7d656"},
{file = "regex-2021.9.24-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3baf3eaa41044d4ced2463fd5d23bf7bd4b03d68739c6c99a59ce1f95599a673"},
{file = "regex-2021.9.24-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c000635fd78400a558bd7a3c2981bb2a430005ebaa909d31e6e300719739a949"},
{file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:295bc8a13554a25ad31e44c4bedabd3c3e28bba027e4feeb9bb157647a2344a7"},
{file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b0e3f59d3c772f2c3baaef2db425e6fc4149d35a052d874bb95ccfca10a1b9f4"},
{file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:aea4006b73b555fc5bdb650a8b92cf486d678afa168cf9b38402bb60bf0f9c18"},
{file = "regex-2021.9.24-cp310-cp310-win32.whl", hash = "sha256:09eb62654030f39f3ba46bc6726bea464069c29d00a9709e28c9ee9623a8da4a"},
{file = "regex-2021.9.24-cp310-cp310-win_amd64.whl", hash = "sha256:8d80087320632457aefc73f686f66139801959bf5b066b4419b92be85be3543c"},
{file = "regex-2021.9.24-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:7e3536f305f42ad6d31fc86636c54c7dafce8d634e56fef790fbacb59d499dd5"},
{file = "regex-2021.9.24-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c31f35a984caffb75f00a86852951a337540b44e4a22171354fb760cefa09346"},
{file = "regex-2021.9.24-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9c7cb25adba814d5f419733fe565f3289d6fa629ab9e0b78f6dff5fa94ab0456"},
{file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:85c61bee5957e2d7be390392feac7e1d7abd3a49cbaed0c8cee1541b784c8561"},
{file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c94722bf403b8da744b7d0bb87e1f2529383003ceec92e754f768ef9323f69ad"},
{file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:6adc1bd68f81968c9d249aab8c09cdc2cbe384bf2d2cb7f190f56875000cdc72"},
{file = "regex-2021.9.24-cp36-cp36m-win32.whl", hash = "sha256:2054dea683f1bda3a804fcfdb0c1c74821acb968093d0be16233873190d459e3"},
{file = "regex-2021.9.24-cp36-cp36m-win_amd64.whl", hash = "sha256:7783d89bd5413d183a38761fbc68279b984b9afcfbb39fa89d91f63763fbfb90"},
{file = "regex-2021.9.24-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b15dc34273aefe522df25096d5d087abc626e388a28a28ac75a4404bb7668736"},
{file = "regex-2021.9.24-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:10a7a9cbe30bd90b7d9a1b4749ef20e13a3528e4215a2852be35784b6bd070f0"},
{file = "regex-2021.9.24-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fb9f5844db480e2ef9fce3a72e71122dd010ab7b2920f777966ba25f7eb63819"},
{file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:17310b181902e0bb42b29c700e2c2346b8d81f26e900b1328f642e225c88bce1"},
{file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0bba1f6df4eafe79db2ecf38835c2626dbd47911e0516f6962c806f83e7a99ae"},
{file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:821e10b73e0898544807a0692a276e539e5bafe0a055506a6882814b6a02c3ec"},
{file = "regex-2021.9.24-cp37-cp37m-win32.whl", hash = "sha256:9c371dd326289d85906c27ec2bc1dcdedd9d0be12b543d16e37bad35754bde48"},
{file = "regex-2021.9.24-cp37-cp37m-win_amd64.whl", hash = "sha256:1e8d1898d4fb817120a5f684363b30108d7b0b46c7261264b100d14ec90a70e7"},
{file = "regex-2021.9.24-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:8a5c2250c0a74428fd5507ae8853706fdde0f23bfb62ee1ec9418eeacf216078"},
{file = "regex-2021.9.24-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8aec4b4da165c4a64ea80443c16e49e3b15df0f56c124ac5f2f8708a65a0eddc"},
{file = "regex-2021.9.24-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:650c4f1fc4273f4e783e1d8e8b51a3e2311c2488ba0fcae6425b1e2c248a189d"},
{file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:2cdb3789736f91d0b3333ac54d12a7e4f9efbc98f53cb905d3496259a893a8b3"},
{file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e61100200fa6ab7c99b61476f9f9653962ae71b931391d0264acfb4d9527d9c"},
{file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8c268e78d175798cd71d29114b0a1f1391c7d011995267d3b62319ec1a4ecaa1"},
{file = "regex-2021.9.24-cp38-cp38-win32.whl", hash = "sha256:658e3477676009083422042c4bac2bdad77b696e932a3de001c42cc046f8eda2"},
{file = "regex-2021.9.24-cp38-cp38-win_amd64.whl", hash = "sha256:a731552729ee8ae9c546fb1c651c97bf5f759018fdd40d0e9b4d129e1e3a44c8"},
{file = "regex-2021.9.24-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:86f9931eb92e521809d4b64ec8514f18faa8e11e97d6c2d1afa1bcf6c20a8eab"},
{file = "regex-2021.9.24-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dcbbc9cfa147d55a577d285fd479b43103188855074552708df7acc31a476dd9"},
{file = "regex-2021.9.24-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:29385c4dbb3f8b3a55ce13de6a97a3d21bd00de66acd7cdfc0b49cb2f08c906c"},
{file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:c50a6379763c733562b1fee877372234d271e5c78cd13ade5f25978aa06744db"},
{file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6f74b6d8f59f3cfb8237e25c532b11f794b96f5c89a6f4a25857d85f84fbef11"},
{file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:6c4d83d21d23dd854ffbc8154cf293f4e43ba630aa9bd2539c899343d7f59da3"},
{file = "regex-2021.9.24-cp39-cp39-win32.whl", hash = "sha256:95e89a8558c8c48626dcffdf9c8abac26b7c251d352688e7ab9baf351e1c7da6"},
{file = "regex-2021.9.24-cp39-cp39-win_amd64.whl", hash = "sha256:835962f432bce92dc9bf22903d46c50003c8d11b1dc64084c8fae63bca98564a"},
{file = "regex-2021.9.24.tar.gz", hash = "sha256:6266fde576e12357b25096351aac2b4b880b0066263e7bc7a9a1b4307991bb0e"},
]
"repoze.lru" = [
{file = "repoze.lru-0.7-py3-none-any.whl", hash = "sha256:f77bf0e1096ea445beadd35f3479c5cff2aa1efe604a133e67150bc8630a62ea"},

17
libs/skyline-policy-manager/pyproject.toml
View File

@ -19,11 +19,24 @@ black = "^21.5b1"
add-trailing-comma = "*"
flake8 = "*"
mypy = "*"
pytest = "*"
pytest-xdist = {extras = ["psutil"], version = "*"}
skyline-log = {path = "../skyline-log", develop = true}
"oslo.log" = "*"
neutron-lib = "*"
pytest = "*"
pytest-xdist = "*"
mimesis = "*"
pytest-cov = "*"
pytest-html = "*"
[tool.pytest.ini_options]
minversion = "6.0"
addopts = "-v -s -p no:cacheprovider -n auto --cov=skyline_policy_manager --cov-append --cov-report=term-missing --cov-report=html"
testpaths = [
"tests",
]
markers = [
"ddt(*args: TestData): Mark the test as a data-driven test."
]
[tool.poetry.scripts]
skyline-policy-manager = "skyline_policy_manager.cmd.manage:main"

34
libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py
View File

@ -15,7 +15,7 @@
from __future__ import annotations
import json
from importlib.metadata import entry_points
from importlib import metadata
from logging import StreamHandler
from pathlib import Path
from typing import Callable, Dict, Iterable, List, Union
@ -23,25 +23,11 @@ from typing import Callable, Dict, Iterable, List, Union
import click
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore
from skyline_log import LOG, setup as log_setup
from skyline_policy_manager import constants
from skyline_policy_manager.policies import get_service_rules
from skyline_policy_manager.policies.base import APIRule, Rule
DEBUG = False
POLICY_NS = "oslo.policy.policies"
SUPPORTED_SERVICE_EPS = {
# openstack_service: [<entry_point_name>, <entry_point_name>,]
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"ironic": ["ironic.api", "ironic_inspector.api"],
"keystone": ["keystone"],
"neutron": ["neutron", "neutron-vpnaas"],
"nova": ["nova"],
"octavia": ["octavia"],
"panko": ["panko"],
"placement": ["placement"],
}
OSRules = Iterable[Union[DocumentedRuleDefault, RuleDefault]]
@ -50,7 +36,7 @@ def load_list_rules_funcs(
namespace: str,
service_eps: Dict[str, List[str]],
) -> Dict[str, Callable[[], OSRules]]:
eps = set(entry_points()[namespace])
eps = set(metadata.entry_points()[namespace])
supported_eps = set()
for ep_names in service_eps.values():
supported_eps.update(ep_names)
@ -58,7 +44,7 @@ def load_list_rules_funcs(
def load_list_rules_func(namespace: str, service_ep: str) -> Union[None, Callable[[], OSRules]]:
eps = set(entry_points()[namespace])
eps = set(metadata.entry_points()[namespace])
for ep in eps:
if ep.name == service_ep:
return ep.load()
@ -106,10 +92,10 @@ def policy_manager(debug: bool) -> None:
@click.command(help="Generate sample policy yaml file.")
@click.option("--dir", help='Directory of policy file.(default: "./tmp")', default="./tmp")
def generate_sample(dir: str) -> None:
list_rules_funcs = load_list_rules_funcs(POLICY_NS, SUPPORTED_SERVICE_EPS)
list_rules_funcs = load_list_rules_funcs(constants.POLICY_NS, constants.SUPPORTED_SERVICE_EPS)
rule_map = {}
for service, eps in SUPPORTED_SERVICE_EPS.items():
for service, eps in constants.SUPPORTED_SERVICE_EPS.items():
rules = []
api_rules = []
for ep in eps:
@ -156,7 +142,7 @@ def generate_conf(dir: str, desc: str) -> None:
@click.command(help="Generate service rule code.")
@click.argument("entry_point")
def generate_rule(entry_point: str) -> None:
ep_rules_func = load_list_rules_func(POLICY_NS, entry_point)
ep_rules_func = load_list_rules_func(constants.POLICY_NS, entry_point)
if ep_rules_func is None:
raise Exception(
f"Not found entry point '{entry_point}' in oslo.policy.policies namespace.",
@ -226,10 +212,10 @@ __all__ = ("list_rules",)
@click.command(help="Validate all policy rules.")
@click.option("--diff", help="Output policy rule diff info.", is_flag=True, default=False)
def validate(diff: bool) -> None:
list_rules_funcs = load_list_rules_funcs(POLICY_NS, SUPPORTED_SERVICE_EPS)
list_rules_funcs = load_list_rules_funcs(constants.POLICY_NS, constants.SUPPORTED_SERVICE_EPS)
os_rule_map = {}
for service, eps in SUPPORTED_SERVICE_EPS.items():
for service, eps in constants.SUPPORTED_SERVICE_EPS.items():
service_rules = {}
for ep in eps:
ep_rules = list_rules_funcs.get(ep, lambda: [])()
@ -276,7 +262,7 @@ def validate(diff: bool) -> None:
LOG.info("Validate policy completed")
def main():
def main() -> None:
policy_manager.add_command(generate_sample)
policy_manager.add_command(generate_conf)
policy_manager.add_command(generate_rule)

29
libs/skyline-policy-manager/skyline_policy_manager/constants.py Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
POLICY_NS = "oslo.policy.policies"
SUPPORTED_SERVICE_EPS = {
# openstack_service: [<entry_point_name>, <entry_point_name>,]
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"ironic": ["ironic.api", "ironic_inspector.api"],
"keystone": ["keystone"],
"neutron": ["neutron", "neutron-vpnaas"],
"nova": ["nova"],
"octavia": ["octavia"],
"panko": ["panko"],
"placement": ["placement"],
}

1
libs/skyline-policy-manager/skyline_policy_manager/policies/base.py
View File

@ -18,7 +18,6 @@ from typing import List
from oslo_policy import _parser # type: ignore
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore
from skyline_policy_manager.schema import Operation, OperationsSchema, ScopeTypesSchema

39
libs/skyline-policy-manager/skyline_policy_manager/policies/cinder.py
View File

@ -66,7 +66,7 @@ list_rules = (
description="Mark a volume attachment process as completed (in-use)",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"}
{"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"},
],
),
base.APIRule(
@ -251,7 +251,7 @@ list_rules = (
description="Reset status of a snapshot.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"}
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"},
],
),
base.APIRule(
@ -261,7 +261,10 @@ list_rules = (
description="Update database fields of snapshot.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (update_snapshot_status)"}
{
"method": "POST",
"path": "/snapshots/{snapshot_id}/action (update_snapshot_status)",
},
],
),
base.APIRule(
@ -271,7 +274,7 @@ list_rules = (
description="Force delete a snapshot.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"}
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"},
],
),
base.APIRule(
@ -566,7 +569,7 @@ list_rules = (
description="Reset status of group snapshot.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"}
{"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"},
],
),
base.APIRule(
@ -606,7 +609,7 @@ list_rules = (
description="Disable replication.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"}
{"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"},
],
),
base.APIRule(
@ -618,7 +621,7 @@ list_rules = (
description="Fail over replication.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"}
{"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"},
],
),
base.APIRule(
@ -630,7 +633,7 @@ list_rules = (
description="List failover replication.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"}
{"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"},
],
),
base.APIRule(
@ -1023,7 +1026,7 @@ list_rules = (
description="Update a volume's readonly flag.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"},
],
),
base.APIRule(
@ -1041,7 +1044,7 @@ list_rules = (
description="Upload a volume to image with public visibility.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"},
],
),
base.APIRule(
@ -1053,7 +1056,7 @@ list_rules = (
description="Upload a volume to image.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"},
],
),
base.APIRule(
@ -1071,7 +1074,7 @@ list_rules = (
description="migrate a volume to a specified host.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"},
],
),
base.APIRule(
@ -1084,7 +1087,7 @@ list_rules = (
{
"method": "POST",
"path": "/volumes/{volume_id}/action (os-migrate_volume_completion)",
}
},
],
),
base.APIRule(
@ -1096,7 +1099,7 @@ list_rules = (
description="Initialize volume attachment.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"},
],
),
base.APIRule(
@ -1108,7 +1111,7 @@ list_rules = (
description="Terminate volume attachment.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"},
],
),
base.APIRule(
@ -1120,7 +1123,7 @@ list_rules = (
description="Roll back volume status to 'in-use'.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"},
],
),
base.APIRule(
@ -1152,7 +1155,7 @@ list_rules = (
description="Begin detach volumes.",
scope_types=["project"],
operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"}
{"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"},
],
),
base.APIRule(
@ -1351,7 +1354,7 @@ list_rules = (
description="Delete type extra specs.",
scope_types=["project"],
operations=[
{"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}
{"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"},
],
),
base.APIRule(

15
libs/skyline-policy-manager/skyline_policy_manager/policies/glance.py
View File

@ -176,7 +176,9 @@ list_rules = (
),
base.APIRule(
name="get_image",
check_str=("role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"),
check_str=(
'role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s))'
),
basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"),
description="Get specified image",
scope_types=["system", "project"],
@ -216,7 +218,9 @@ list_rules = (
),
base.APIRule(
name="download_image",
check_str=("role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"),
check_str=(
'role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s))'
),
basic_check_str=("role:admin or role:admin or role:member"),
description="Downloads given image",
scope_types=["system", "project"],
@ -356,7 +360,12 @@ list_rules = (
basic_check_str=("!"),
description="\n#This is a generic blanket policy for protecting all task APIs. It is not\n#granular and will not allow you to separate writable and readable task\n#operations into different roles.\n#",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}, {"method": "GET", "path": "/v2/tasks"}, {"method": "POST", "path": "/v2/tasks"}, {"method": "DELETE", "path": "/v2/tasks/{task_id}"}],
operations=[
{"method": "GET", "path": "/v2/tasks/{task_id}"},
{"method": "GET", "path": "/v2/tasks"},
{"method": "POST", "path": "/v2/tasks"},
{"method": "DELETE", "path": "/v2/tasks/{task_id}"},
],
),
)

658
libs/skyline-policy-manager/skyline_policy_manager/policies/heat.py
View File

File diff suppressed because it is too large Load Diff

416
libs/skyline-policy-manager/skyline_policy_manager/policies/ironic.py
View File

@ -25,7 +25,9 @@ list_rules = (
),
base.Rule(
name="is_member",
check_str=("(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"),
check_str=(
"(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"
),
description="May be used to restrict access to specific projects",
),
base.Rule(
@ -67,7 +69,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Node records, filtered by an explicit owner or the client project_id",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}],
operations=[
{"method": "GET", "path": "/nodes"},
{"method": "GET", "path": "/nodes/detail"},
],
),
base.APIRule(
name="baremetal:node:list_all",
@ -75,11 +80,16 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Node records",
scope_types=["system"],
operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}],
operations=[
{"method": "GET", "path": "/nodes"},
{"method": "GET", "path": "/nodes/detail"},
],
),
base.APIRule(
name="baremetal:node:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve a single Node record",
scope_types=["system", "project"],
@ -95,7 +105,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get:last_error",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Governs if the node last_error field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"],
@ -103,7 +115,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get:reservation",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Governs if the node reservation field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"],
@ -111,7 +125,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get:driver_internal_info",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Governs if the node driver_internal_info field is masked from API clients with insufficent privileges.",
scope_types=["system", "project"],
@ -119,7 +135,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get:driver_info",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Governs if the driver_info field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"],
@ -127,7 +145,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:driver_info",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node driver_info field can be updated via the API clients.",
scope_types=["system", "project"],
@ -135,7 +155,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:properties",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node properties field can be updated via the API clients.",
scope_types=["system", "project"],
@ -151,7 +173,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:instance_uuid",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node instance_uuid field can be updated via the API clients.",
scope_types=["system", "project"],
@ -159,7 +183,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:lessee",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node lessee field can be updated via the API clients.",
scope_types=["system", "project"],
@ -175,7 +201,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:driver_interfaces",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node driver and driver interfaces field can be updated via the API clients.",
scope_types=["system", "project"],
@ -183,7 +211,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:network_data",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node driver_info field can be updated via the API clients.",
scope_types=["system", "project"],
@ -199,7 +229,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:name",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node name field can be updated via the API clients.",
scope_types=["system", "project"],
@ -207,7 +239,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update:retired",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Governs if node retired and retired reason can be updated by API clients.",
scope_types=["system", "project"],
@ -215,7 +249,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"),
description="Generalized update of node records",
scope_types=["system", "project"],
@ -223,7 +259,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update_extra",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"),
description="Update Node extra field",
scope_types=["system", "project"],
@ -231,7 +269,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:update_instance_info",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Update Node instance_info field",
scope_types=["system", "project"],
@ -255,7 +295,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:validate",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Request active validation of Nodes",
scope_types=["system", "project"],
@ -263,7 +305,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:set_maintenance",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Set maintenance flag, taking a Node out of service",
scope_types=["system", "project"],
@ -271,7 +315,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:clear_maintenance",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Clear maintenance flag, placing the Node into service again",
scope_types=["system", "project"],
@ -279,15 +325,22 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get_boot_device",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Node boot device metadata",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"}, {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"}],
operations=[
{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"},
{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"},
],
),
base.APIRule(
name="baremetal:node:set_boot_device",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Change Node boot device",
scope_types=["system", "project"],
@ -295,23 +348,40 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get_indicator_state",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Node indicators and their states",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}, {"method": "GET", "path": "/nodes/{node_ident}/management/indicators"}],
operations=[
{
"method": "GET",
"path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}",
},
{"method": "GET", "path": "/nodes/{node_ident}/management/indicators"},
],
),
base.APIRule(
name="baremetal:node:set_indicator_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Change Node indicator state",
scope_types=["system", "project"],
operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}],
operations=[
{
"method": "PUT",
"path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}",
},
],
),
base.APIRule(
name="baremetal:node:inject_nmi",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Inject NMI for a node",
scope_types=["system", "project"],
@ -319,7 +389,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get_states",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="View Node power and provision state",
scope_types=["system", "project"],
@ -327,7 +399,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:set_power_state",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"),
description="Change Node power status",
scope_types=["system", "project"],
@ -335,7 +409,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:set_provision_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Change Node provision status",
scope_types=["system", "project"],
@ -343,7 +419,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:set_raid_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Change Node RAID status",
scope_types=["system", "project"],
@ -351,7 +429,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:get_console",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Get Node console connection information",
scope_types=["system", "project"],
@ -359,7 +439,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:set_console_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Change Node console status",
scope_types=["system", "project"],
@ -367,7 +449,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:vif:list",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"),
description="List VIFs attached to node",
scope_types=["system", "project"],
@ -375,7 +459,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:vif:attach",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Attach a VIF to a node",
scope_types=["system", "project"],
@ -383,7 +469,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:vif:detach",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Detach a VIF from a node",
scope_types=["system", "project"],
@ -391,7 +479,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:traits:list",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="List node traits",
scope_types=["system", "project"],
@ -399,27 +489,42 @@ list_rules = (
),
base.APIRule(
name="baremetal:node:traits:set",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Add a trait to, or replace all traits of, a node",
scope_types=["system", "project"],
operations=[{"method": "PUT", "path": "/nodes/{node_ident}/traits"}, {"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"}],
operations=[
{"method": "PUT", "path": "/nodes/{node_ident}/traits"},
{"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"},
],
),
base.APIRule(
name="baremetal:node:traits:delete",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Remove one or all traits from a node",
scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/traits"}, {"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"}],
operations=[
{"method": "DELETE", "path": "/nodes/{node_ident}/traits"},
{"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"},
],
),
base.APIRule(
name="baremetal:node:bios:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Node BIOS information",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/bios"}, {"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"}],
operations=[
{"method": "GET", "path": "/nodes/{node_ident}/bios"},
{"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"},
],
),
base.APIRule(
name="baremetal:node:disable_cleaning",
@ -431,11 +536,19 @@ list_rules = (
),
base.APIRule(
name="baremetal:port:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Port records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports/{port_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/ports"}, {"method": "GET", "path": "/nodes/{node_ident}/ports/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"}],
operations=[
{"method": "GET", "path": "/ports/{port_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/ports"},
{"method": "GET", "path": "/nodes/{node_ident}/ports/detail"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"},
],
),
base.APIRule(
name="baremetal:port:list",
@ -443,7 +556,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records, filtered by owner",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}],
operations=[
{"method": "GET", "path": "/ports"},
{"method": "GET", "path": "/ports/detail"},
],
),
base.APIRule(
name="baremetal:port:list_all",
@ -451,11 +567,16 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}],
operations=[
{"method": "GET", "path": "/ports"},
{"method": "GET", "path": "/ports/detail"},
],
),
base.APIRule(
name="baremetal:port:create",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Create Port records",
scope_types=["system", "project"],
@ -463,7 +584,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:port:delete",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Delete Port records",
scope_types=["system", "project"],
@ -471,7 +594,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:port:update",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Update Port records",
scope_types=["system", "project"],
@ -479,15 +604,25 @@ list_rules = (
),
base.APIRule(
name="baremetal:portgroup:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Portgroup records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"}],
operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}"},
{"method": "GET", "path": "/nodes/{node_ident}/portgroups"},
{"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"},
],
),
base.APIRule(
name="baremetal:portgroup:create",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Create Portgroup records",
scope_types=["system", "project"],
@ -495,7 +630,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:portgroup:delete",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Delete Portgroup records",
scope_types=["system", "project"],
@ -503,7 +640,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:portgroup:update",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"),
description="Update Portgroup records",
scope_types=["system", "project"],
@ -515,7 +654,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records, filtered by owner",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}],
operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
],
),
base.APIRule(
name="baremetal:portgroup:list_all",
@ -523,7 +665,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}],
operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
],
),
base.APIRule(
name="baremetal:chassis:get",
@ -531,7 +676,11 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve Chassis records",
scope_types=["system"],
operations=[{"method": "GET", "path": "/chassis"}, {"method": "GET", "path": "/chassis/detail"}, {"method": "GET", "path": "/chassis/{chassis_id}"}],
operations=[
{"method": "GET", "path": "/chassis"},
{"method": "GET", "path": "/chassis/detail"},
{"method": "GET", "path": "/chassis/{chassis_id}"},
],
),
base.APIRule(
name="baremetal:chassis:create",
@ -563,7 +712,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="View list of available drivers",
scope_types=["system"],
operations=[{"method": "GET", "path": "/drivers"}, {"method": "GET", "path": "/drivers/{driver_name}"}],
operations=[
{"method": "GET", "path": "/drivers"},
{"method": "GET", "path": "/drivers/{driver_name}"},
],
),
base.APIRule(
name="baremetal:driver:get_properties",
@ -579,7 +731,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="View driver-specific RAID metadata",
scope_types=["system"],
operations=[{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"}],
operations=[
{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"},
],
),
base.APIRule(
name="baremetal:node:vendor_passthru",
@ -587,7 +741,20 @@ list_rules = (
basic_check_str=("role:admin"),
description="Access vendor-specific Node functions",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"}, {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}],
operations=[
{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"},
{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{
"method": "PATCH",
"path": "nodes/{node_ident}/vendor_passthru?method={method_name}",
},
{
"method": "DELETE",
"path": "nodes/{node_ident}/vendor_passthru?method={method_name}",
},
],
),
base.APIRule(
name="baremetal:driver:vendor_passthru",
@ -595,7 +762,29 @@ list_rules = (
basic_check_str=("role:admin"),
description="Access vendor-specific Driver functions",
scope_types=["system"],
operations=[{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"}, {"method": "GET", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}],
operations=[
{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"},
{
"method": "GET",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "PUT",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "POST",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "PATCH",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "DELETE",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
],
),
base.APIRule(
name="baremetal:node:ipa_heartbeat",
@ -619,7 +808,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve a list of all Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}],
operations=[
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
),
base.APIRule(
name="baremetal:volume:list",
@ -627,39 +821,70 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve a list of Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}],
operations=[
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
),
base.APIRule(
name="baremetal:volume:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume"}, {"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/volume"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}],
operations=[
{"method": "GET", "path": "/volume"},
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/volume/targets/{volume_target_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/volume"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
),
base.APIRule(
name="baremetal:volume:create",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Create Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "POST", "path": "/volume/connectors"}, {"method": "POST", "path": "/volume/targets"}],
operations=[
{"method": "POST", "path": "/volume/connectors"},
{"method": "POST", "path": "/volume/targets"},
],
),
base.APIRule(
name="baremetal:volume:delete",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Delete Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "DELETE", "path": "/volume/targets/{volume_target_id}"}],
operations=[
{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "DELETE", "path": "/volume/targets/{volume_target_id}"},
],
),
base.APIRule(
name="baremetal:volume:update",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"),
description="Update Volume connector and target records",
scope_types=["system", "project"],
operations=[{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "PATCH", "path": "/volume/targets/{volume_target_id}"}],
operations=[
{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "PATCH", "path": "/volume/targets/{volume_target_id}"},
],
),
base.APIRule(
name="baremetal:volume:view_target_properties",
@ -667,7 +892,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Ability to view volume target properties",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}],
operations=[
{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "GET", "path": "/volume/targets/{volume_target_id}"},
],
),
base.APIRule(
name="baremetal:conductor:get",
@ -675,15 +903,23 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve Conductor records",
scope_types=["system"],
operations=[{"method": "GET", "path": "/conductors"}, {"method": "GET", "path": "/conductors/{hostname}"}],
operations=[
{"method": "GET", "path": "/conductors"},
{"method": "GET", "path": "/conductors/{hostname}"},
],
),
base.APIRule(
name="baremetal:allocation:get",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin or role:reader"),
description="Retrieve Allocation records",
scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/allocations/{allocation_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/allocation"}],
operations=[
{"method": "GET", "path": "/allocations/{allocation_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/allocation"},
],
),
base.APIRule(
name="baremetal:allocation:list",
@ -719,15 +955,22 @@ list_rules = (
),
base.APIRule(
name="baremetal:allocation:delete",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin"),
description="Delete Allocation records",
scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/allocations/{allocation_id}"}, {"method": "DELETE", "path": "/nodes/{node_ident}/allocation"}],
operations=[
{"method": "DELETE", "path": "/allocations/{allocation_id}"},
{"method": "DELETE", "path": "/nodes/{node_ident}/allocation"},
],
),
base.APIRule(
name="baremetal:allocation:update",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"),
check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin"),
description="Change name and extra fields of an allocation",
scope_types=["system", "project"],
@ -735,7 +978,9 @@ list_rules = (
),
base.APIRule(
name="baremetal:allocation:create_pre_rbac",
check_str=("(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"),
check_str=(
"(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"
),
basic_check_str=("role:admin"),
description="Logical restrictor to prevent legacy allocation rule missuse - Requires blank allocations to originate from the legacy baremetal_admin.",
scope_types=["project"],
@ -755,7 +1000,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Retrieve Deploy Template records",
scope_types=["system"],
operations=[{"method": "GET", "path": "/deploy_templates"}, {"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"}],
operations=[
{"method": "GET", "path": "/deploy_templates"},
{"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"},
],
),
base.APIRule(
name="baremetal:deploy_template:create",

84
libs/skyline-policy-manager/skyline_policy_manager/policies/keystone.py
View File

@ -72,7 +72,7 @@ list_rules = (
description="Delete an access_rule.",
scope_types=["system", "project"],
operations=[
{"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"}
{"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"},
],
),
base.APIRule(
@ -93,7 +93,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}",
}
},
],
),
base.APIRule(
@ -106,7 +106,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}",
}
},
],
),
base.APIRule(
@ -127,7 +127,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles",
}
},
],
),
base.APIRule(
@ -140,7 +140,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}",
}
},
],
),
base.APIRule(
@ -189,7 +189,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/users/{user_id}/application_credentials/{application_credential_id}",
}
},
],
),
base.APIRule(
@ -448,7 +448,7 @@ list_rules = (
description="Show ec2 credential details.",
scope_types=["system", "project"],
operations=[
{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"}
{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"},
],
),
base.APIRule(
@ -474,7 +474,10 @@ list_rules = (
description="Delete ec2 credential.",
scope_types=["system", "project"],
operations=[
{"method": "DELETE", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"}
{
"method": "DELETE",
"path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}",
},
],
),
base.APIRule(
@ -551,7 +554,7 @@ list_rules = (
description="Update endpoint group.",
scope_types=["system"],
operations=[
{"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}
{"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"},
],
),
base.APIRule(
@ -561,7 +564,7 @@ list_rules = (
description="Delete endpoint group.",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}
{"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"},
],
),
base.APIRule(
@ -574,7 +577,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects",
}
},
],
),
base.APIRule(
@ -587,7 +590,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints",
}
},
],
),
base.APIRule(
@ -614,7 +617,7 @@ list_rules = (
description="List endpoint groups associated with a specific project.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"}
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"},
],
),
base.APIRule(
@ -627,7 +630,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}",
}
},
],
),
base.APIRule(
@ -640,7 +643,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}",
}
},
],
),
base.APIRule(
@ -1058,7 +1061,7 @@ list_rules = (
description="Delete identity provider.",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}
{"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"},
],
),
base.APIRule(
@ -1068,7 +1071,7 @@ list_rules = (
description="Get information about an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}
{"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
],
),
base.APIRule(
@ -1089,7 +1092,7 @@ list_rules = (
description="Create an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"],
operations=[
{"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}
{"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
],
),
base.APIRule(
@ -1099,7 +1102,7 @@ list_rules = (
description="Delete the association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. Removing the association will cause that effect to be eliminated.",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}
{"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
],
),
base.APIRule(
@ -1120,7 +1123,7 @@ list_rules = (
description="Check an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"],
operations=[
{"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}
{"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
],
),
base.APIRule(
@ -1278,7 +1281,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}",
}
},
],
),
base.APIRule(
@ -1308,7 +1311,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}",
}
},
],
),
base.APIRule(
@ -1321,7 +1324,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}",
}
},
],
),
base.APIRule(
@ -1351,7 +1354,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}",
}
},
],
),
base.APIRule(
@ -1364,7 +1367,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}",
}
},
],
),
base.APIRule(
@ -1394,7 +1397,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}",
}
},
],
),
base.APIRule(
@ -1415,7 +1418,7 @@ list_rules = (
description="List endpoints for policy.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"}
{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"},
],
),
base.APIRule(
@ -1551,7 +1554,7 @@ list_rules = (
description="List projects allowed to access an endpoint.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"}
{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"},
],
),
base.APIRule(
@ -1564,7 +1567,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}",
}
},
],
),
base.APIRule(
@ -1591,7 +1594,7 @@ list_rules = (
description="List the endpoints a project is allowed to access.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"}
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"},
],
),
base.APIRule(
@ -1604,7 +1607,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}",
}
},
],
),
base.APIRule(
@ -1617,7 +1620,7 @@ list_rules = (
{
"method": "PUT",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
}
},
],
),
base.APIRule(
@ -1630,7 +1633,7 @@ list_rules = (
{
"method": "PATCH",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
}
},
],
),
base.APIRule(
@ -1643,7 +1646,7 @@ list_rules = (
{
"method": "GET",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
}
},
],
),
base.APIRule(
@ -1653,7 +1656,7 @@ list_rules = (
description="List federated protocols.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"}
{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"},
],
),
base.APIRule(
@ -1666,7 +1669,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
}
},
],
),
base.APIRule(
@ -1939,7 +1942,10 @@ list_rules = (
description="Create federated service provider.",
scope_types=["system"],
operations=[
{"method": "PUT", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}
{
"method": "PUT",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
},
],
),
base.APIRule(
@ -1980,7 +1986,7 @@ list_rules = (
{
"method": "PATCH",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
}
},
],
),
base.APIRule(
@ -1993,7 +1999,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
}
},
],
),
base.APIRule(

36
libs/skyline-policy-manager/skyline_policy_manager/policies/neutron.py
View File

@ -257,7 +257,7 @@ list_rules = (
description="Remove a network from a DHCP agent",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}
{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"},
],
),
base.APIRule(
@ -421,7 +421,7 @@ list_rules = (
description="Disassociate a flavor with a service profile",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}
{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"},
],
),
base.APIRule(
@ -541,7 +541,7 @@ list_rules = (
{
"method": "PUT",
"path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}",
}
},
],
),
base.APIRule(
@ -558,7 +558,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}",
}
},
],
),
base.APIRule(
@ -605,7 +605,7 @@ list_rules = (
{
"method": "PUT",
"path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}",
}
},
],
),
base.APIRule(
@ -622,7 +622,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}",
}
},
],
),
base.APIRule(
@ -1477,7 +1477,7 @@ list_rules = (
description="Create a QoS bandwidth limit rule",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"}
{"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"},
],
),
base.APIRule(
@ -1487,7 +1487,10 @@ list_rules = (
description="Update a QoS bandwidth limit rule",
scope_types=["system"],
operations=[
{"method": "PUT", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"}
{
"method": "PUT",
"path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}",
},
],
),
base.APIRule(
@ -1500,7 +1503,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}",
}
},
],
),
base.APIRule(
@ -1533,7 +1536,7 @@ list_rules = (
description="Update a QoS DSCP marking rule",
scope_types=["system"],
operations=[
{"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}
{"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"},
],
),
base.APIRule(
@ -1543,7 +1546,10 @@ list_rules = (
description="Delete a QoS DSCP marking rule",
scope_types=["system"],
operations=[
{"method": "DELETE", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}
{
"method": "DELETE",
"path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}",
},
],
),
base.APIRule(
@ -1571,7 +1577,7 @@ list_rules = (
description="Create a QoS minimum bandwidth rule",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"}
{"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"},
],
),
base.APIRule(
@ -1584,7 +1590,7 @@ list_rules = (
{
"method": "PUT",
"path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}",
}
},
],
),
base.APIRule(
@ -1597,7 +1603,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}",
}
},
],
),
base.APIRule(
@ -1677,7 +1683,7 @@ list_rules = (
description="Delete a QoS minimum bandwidth rule through alias",
scope_types=["project"],
operations=[
{"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}
{"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"},
],
),
base.APIRule(

47
libs/skyline-policy-manager/skyline_policy_manager/policies/nova.py
View File

@ -68,7 +68,7 @@ list_rules = (
description="Inject network information into the server",
scope_types=["system", "project"],
operations=[
{"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"}
{"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"},
],
),
base.APIRule(
@ -88,7 +88,7 @@ list_rules = (
description="Create or replace metadata for an aggregate",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"},
],
),
base.APIRule(
@ -98,7 +98,7 @@ list_rules = (
description="Add a host to an aggregate",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"},
],
),
base.APIRule(
@ -116,7 +116,7 @@ list_rules = (
description="Remove a host from an aggregate",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"},
],
),
base.APIRule(
@ -266,7 +266,7 @@ list_rules = (
description="Show console output for a server",
scope_types=["system", "project"],
operations=[
{"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"}
{"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"},
],
),
base.APIRule(
@ -346,7 +346,7 @@ list_rules = (
description="Remove flavor access from a tenant",
scope_types=["system"],
operations=[
{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}
{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"},
],
),
base.APIRule(
@ -369,7 +369,7 @@ list_rules = (
{
"method": "GET",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
}
},
],
),
base.APIRule(
@ -390,7 +390,7 @@ list_rules = (
{
"method": "PUT",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
}
},
],
),
base.APIRule(
@ -403,7 +403,7 @@ list_rules = (
{
"method": "DELETE",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
}
},
],
),
base.APIRule(
@ -613,7 +613,7 @@ list_rules = (
description="Search hypervisor by hypervisor_hostname pattern.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"},
],
),
base.APIRule(
@ -623,7 +623,7 @@ list_rules = (
description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.",
scope_types=["system"],
operations=[
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"},
],
),
base.APIRule(
@ -633,7 +633,7 @@ list_rules = (
description="Add \"details\" key in action events for a server.\n#\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.84, new field 'details' is exposed via API which can have more details about\n#event failure. That field is controlled by this policy which is system reader\n#by default. Making the 'details' field visible to the non-admin user helps to\n#understand the nature of the problem (i.e. if the action can be retried),\n#but in the other hand it might leak information about the deployment\n#(e.g. the type of the hypervisor).\n#",
scope_types=["system", "project"],
operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
],
),
base.APIRule(
@ -643,7 +643,7 @@ list_rules = (
description="Add events details in action details for a server.\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.51, events details are always included; traceback information is provided\n#per event if policy enforcement passes. Beginning with Microversion 2.62,\n#each event includes a hashed host identifier and, if policy enforcement\n#passes, the name of the host.",
scope_types=["system", "project"],
operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
],
),
base.APIRule(
@ -665,7 +665,7 @@ list_rules = (
description="Show action details for a server.",
scope_types=["system", "project"],
operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
],
),
base.APIRule(
@ -1063,7 +1063,7 @@ list_rules = (
description="Remove security groups from server.",
scope_types=["system", "project"],
operations=[
{"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"}
{"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"},
],
),
base.APIRule(
@ -1587,7 +1587,7 @@ list_rules = (
description="Trigger crash dump in a server",
scope_types=["system", "project"],
operations=[
{"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"}
{"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"},
],
),
base.APIRule(
@ -1608,7 +1608,7 @@ list_rules = (
{
"method": "POST",
"path": "/servers/{server_id}/migrations/{migration_id}/action (force_complete)",
}
},
],
),
base.APIRule(
@ -1618,7 +1618,7 @@ list_rules = (
description="Delete(Abort) an in-progress live migration",
scope_types=["system", "project"],
operations=[
{"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"}
{"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"},
],
),
base.APIRule(
@ -1870,7 +1870,7 @@ list_rules = (
description="Show details of a volume attachment",
scope_types=["system", "project"],
operations=[
{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}
{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
],
),
base.APIRule(
@ -1882,7 +1882,7 @@ list_rules = (
description="Update a volume attachment.\n#New 'update' policy about 'swap + update' request (which is possible\n#only >2.85) only <swap policy> is checked. We expect <swap policy> to be\n#always superset of this policy permission.\n#",
scope_types=["system", "project"],
operations=[
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
],
),
base.APIRule(
@ -1892,7 +1892,7 @@ list_rules = (
description="Update a volume attachment with a different volumeId",
scope_types=["system"],
operations=[
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
],
),
base.APIRule(
@ -1904,7 +1904,10 @@ list_rules = (
description="Detach a volume from an instance",
scope_types=["system", "project"],
operations=[
{"method": "DELETE", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}
{
"method": "DELETE",
"path": "/servers/{server_id}/os-volume_attachments/{volume_id}",
},
],
),
)

268
libs/skyline-policy-manager/skyline_policy_manager/policies/octavia.py
View File

@ -55,7 +55,9 @@ list_rules = (
),
base.Rule(
name="load-balancer:read",
check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"),
check_str=(
"rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"
),
description="No description",
),
base.Rule(
@ -70,12 +72,16 @@ list_rules = (
),
base.Rule(
name="load-balancer:read-quota",
check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"),
check_str=(
"rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"
),
description="No description",
),
base.Rule(
name="load-balancer:read-quota-global",
check_str=("rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"),
check_str=(
"rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
),
description="No description",
),
base.Rule(
@ -86,7 +92,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:flavor:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Flavors",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors"}],
@ -110,7 +118,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:flavor:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Flavor details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors/{flavor_id}"}],
@ -161,12 +171,16 @@ list_rules = (
basic_check_str=("role:admin"),
description="Remove a Flavor Profile",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}],
operations=[
{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Availability Zones",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones"}],
@ -185,15 +199,21 @@ list_rules = (
basic_check_str=("role:admin"),
description="Update an Availability Zone",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}],
operations=[
{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Availability Zone details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}],
operations=[
{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone:delete",
@ -201,7 +221,9 @@ list_rules = (
basic_check_str=("role:admin"),
description="Remove an Availability Zone",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}],
operations=[
{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone-profile:get_all",
@ -225,7 +247,12 @@ list_rules = (
basic_check_str=("role:admin"),
description="Update an Availability Zone",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}],
operations=[
{
"method": "PUT",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone-profile:get_one",
@ -233,7 +260,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Show Availability Zone details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}],
operations=[
{
"method": "GET",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
),
base.APIRule(
name="os_load-balancer_api:availability-zone-profile:delete",
@ -241,12 +273,19 @@ list_rules = (
basic_check_str=("role:admin"),
description="Remove an Availability Zone",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}],
operations=[
{
"method": "DELETE",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
),
base.APIRule(
name="os_load-balancer_api:healthmonitor:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Health Monitors of a Pool",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}],
@ -262,7 +301,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:healthmonitor:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Health Monitor",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/healthmonitors"}],
@ -270,7 +311,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:healthmonitor:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Health Monitor details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -278,7 +321,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:healthmonitor:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Health Monitor",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -286,7 +331,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:healthmonitor:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Health Monitor",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -294,7 +341,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7policy:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List L7 Policys",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}],
@ -310,7 +359,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7policy:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a L7 Policy",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/l7policies"}],
@ -318,7 +369,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7policy:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show L7 Policy details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -326,7 +379,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7policy:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a L7 Policy",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -334,7 +389,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7policy:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a L7 Policy",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -342,7 +399,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7rule:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List L7 Rules",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}],
@ -350,7 +409,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7rule:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a L7 Rule",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}],
@ -358,31 +419,45 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:l7rule:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show L7 Rule details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}],
operations=[
{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:l7rule:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a L7 Rule",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}],
operations=[
{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:l7rule:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a L7 Rule",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}],
operations=[
{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:listener:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Listeners",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}],
@ -398,7 +473,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:listener:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Listener",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/listeners"}],
@ -406,7 +483,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:listener:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Listener details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -414,7 +493,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:listener:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Listener",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -422,7 +503,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:listener:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Listener",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -430,7 +513,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:listener:get_stats",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Listener statistics",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}/stats"}],
@ -438,7 +523,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Load Balancers",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}],
@ -454,7 +541,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Load Balancer",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/loadbalancers"}],
@ -462,7 +551,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -470,7 +561,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Load Balancer",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -478,7 +571,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Load Balancer",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -486,7 +581,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:get_stats",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer statistics",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}],
@ -494,10 +591,14 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:loadbalancer:get_status",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer status",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"}],
operations=[
{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"},
],
),
base.APIRule(
name="os_load-balancer_api:loadbalancer:put_failover",
@ -505,12 +606,16 @@ list_rules = (
basic_check_str=("role:admin"),
description="Failover a Load Balancer",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"}],
operations=[
{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"},
],
),
base.APIRule(
name="os_load-balancer_api:member:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Members of a Pool",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members"}],
@ -518,7 +623,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:member:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Member",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/pools/{pool_id}/members"}],
@ -526,7 +633,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:member:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Member details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}],
@ -534,7 +643,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:member:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Member",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}],
@ -542,15 +653,21 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:member:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Member",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}],
operations=[
{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"},
],
),
base.APIRule(
name="os_load-balancer_api:pool:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Pools",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools"}],
@ -566,7 +683,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:pool:post",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Pool",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/pools"}],
@ -574,7 +693,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:pool:get_one",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Pool details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -582,7 +703,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:pool:put",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Pool",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -590,7 +713,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:pool:delete",
check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Pool",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -598,7 +723,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:provider:get_all",
check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List enabled providers",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers"}],
@ -606,7 +733,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:quota:get_all",
check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Quotas",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}],
@ -622,7 +751,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:quota:get_one",
check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Quota details",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}"}],
@ -646,7 +777,9 @@ list_rules = (
base.APIRule(
name="os_load-balancer_api:quota:get_defaults",
check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"),
basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Default Quota for a Project",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}/default"}],
@ -705,7 +838,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="List the provider flavor capabilities.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"}],
operations=[
{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"},
],
),
base.APIRule(
name="os_load-balancer_api:provider-availability-zone:get_all",
@ -713,7 +848,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="List the provider availability zone capabilities.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities"}],
operations=[
{
"method": "GET",
"path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities",
},
],
),
)

5
libs/skyline-policy-manager/skyline_policy_manager/policies/panko.py
View File

@ -14,7 +14,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Return the user and project the requestshould be limited to",
scope_types=["system"],
operations=[{"method": "GET", "path": "/v2/events"}, {"method": "GET", "path": "/v2/events/{message_id}"}],
operations=[
{"method": "GET", "path": "/v2/events"},
{"method": "GET", "path": "/v2/events/{message_id}"},
],
),
base.APIRule(
name="telemetry:events:index",

21
libs/skyline-policy-manager/skyline_policy_manager/policies/placement.py
View File

@ -110,7 +110,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"),
description="Show resource provider inventory.",
scope_types=["system"],
operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}],
operations=[
{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"},
],
),
base.APIRule(
name="placement:resource_providers:inventories:update",
@ -118,7 +120,10 @@ list_rules = (
basic_check_str=("role:admin"),
description="Update resource provider inventory.",
scope_types=["system"],
operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, {"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}],
operations=[
{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"},
{"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"},
],
),
base.APIRule(
name="placement:resource_providers:inventories:delete",
@ -126,7 +131,13 @@ list_rules = (
basic_check_str=("role:admin"),
description="Delete resource provider inventory.",
scope_types=["system"],
operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}],
operations=[
{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"},
{
"method": "DELETE",
"path": "/resource_providers/{uuid}/inventories/{resource_class}",
},
],
),
base.APIRule(
name="placement:resource_providers:aggregates:list",
@ -154,7 +165,9 @@ list_rules = (
),
base.APIRule(
name="placement:usages",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"),
check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"
),
basic_check_str=("role:admin or role:reader"),
description="List total resource usages for a given project.",
scope_types=["system", "project"],

47
libs/skyline-policy-manager/tests/conftest.py Normal file
View File

@ -0,0 +1,47 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from typing import TYPE_CHECKING
from _pytest.mark import ParameterSet
from tests.models import TestData
if TYPE_CHECKING:
from _pytest.python import Metafunc
def pytest_generate_tests(metafunc: Metafunc) -> None:
for marker in metafunc.definition.iter_markers(name="ddt"):
test_data: TestData
for test_data in marker.args:
argument_length = len(test_data.arguments)
argvalues = []
for argument_data in test_data.argument_data_set:
if len(argument_data.values) != argument_length:
raise ValueError(
f'Argument data "{argument_data.id}" of method '
f'"{metafunc.function.__name__}" doesn\'t match '
"number of arguments.",
)
argvalues.append(
ParameterSet(
id=argument_data.id,
marks=argument_data.marks,
values=argument_data.values,
),
)
metafunc.parametrize(test_data.arguments, argvalues, indirect=test_data.indirect)

87
libs/skyline-policy-manager/tests/fake.py Normal file
View File

@ -0,0 +1,87 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
import sys
from dataclasses import asdict, dataclass, field
from typing import Dict, List
from mimesis import Generic
FAKER = Generic()
FAKE_NS = "skyline_policy_manager.tests.mock_ns"
FAKE_SERVICE_EPS = {
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"keystone": ["keystone"],
"neutron": ["neutron"],
"nova": ["nova"],
}
current_module = sys.modules[__name__]
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
setattr(current_module, f"{ep_name}_list_rules", lambda: [])
@dataclass
class FakeOperation:
method: str = field(
default_factory=lambda: FAKER.choice(["GET", "POST", "PUT", "PATCH", "DELETE"]),
)
path: str = field(
default_factory=lambda: FAKER.choice(["/resources", "/resources/{resource_id}"]),
)
@dataclass
class FakeDocumentedRuleData:
name: str = field(default_factory=lambda: ":".join(FAKER.text.words()))
description: str = field(default_factory=lambda: FAKER.text.text())
check_str: str = field(
default_factory=lambda: f'role:{FAKER.choice(["admin", "member", "reader"])}',
)
scope_types: List[str] = field(
default_factory=lambda: FAKER.choice(
["system", "domain", "project"],
length=FAKER.numbers.integer_number(1, 3),
unique=True,
),
)
operations: List[Dict[str, str]] = field(
default_factory=lambda: [
asdict(FakeOperation()) for _ in range(FAKER.numbers.integer_number(1, 5))
],
)
@dataclass
class FakeRuleData:
name: str = field(default_factory=lambda: ":".join(FAKER.text.words()))
description: str = field(default_factory=lambda: FAKER.text.text())
check_str: str = field(
default_factory=lambda: f'role:{FAKER.choice(["admin", "member", "reader"])}',
)
scope_types: List[str] = field(
default_factory=lambda: FAKER.choice(
["system", "domain", "project"],
length=FAKER.numbers.integer_number(1, 3),
unique=True,
),
)

36
libs/skyline-policy-manager/tests/models.py Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from dataclasses import dataclass
from typing import Any, Collection, Sequence, Tuple, Union
@dataclass
class ArgumentData:
id: str
values: Sequence[object]
# TODO: Fix type annotation of `marks` after the pytest > 7.0.0
# marks: Collection[Union[pytest.MarkDecorator, pytest.Mark]]
marks: Collection[Any] = ()
@dataclass
class TestData:
arguments: Tuple[str, ...]
argument_data_set: Sequence[ArgumentData]
indirect: Union[bool, Tuple[str]] = False
__test__ = False

0
libs/skyline-policy-manager/tests/unit/__init__.py Normal file
View File

0
libs/skyline-policy-manager/tests/unit/cmd/__init__.py Normal file
View File

158
libs/skyline-policy-manager/tests/unit/cmd/test_manage.py Normal file
View File

@ -0,0 +1,158 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from dataclasses import asdict
from importlib import metadata
from importlib.metadata import EntryPoint
from pathlib import Path
from typing import Dict, List, Tuple, Union
import pytest
from click.testing import CliRunner
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault
from skyline_policy_manager import constants, policies
from skyline_policy_manager.cmd.manage import (
generate_conf,
generate_rule,
generate_sample,
policy_manager,
validate,
)
from tests import fake
from tests.fake import FAKE_NS, FAKE_SERVICE_EPS, FAKER, FakeDocumentedRuleData, FakeRuleData
from tests.models import ArgumentData, TestData
class TestPolicyManager:
@pytest.fixture(autouse=True)
def setup_entry_points(self, monkeypatch) -> None:
eps = []
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
fake_rules: List[Union[DocumentedRuleDefault, RuleDefault]]
fake_rules = [
DocumentedRuleDefault(**asdict(FakeDocumentedRuleData()))
for _ in range(FAKER.numbers.integer_number(1, 10))
]
fake_rules.extend(
[
RuleDefault(**asdict(FakeRuleData()))
for _ in range(FAKER.numbers.integer_number(1, 3))
],
)
monkeypatch.setattr(fake, f"{ep_name}_list_rules", lambda: fake_rules)
eps.append(
EntryPoint(
name=ep_name,
value=f"tests.fake:{ep_name}_list_rules",
group=FAKE_NS,
),
)
def entry_points() -> Dict[str, Tuple[EntryPoint, ...]]:
return {FAKE_NS: tuple(eps)}
monkeypatch.setattr(metadata, "entry_points", entry_points)
monkeypatch.setattr(constants, "POLICY_NS", FAKE_NS)
monkeypatch.setattr(constants, "SUPPORTED_SERVICE_EPS", FAKE_SERVICE_EPS)
@pytest.fixture
def runner(self) -> CliRunner:
runner = CliRunner()
return runner
@pytest.mark.ddt(
TestData(
arguments=("dir_path",),
argument_data_set=[
ArgumentData(
id="str_dir_path",
values=(FAKER.text.word(),),
),
],
),
)
def test_generate_sample(self, runner: CliRunner, tmp_path: Path, dir_path: str) -> None:
sample_dir = tmp_path.joinpath(dir_path)
sample_dir.mkdir(parents=True, exist_ok=True)
policy_manager.add_command(generate_sample)
result = runner.invoke(
policy_manager,
["generate-sample", "--dir", sample_dir.as_posix()],
)
assert result.exit_code == 0
for service in FAKE_SERVICE_EPS:
assert sample_dir.joinpath(service).exists()
assert sample_dir.joinpath(service).joinpath("policy.yaml.sample").exists()
@pytest.mark.ddt(
TestData(
arguments=("dir_path",),
argument_data_set=[
ArgumentData(
id="str_dir_path",
values=(FAKER.text.word(),),
),
],
),
TestData(
arguments=("description",),
argument_data_set=[
ArgumentData(
id="str_description",
values=(FAKER.text.text(),),
),
],
),
)
def test_generate_conf(
self,
runner: CliRunner,
tmp_path: Path,
dir_path: str,
description: str,
) -> None:
conf_dir = tmp_path.joinpath(dir_path)
conf_dir.mkdir(parents=True, exist_ok=True)
policy_manager.add_command(generate_conf)
result = runner.invoke(
policy_manager,
["generate-conf", "--dir", conf_dir.as_posix(), "--desc", description],
)
service_rules = policies.get_service_rules()
assert result.exit_code == 0
for service in service_rules:
assert conf_dir.joinpath(service).exists()
assert conf_dir.joinpath(service).joinpath("policy.yaml").exists()
assert description in conf_dir.joinpath(service).joinpath("policy.yaml").read_text()
def test_generate_rule(self, runner: CliRunner) -> None:
policy_manager.add_command(generate_rule)
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
result = runner.invoke(policy_manager, ["generate-rule", ep_name])
assert result.exit_code == 0
def test_validate(self, runner: CliRunner) -> None:
policy_manager.add_command(validate)
result = runner.invoke(
policy_manager,
[
"validate",
"--diff",
],
)
assert result.exit_code == 0

2
libs/skyline-policy-manager/tests/test_skyline_policy_manager.py → libs/skyline-policy-manager/tests/unit/test_skyline_policy_manager.py
View File

@ -15,5 +15,5 @@
from skyline_policy_manager import __version__
def test_version():
def test_version() -> None:
assert __version__ == "0.1.0"