baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Add skyline-policy-manager unit test

Browse Source 
1. Add skyline-policy-manager unit test case and tools
2. Update `setup` method type annotation
3. Move some constants to `skyline_policy_manager.constants`
4. Adjust import to use modules instead of functions
5. Update code format

Change-Id: Ic72e21126de0b16e4d969ad48ce64c57542c4667
This commit is contained in:
Gao Hanxiang 2021-09-22 15:50:49 -04:00 committed by Boxiang Zhu
parent da42ade264
commit 1d14b4067c
23 changed files with 1751 additions and 529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
libs/skyline-policy-manager/Makefile
View File

@ -1,4 +1,5 @@
PYTHON ?= python3 PYTHON ?= python3
PY_FILES := $(shell git ls-files -- *.py | xargs)
.PHONY: all .PHONY: all
@ -25,24 +26,24 @@ package:
.PHONY: fmt .PHONY: fmt
fmt: fmt:
poetry run isort $$(git ls-files -- **/*.py) poetry run isort $(PY_FILES)
poetry run black --config ../../pyproject.toml $$(git ls-files -- **/*.py) poetry run black --config ../../pyproject.toml $(PY_FILES)
poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $$(git ls-files -- **/*.py) poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $(PY_FILES)
.PHONY: lint .PHONY: lint
lint: lint:
poetry run mypy --config-file=../../mypy.ini $$(git ls-files -- **/*.py) # poetry run mypy --strict --config-file=../../mypy.ini $(PY_FILES)
poetry run isort --check-only --diff $$(git ls-files -- **/*.py) poetry run isort --check-only --diff $(PY_FILES)
poetry run black --check --diff --color --config ../../pyproject.toml $$(git ls-files -- **/*.py) poetry run black --check --diff --color --config ../../pyproject.toml $(PY_FILES)
poetry run flake8 $$(git ls-files -- **/*.py) poetry run flake8 --config ../../.flake8 $(PY_FILES)
.PHONY: test .PHONY: test
test: test:
echo TODO poetry run pytest
.PHONY: clean .PHONY: clean
clean: clean:
rm -rf .venv dist rm -rf .venv dist tmp htmlcov .coverage

261
libs/skyline-policy-manager/poetry.lock generated
View File

@ -173,6 +173,17 @@ category = "main"
optional = false optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[[package]]
name = "coverage"
version = "5.5"
description = "Code coverage measurement for Python"
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
[package.extras]
toml = ["toml"]
[[package]] [[package]]
name = "debtcollector" name = "debtcollector"
version = "2.3.0" version = "2.3.0"
@ -477,6 +488,14 @@ category = "dev"
optional = false optional = false
python-versions = "*" python-versions = "*"
[[package]]
name = "mimesis"
version = "4.1.3"
description = "Mimesis: fake data generator."
category = "dev"
optional = false
python-versions = "*"
[[package]] [[package]]
name = "msgpack" name = "msgpack"
version = "1.0.2" version = "1.0.2"
@ -977,7 +996,7 @@ WebTest = ">=1.3.1"
[[package]] [[package]]
name = "platformdirs" name = "platformdirs"
version = "2.3.0" version = "2.4.0"
description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." description = "A small Python module for determining appropriate platform-specific dirs, e.g. a \"user data dir\"."
category = "dev" category = "dev"
optional = false optional = false
@ -1024,17 +1043,6 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
[package.extras] [package.extras]
twisted = ["twisted"] twisted = ["twisted"]
[[package]]
name = "psutil"
version = "5.8.0"
description = "Cross-platform lib for process and system monitoring in Python."
category = "dev"
optional = false
python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
[package.extras]
test = ["ipaddress", "mock", "unittest2", "enum34", "pywin32", "wmi"]
[[package]] [[package]]
name = "py" name = "py"
version = "1.10.0" version = "1.10.0"
@ -1119,6 +1127,22 @@ toml = "*"
[package.extras] [package.extras]
testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"]
[[package]]
name = "pytest-cov"
version = "2.12.1"
description = "Pytest plugin for measuring coverage."
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
[package.dependencies]
coverage = ">=5.2.1"
pytest = ">=4.6"
toml = "*"
[package.extras]
testing = ["fields", "hunter", "process-tests", "six", "pytest-xdist", "virtualenv"]
[[package]] [[package]]
name = "pytest-forked" name = "pytest-forked"
version = "1.3.0" version = "1.3.0"
@ -1131,6 +1155,29 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
py = "*" py = "*"
pytest = ">=3.10" pytest = ">=3.10"
[[package]]
name = "pytest-html"
version = "3.1.1"
description = "pytest plugin for generating HTML reports"
category = "dev"
optional = false
python-versions = ">=3.6"
[package.dependencies]
pytest = ">=5.0,<6.0.0 || >6.0.0"
pytest-metadata = "*"
[[package]]
name = "pytest-metadata"
version = "1.11.0"
description = "pytest plugin for test session metadata"
category = "dev"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[package.dependencies]
pytest = ">=2.9.0"
[[package]] [[package]]
name = "pytest-xdist" name = "pytest-xdist"
version = "2.4.0" version = "2.4.0"
@ -1141,7 +1188,6 @@ python-versions = ">=3.6"
[package.dependencies] [package.dependencies]
execnet = ">=1.1" execnet = ">=1.1"
psutil = {version = ">=3.0", optional = true, markers = "extra == \"psutil\""}
pytest = ">=6.0.0" pytest = ">=6.0.0"
pytest-forked = "*" pytest-forked = "*"
@ -1187,7 +1233,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
[[package]] [[package]]
name = "regex" name = "regex"
version = "2021.8.28" version = "2021.9.24"
description = "Alternative regular expression module, to replace re." description = "Alternative regular expression module, to replace re."
category = "dev" category = "dev"
optional = false optional = false
@ -1584,7 +1630,7 @@ testing = ["pytest (>=4.6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytes
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.8" python-versions = "^3.8"
content-hash = "0737b8cb1359cd19a07102e508d51d838d1950a26bc2c68bcfd8918de08586ae" content-hash = "65ef745e584aa6eddb35354f86597f253ad4b0b90a59a933aa84c06c14f45f68"
[metadata.files] [metadata.files]
add-trailing-comma = [ add-trailing-comma = [
@ -1691,6 +1737,60 @@ colorama = [
{file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"},
{file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"},
] ]
coverage = [
{file = "coverage-5.5-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:b6d534e4b2ab35c9f93f46229363e17f63c53ad01330df9f2d6bd1187e5eaacf"},
{file = "coverage-5.5-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:b7895207b4c843c76a25ab8c1e866261bcfe27bfaa20c192de5190121770672b"},
{file = "coverage-5.5-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:c2723d347ab06e7ddad1a58b2a821218239249a9e4365eaff6649d31180c1669"},
{file = "coverage-5.5-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:900fbf7759501bc7807fd6638c947d7a831fc9fdf742dc10f02956ff7220fa90"},
{file = "coverage-5.5-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:004d1880bed2d97151facef49f08e255a20ceb6f9432df75f4eef018fdd5a78c"},
{file = "coverage-5.5-cp27-cp27m-win32.whl", hash = "sha256:06191eb60f8d8a5bc046f3799f8a07a2d7aefb9504b0209aff0b47298333302a"},
{file = "coverage-5.5-cp27-cp27m-win_amd64.whl", hash = "sha256:7501140f755b725495941b43347ba8a2777407fc7f250d4f5a7d2a1050ba8e82"},
{file = "coverage-5.5-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:372da284cfd642d8e08ef606917846fa2ee350f64994bebfbd3afb0040436905"},
{file = "coverage-5.5-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:8963a499849a1fc54b35b1c9f162f4108017b2e6db2c46c1bed93a72262ed083"},
{file = "coverage-5.5-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:869a64f53488f40fa5b5b9dcb9e9b2962a66a87dab37790f3fcfb5144b996ef5"},
{file = "coverage-5.5-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:4a7697d8cb0f27399b0e393c0b90f0f1e40c82023ea4d45d22bce7032a5d7b81"},
{file = "coverage-5.5-cp310-cp310-macosx_10_14_x86_64.whl", hash = "sha256:8d0a0725ad7c1a0bcd8d1b437e191107d457e2ec1084b9f190630a4fb1af78e6"},
{file = "coverage-5.5-cp310-cp310-manylinux1_x86_64.whl", hash = "sha256:51cb9476a3987c8967ebab3f0fe144819781fca264f57f89760037a2ea191cb0"},
{file = "coverage-5.5-cp310-cp310-win_amd64.whl", hash = "sha256:c0891a6a97b09c1f3e073a890514d5012eb256845c451bd48f7968ef939bf4ae"},
{file = "coverage-5.5-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:3487286bc29a5aa4b93a072e9592f22254291ce96a9fbc5251f566b6b7343cdb"},
{file = "coverage-5.5-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:deee1077aae10d8fa88cb02c845cfba9b62c55e1183f52f6ae6a2df6a2187160"},
{file = "coverage-5.5-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:f11642dddbb0253cc8853254301b51390ba0081750a8ac03f20ea8103f0c56b6"},
{file = "coverage-5.5-cp35-cp35m-manylinux2010_i686.whl", hash = "sha256:6c90e11318f0d3c436a42409f2749ee1a115cd8b067d7f14c148f1ce5574d701"},
{file = "coverage-5.5-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:30c77c1dc9f253283e34c27935fded5015f7d1abe83bc7821680ac444eaf7793"},
{file = "coverage-5.5-cp35-cp35m-win32.whl", hash = "sha256:9a1ef3b66e38ef8618ce5fdc7bea3d9f45f3624e2a66295eea5e57966c85909e"},
{file = "coverage-5.5-cp35-cp35m-win_amd64.whl", hash = "sha256:972c85d205b51e30e59525694670de6a8a89691186012535f9d7dbaa230e42c3"},
{file = "coverage-5.5-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:af0e781009aaf59e25c5a678122391cb0f345ac0ec272c7961dc5455e1c40066"},
{file = "coverage-5.5-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:74d881fc777ebb11c63736622b60cb9e4aee5cace591ce274fb69e582a12a61a"},
{file = "coverage-5.5-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:92b017ce34b68a7d67bd6d117e6d443a9bf63a2ecf8567bb3d8c6c7bc5014465"},
{file = "coverage-5.5-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:d636598c8305e1f90b439dbf4f66437de4a5e3c31fdf47ad29542478c8508bbb"},
{file = "coverage-5.5-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:41179b8a845742d1eb60449bdb2992196e211341818565abded11cfa90efb821"},
{file = "coverage-5.5-cp36-cp36m-win32.whl", hash = "sha256:040af6c32813fa3eae5305d53f18875bedd079960822ef8ec067a66dd8afcd45"},
{file = "coverage-5.5-cp36-cp36m-win_amd64.whl", hash = "sha256:5fec2d43a2cc6965edc0bb9e83e1e4b557f76f843a77a2496cbe719583ce8184"},
{file = "coverage-5.5-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:18ba8bbede96a2c3dde7b868de9dcbd55670690af0988713f0603f037848418a"},
{file = "coverage-5.5-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:2910f4d36a6a9b4214bb7038d537f015346f413a975d57ca6b43bf23d6563b53"},
{file = "coverage-5.5-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:f0b278ce10936db1a37e6954e15a3730bea96a0997c26d7fee88e6c396c2086d"},
{file = "coverage-5.5-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:796c9c3c79747146ebd278dbe1e5c5c05dd6b10cc3bcb8389dfdf844f3ead638"},
{file = "coverage-5.5-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:53194af30d5bad77fcba80e23a1441c71abfb3e01192034f8246e0d8f99528f3"},
{file = "coverage-5.5-cp37-cp37m-win32.whl", hash = "sha256:184a47bbe0aa6400ed2d41d8e9ed868b8205046518c52464fde713ea06e3a74a"},
{file = "coverage-5.5-cp37-cp37m-win_amd64.whl", hash = "sha256:2949cad1c5208b8298d5686d5a85b66aae46d73eec2c3e08c817dd3513e5848a"},
{file = "coverage-5.5-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:217658ec7187497e3f3ebd901afdca1af062b42cfe3e0dafea4cced3983739f6"},
{file = "coverage-5.5-cp38-cp38-manylinux1_i686.whl", hash = "sha256:1aa846f56c3d49205c952d8318e76ccc2ae23303351d9270ab220004c580cfe2"},
{file = "coverage-5.5-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:24d4a7de75446be83244eabbff746d66b9240ae020ced65d060815fac3423759"},
{file = "coverage-5.5-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d1f8bf7b90ba55699b3a5e44930e93ff0189aa27186e96071fac7dd0d06a1873"},
{file = "coverage-5.5-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:970284a88b99673ccb2e4e334cfb38a10aab7cd44f7457564d11898a74b62d0a"},
{file = "coverage-5.5-cp38-cp38-win32.whl", hash = "sha256:01d84219b5cdbfc8122223b39a954820929497a1cb1422824bb86b07b74594b6"},
{file = "coverage-5.5-cp38-cp38-win_amd64.whl", hash = "sha256:2e0d881ad471768bf6e6c2bf905d183543f10098e3b3640fc029509530091502"},
{file = "coverage-5.5-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:d1f9ce122f83b2305592c11d64f181b87153fc2c2bbd3bb4a3dde8303cfb1a6b"},
{file = "coverage-5.5-cp39-cp39-manylinux1_i686.whl", hash = "sha256:13c4ee887eca0f4c5a247b75398d4114c37882658300e153113dafb1d76de529"},
{file = "coverage-5.5-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:52596d3d0e8bdf3af43db3e9ba8dcdaac724ba7b5ca3f6358529d56f7a166f8b"},
{file = "coverage-5.5-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2cafbbb3af0733db200c9b5f798d18953b1a304d3f86a938367de1567f4b5bff"},
{file = "coverage-5.5-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:44d654437b8ddd9eee7d1eaee28b7219bec228520ff809af170488fd2fed3e2b"},
{file = "coverage-5.5-cp39-cp39-win32.whl", hash = "sha256:d314ed732c25d29775e84a960c3c60808b682c08d86602ec2c3008e1202e3bb6"},
{file = "coverage-5.5-cp39-cp39-win_amd64.whl", hash = "sha256:13034c4409db851670bc9acd836243aeee299949bd5673e11844befcb0149f03"},
{file = "coverage-5.5-pp36-none-any.whl", hash = "sha256:f030f8873312a16414c0d8e1a1ddff2d3235655a2174e3648b4fa66b3f2f1079"},
{file = "coverage-5.5-pp37-none-any.whl", hash = "sha256:2a3859cb82dcbda1cfd3e6f71c27081d18aa251d20a17d87d26d4cd216fb0af4"},
{file = "coverage-5.5.tar.gz", hash = "sha256:ebe78fe9a0e874362175b02371bdfbee64d8edc42a044253ddf4ee7d3c15212c"},
]
debtcollector = [ debtcollector = [
{file = "debtcollector-2.3.0-py3-none-any.whl", hash = "sha256:6f1fae29c9091a6f7e8f68da7ec17f3167f98abac13c019968e144108f381b7e"}, {file = "debtcollector-2.3.0-py3-none-any.whl", hash = "sha256:6f1fae29c9091a6f7e8f68da7ec17f3167f98abac13c019968e144108f381b7e"},
{file = "debtcollector-2.3.0.tar.gz", hash = "sha256:c7a9fac814ab5904e23905516b18356cc907e7d27c05da58d37103f001967846"}, {file = "debtcollector-2.3.0.tar.gz", hash = "sha256:c7a9fac814ab5904e23905516b18356cc907e7d27c05da58d37103f001967846"},
@ -1886,6 +1986,9 @@ mccabe = [
{file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"},
{file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"},
] ]
mimesis = [
{file = "mimesis-4.1.3.tar.gz", hash = "sha256:90f36c21c1bb9944afc17178eb5868b0c85aa1fe49eb04bcbdafafd1ad4ca2ba"},
]
msgpack = [ msgpack = [
{file = "msgpack-1.0.2-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:b6d9e2dae081aa35c44af9c4298de4ee72991305503442a5c74656d82b581fe9"}, {file = "msgpack-1.0.2-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:b6d9e2dae081aa35c44af9c4298de4ee72991305503442a5c74656d82b581fe9"},
{file = "msgpack-1.0.2-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:a99b144475230982aee16b3d249170f1cccebf27fb0a08e9f603b69637a62192"}, {file = "msgpack-1.0.2-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:a99b144475230982aee16b3d249170f1cccebf27fb0a08e9f603b69637a62192"},
@ -2084,8 +2187,8 @@ pecan = [
{file = "pecan-1.4.0.tar.gz", hash = "sha256:4b2acd6802a04b59e306d0a6ccf37701d24376f4dc044bbbafba3afdf9d3389a"}, {file = "pecan-1.4.0.tar.gz", hash = "sha256:4b2acd6802a04b59e306d0a6ccf37701d24376f4dc044bbbafba3afdf9d3389a"},
] ]
platformdirs = [ platformdirs = [
{file = "platformdirs-2.3.0-py3-none-any.whl", hash = "sha256:8003ac87717ae2c7ee1ea5a84a1a61e87f3fbd16eb5aadba194ea30a9019f648"}, {file = "platformdirs-2.4.0-py3-none-any.whl", hash = "sha256:8868bbe3c3c80d42f20156f22e7131d2fb321f5bc86a2a345375c6481a67021d"},
{file = "platformdirs-2.3.0.tar.gz", hash = "sha256:15b056538719b1c94bdaccb29e5f81879c7f7f0f4a153f46086d155dffcd4f0f"}, {file = "platformdirs-2.4.0.tar.gz", hash = "sha256:367a5e80b3d04d2428ffa76d33f124cf11e8fff2acdaa9b43d545f5c7d661ef2"},
] ]
pluggy = [ pluggy = [
{file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"}, {file = "pluggy-1.0.0-py2.py3-none-any.whl", hash = "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"},
@ -2099,36 +2202,6 @@ prometheus-client = [
{file = "prometheus_client-0.11.0-py2.py3-none-any.whl", hash = "sha256:b014bc76815eb1399da8ce5fc84b7717a3e63652b0c0f8804092c9363acab1b2"}, {file = "prometheus_client-0.11.0-py2.py3-none-any.whl", hash = "sha256:b014bc76815eb1399da8ce5fc84b7717a3e63652b0c0f8804092c9363acab1b2"},
{file = "prometheus_client-0.11.0.tar.gz", hash = "sha256:3a8baade6cb80bcfe43297e33e7623f3118d660d41387593758e2fb1ea173a86"}, {file = "prometheus_client-0.11.0.tar.gz", hash = "sha256:3a8baade6cb80bcfe43297e33e7623f3118d660d41387593758e2fb1ea173a86"},
] ]
psutil = [
{file = "psutil-5.8.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64"},
{file = "psutil-5.8.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c"},
{file = "psutil-5.8.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df"},
{file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131"},
{file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60"},
{file = "psutil-5.8.0-cp27-none-win32.whl", hash = "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876"},
{file = "psutil-5.8.0-cp27-none-win_amd64.whl", hash = "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65"},
{file = "psutil-5.8.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8"},
{file = "psutil-5.8.0-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6"},
{file = "psutil-5.8.0-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac"},
{file = "psutil-5.8.0-cp36-cp36m-win32.whl", hash = "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2"},
{file = "psutil-5.8.0-cp36-cp36m-win_amd64.whl", hash = "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d"},
{file = "psutil-5.8.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935"},
{file = "psutil-5.8.0-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d"},
{file = "psutil-5.8.0-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023"},
{file = "psutil-5.8.0-cp37-cp37m-win32.whl", hash = "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394"},
{file = "psutil-5.8.0-cp37-cp37m-win_amd64.whl", hash = "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563"},
{file = "psutil-5.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef"},
{file = "psutil-5.8.0-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28"},
{file = "psutil-5.8.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b"},
{file = "psutil-5.8.0-cp38-cp38-win32.whl", hash = "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d"},
{file = "psutil-5.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d"},
{file = "psutil-5.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7"},
{file = "psutil-5.8.0-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4"},
{file = "psutil-5.8.0-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b"},
{file = "psutil-5.8.0-cp39-cp39-win32.whl", hash = "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0"},
{file = "psutil-5.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3"},
{file = "psutil-5.8.0.tar.gz", hash = "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6"},
]
py = [ py = [
{file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"}, {file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"},
{file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"}, {file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"},
@ -2180,10 +2253,22 @@ pytest = [
{file = "pytest-6.2.5-py3-none-any.whl", hash = "sha256:7310f8d27bc79ced999e760ca304d69f6ba6c6649c0b60fb0e04a4a77cacc134"}, {file = "pytest-6.2.5-py3-none-any.whl", hash = "sha256:7310f8d27bc79ced999e760ca304d69f6ba6c6649c0b60fb0e04a4a77cacc134"},
{file = "pytest-6.2.5.tar.gz", hash = "sha256:131b36680866a76e6781d13f101efb86cf674ebb9762eb70d3082b6f29889e89"}, {file = "pytest-6.2.5.tar.gz", hash = "sha256:131b36680866a76e6781d13f101efb86cf674ebb9762eb70d3082b6f29889e89"},
] ]
pytest-cov = [
{file = "pytest-cov-2.12.1.tar.gz", hash = "sha256:261ceeb8c227b726249b376b8526b600f38667ee314f910353fa318caa01f4d7"},
{file = "pytest_cov-2.12.1-py2.py3-none-any.whl", hash = "sha256:261bb9e47e65bd099c89c3edf92972865210c36813f80ede5277dceb77a4a62a"},
]
pytest-forked = [ pytest-forked = [
{file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"}, {file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"},
{file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"}, {file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"},
] ]
pytest-html = [
{file = "pytest-html-3.1.1.tar.gz", hash = "sha256:3ee1cf319c913d19fe53aeb0bc400e7b0bc2dbeb477553733db1dad12eb75ee3"},
{file = "pytest_html-3.1.1-py3-none-any.whl", hash = "sha256:b7f82f123936a3f4d2950bc993c2c1ca09ce262c9ae12f9ac763a2401380b455"},
]
pytest-metadata = [
{file = "pytest-metadata-1.11.0.tar.gz", hash = "sha256:71b506d49d34e539cc3cfdb7ce2c5f072bea5c953320002c95968e0238f8ecf1"},
{file = "pytest_metadata-1.11.0-py2.py3-none-any.whl", hash = "sha256:576055b8336dd4a9006dd2a47615f76f2f8c30ab12b1b1c039d99e834583523f"},
]
pytest-xdist = [ pytest-xdist = [
{file = "pytest-xdist-2.4.0.tar.gz", hash = "sha256:89b330316f7fc475f999c81b577c2b926c9569f3d397ae432c0c2e2496d61ff9"}, {file = "pytest-xdist-2.4.0.tar.gz", hash = "sha256:89b330316f7fc475f999c81b577c2b926c9569f3d397ae432c0c2e2496d61ff9"},
{file = "pytest_xdist-2.4.0-py3-none-any.whl", hash = "sha256:7b61ebb46997a0820a263553179d6d1e25a8c50d8a8620cd1aa1e20e3be99168"}, {file = "pytest_xdist-2.4.0-py3-none-any.whl", hash = "sha256:7b61ebb46997a0820a263553179d6d1e25a8c50d8a8620cd1aa1e20e3be99168"},
@ -2240,47 +2325,47 @@ pyyaml = [
{file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"}, {file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"},
] ]
regex = [ regex = [
{file = "regex-2021.8.28-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:9d05ad5367c90814099000442b2125535e9d77581855b9bee8780f1b41f2b1a2"}, {file = "regex-2021.9.24-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0628ed7d6334e8f896f882a5c1240de8c4d9b0dd7c7fb8e9f4692f5684b7d656"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f3bf1bc02bc421047bfec3343729c4bbbea42605bcfd6d6bfe2c07ade8b12d2a"}, {file = "regex-2021.9.24-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3baf3eaa41044d4ced2463fd5d23bf7bd4b03d68739c6c99a59ce1f95599a673"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5f6a808044faae658f546dd5f525e921de9fa409de7a5570865467f03a626fc0"}, {file = "regex-2021.9.24-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c000635fd78400a558bd7a3c2981bb2a430005ebaa909d31e6e300719739a949"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:a617593aeacc7a691cc4af4a4410031654f2909053bd8c8e7db837f179a630eb"}, {file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:295bc8a13554a25ad31e44c4bedabd3c3e28bba027e4feeb9bb157647a2344a7"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:79aef6b5cd41feff359acaf98e040844613ff5298d0d19c455b3d9ae0bc8c35a"}, {file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b0e3f59d3c772f2c3baaef2db425e6fc4149d35a052d874bb95ccfca10a1b9f4"},
{file = "regex-2021.8.28-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:0fc1f8f06977c2d4f5e3d3f0d4a08089be783973fc6b6e278bde01f0544ff308"}, {file = "regex-2021.9.24-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:aea4006b73b555fc5bdb650a8b92cf486d678afa168cf9b38402bb60bf0f9c18"},
{file = "regex-2021.8.28-cp310-cp310-win32.whl", hash = "sha256:6eebf512aa90751d5ef6a7c2ac9d60113f32e86e5687326a50d7686e309f66ed"}, {file = "regex-2021.9.24-cp310-cp310-win32.whl", hash = "sha256:09eb62654030f39f3ba46bc6726bea464069c29d00a9709e28c9ee9623a8da4a"},
{file = "regex-2021.8.28-cp310-cp310-win_amd64.whl", hash = "sha256:ac88856a8cbccfc14f1b2d0b829af354cc1743cb375e7f04251ae73b2af6adf8"}, {file = "regex-2021.9.24-cp310-cp310-win_amd64.whl", hash = "sha256:8d80087320632457aefc73f686f66139801959bf5b066b4419b92be85be3543c"},
{file = "regex-2021.8.28-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:c206587c83e795d417ed3adc8453a791f6d36b67c81416676cad053b4104152c"}, {file = "regex-2021.9.24-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:7e3536f305f42ad6d31fc86636c54c7dafce8d634e56fef790fbacb59d499dd5"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e8690ed94481f219a7a967c118abaf71ccc440f69acd583cab721b90eeedb77c"}, {file = "regex-2021.9.24-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c31f35a984caffb75f00a86852951a337540b44e4a22171354fb760cefa09346"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:328a1fad67445550b982caa2a2a850da5989fd6595e858f02d04636e7f8b0b13"}, {file = "regex-2021.9.24-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9c7cb25adba814d5f419733fe565f3289d6fa629ab9e0b78f6dff5fa94ab0456"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:c7cb4c512d2d3b0870e00fbbac2f291d4b4bf2634d59a31176a87afe2777c6f0"}, {file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:85c61bee5957e2d7be390392feac7e1d7abd3a49cbaed0c8cee1541b784c8561"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:66256b6391c057305e5ae9209941ef63c33a476b73772ca967d4a2df70520ec1"}, {file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c94722bf403b8da744b7d0bb87e1f2529383003ceec92e754f768ef9323f69ad"},
{file = "regex-2021.8.28-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8e44769068d33e0ea6ccdf4b84d80c5afffe5207aa4d1881a629cf0ef3ec398f"}, {file = "regex-2021.9.24-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:6adc1bd68f81968c9d249aab8c09cdc2cbe384bf2d2cb7f190f56875000cdc72"},
{file = "regex-2021.8.28-cp36-cp36m-win32.whl", hash = "sha256:08d74bfaa4c7731b8dac0a992c63673a2782758f7cfad34cf9c1b9184f911354"}, {file = "regex-2021.9.24-cp36-cp36m-win32.whl", hash = "sha256:2054dea683f1bda3a804fcfdb0c1c74821acb968093d0be16233873190d459e3"},
{file = "regex-2021.8.28-cp36-cp36m-win_amd64.whl", hash = "sha256:abb48494d88e8a82601af905143e0de838c776c1241d92021e9256d5515b3645"}, {file = "regex-2021.9.24-cp36-cp36m-win_amd64.whl", hash = "sha256:7783d89bd5413d183a38761fbc68279b984b9afcfbb39fa89d91f63763fbfb90"},
{file = "regex-2021.8.28-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b4c220a1fe0d2c622493b0a1fd48f8f991998fb447d3cd368033a4b86cf1127a"}, {file = "regex-2021.9.24-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b15dc34273aefe522df25096d5d087abc626e388a28a28ac75a4404bb7668736"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d4a332404baa6665b54e5d283b4262f41f2103c255897084ec8f5487ce7b9e8e"}, {file = "regex-2021.9.24-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:10a7a9cbe30bd90b7d9a1b4749ef20e13a3528e4215a2852be35784b6bd070f0"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c61dcc1cf9fd165127a2853e2c31eb4fb961a4f26b394ac9fe5669c7a6592892"}, {file = "regex-2021.9.24-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fb9f5844db480e2ef9fce3a72e71122dd010ab7b2920f777966ba25f7eb63819"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:ee329d0387b5b41a5dddbb6243a21cb7896587a651bebb957e2d2bb8b63c0791"}, {file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:17310b181902e0bb42b29c700e2c2346b8d81f26e900b1328f642e225c88bce1"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f60667673ff9c249709160529ab39667d1ae9fd38634e006bec95611f632e759"}, {file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0bba1f6df4eafe79db2ecf38835c2626dbd47911e0516f6962c806f83e7a99ae"},
{file = "regex-2021.8.28-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:b844fb09bd9936ed158ff9df0ab601e2045b316b17aa8b931857365ea8586906"}, {file = "regex-2021.9.24-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:821e10b73e0898544807a0692a276e539e5bafe0a055506a6882814b6a02c3ec"},
{file = "regex-2021.8.28-cp37-cp37m-win32.whl", hash = "sha256:4cde065ab33bcaab774d84096fae266d9301d1a2f5519d7bd58fc55274afbf7a"}, {file = "regex-2021.9.24-cp37-cp37m-win32.whl", hash = "sha256:9c371dd326289d85906c27ec2bc1dcdedd9d0be12b543d16e37bad35754bde48"},
{file = "regex-2021.8.28-cp37-cp37m-win_amd64.whl", hash = "sha256:1413b5022ed6ac0d504ba425ef02549a57d0f4276de58e3ab7e82437892704fc"}, {file = "regex-2021.9.24-cp37-cp37m-win_amd64.whl", hash = "sha256:1e8d1898d4fb817120a5f684363b30108d7b0b46c7261264b100d14ec90a70e7"},
{file = "regex-2021.8.28-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ed4b50355b066796dacdd1cf538f2ce57275d001838f9b132fab80b75e8c84dd"}, {file = "regex-2021.9.24-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:8a5c2250c0a74428fd5507ae8853706fdde0f23bfb62ee1ec9418eeacf216078"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:28fc475f560d8f67cc8767b94db4c9440210f6958495aeae70fac8faec631797"}, {file = "regex-2021.9.24-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8aec4b4da165c4a64ea80443c16e49e3b15df0f56c124ac5f2f8708a65a0eddc"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bdc178caebd0f338d57ae445ef8e9b737ddf8fbc3ea187603f65aec5b041248f"}, {file = "regex-2021.9.24-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:650c4f1fc4273f4e783e1d8e8b51a3e2311c2488ba0fcae6425b1e2c248a189d"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:999ad08220467b6ad4bd3dd34e65329dd5d0df9b31e47106105e407954965256"}, {file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:2cdb3789736f91d0b3333ac54d12a7e4f9efbc98f53cb905d3496259a893a8b3"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:808ee5834e06f57978da3e003ad9d6292de69d2bf6263662a1a8ae30788e080b"}, {file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e61100200fa6ab7c99b61476f9f9653962ae71b931391d0264acfb4d9527d9c"},
{file = "regex-2021.8.28-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:d5111d4c843d80202e62b4fdbb4920db1dcee4f9366d6b03294f45ed7b18b42e"}, {file = "regex-2021.9.24-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8c268e78d175798cd71d29114b0a1f1391c7d011995267d3b62319ec1a4ecaa1"},
{file = "regex-2021.8.28-cp38-cp38-win32.whl", hash = "sha256:473858730ef6d6ff7f7d5f19452184cd0caa062a20047f6d6f3e135a4648865d"}, {file = "regex-2021.9.24-cp38-cp38-win32.whl", hash = "sha256:658e3477676009083422042c4bac2bdad77b696e932a3de001c42cc046f8eda2"},
{file = "regex-2021.8.28-cp38-cp38-win_amd64.whl", hash = "sha256:31a99a4796bf5aefc8351e98507b09e1b09115574f7c9dbb9cf2111f7220d2e2"}, {file = "regex-2021.9.24-cp38-cp38-win_amd64.whl", hash = "sha256:a731552729ee8ae9c546fb1c651c97bf5f759018fdd40d0e9b4d129e1e3a44c8"},
{file = "regex-2021.8.28-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:04f6b9749e335bb0d2f68c707f23bb1773c3fb6ecd10edf0f04df12a8920d468"}, {file = "regex-2021.9.24-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:86f9931eb92e521809d4b64ec8514f18faa8e11e97d6c2d1afa1bcf6c20a8eab"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b006628fe43aa69259ec04ca258d88ed19b64791693df59c422b607b6ece8bb"}, {file = "regex-2021.9.24-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dcbbc9cfa147d55a577d285fd479b43103188855074552708df7acc31a476dd9"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:121f4b3185feaade3f85f70294aef3f777199e9b5c0c0245c774ae884b110a2d"}, {file = "regex-2021.9.24-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:29385c4dbb3f8b3a55ce13de6a97a3d21bd00de66acd7cdfc0b49cb2f08c906c"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:a577a21de2ef8059b58f79ff76a4da81c45a75fe0bfb09bc8b7bb4293fa18983"}, {file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl", hash = "sha256:c50a6379763c733562b1fee877372234d271e5c78cd13ade5f25978aa06744db"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1743345e30917e8c574f273f51679c294effba6ad372db1967852f12c76759d8"}, {file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6f74b6d8f59f3cfb8237e25c532b11f794b96f5c89a6f4a25857d85f84fbef11"},
{file = "regex-2021.8.28-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:e1e8406b895aba6caa63d9fd1b6b1700d7e4825f78ccb1e5260551d168db38ed"}, {file = "regex-2021.9.24-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:6c4d83d21d23dd854ffbc8154cf293f4e43ba630aa9bd2539c899343d7f59da3"},
{file = "regex-2021.8.28-cp39-cp39-win32.whl", hash = "sha256:ed283ab3a01d8b53de3a05bfdf4473ae24e43caee7dcb5584e86f3f3e5ab4374"}, {file = "regex-2021.9.24-cp39-cp39-win32.whl", hash = "sha256:95e89a8558c8c48626dcffdf9c8abac26b7c251d352688e7ab9baf351e1c7da6"},
{file = "regex-2021.8.28-cp39-cp39-win_amd64.whl", hash = "sha256:610b690b406653c84b7cb6091facb3033500ee81089867ee7d59e675f9ca2b73"}, {file = "regex-2021.9.24-cp39-cp39-win_amd64.whl", hash = "sha256:835962f432bce92dc9bf22903d46c50003c8d11b1dc64084c8fae63bca98564a"},
{file = "regex-2021.8.28.tar.gz", hash = "sha256:f585cbbeecb35f35609edccb95efd95a3e35824cd7752b586503f7e6087303f1"}, {file = "regex-2021.9.24.tar.gz", hash = "sha256:6266fde576e12357b25096351aac2b4b880b0066263e7bc7a9a1b4307991bb0e"},
] ]
"repoze.lru" = [ "repoze.lru" = [
{file = "repoze.lru-0.7-py3-none-any.whl", hash = "sha256:f77bf0e1096ea445beadd35f3479c5cff2aa1efe604a133e67150bc8630a62ea"}, {file = "repoze.lru-0.7-py3-none-any.whl", hash = "sha256:f77bf0e1096ea445beadd35f3479c5cff2aa1efe604a133e67150bc8630a62ea"},

17
libs/skyline-policy-manager/pyproject.toml
View File

@ -19,11 +19,24 @@ black = "^21.5b1"
add-trailing-comma = "*" add-trailing-comma = "*"
flake8 = "*" flake8 = "*"
mypy = "*" mypy = "*"
pytest = "*"
pytest-xdist = {extras = ["psutil"], version = "*"}
skyline-log = {path = "../skyline-log", develop = true} skyline-log = {path = "../skyline-log", develop = true}
"oslo.log" = "*" "oslo.log" = "*"
neutron-lib = "*" neutron-lib = "*"
pytest = "*"
pytest-xdist = "*"
mimesis = "*"
pytest-cov = "*"
pytest-html = "*"
[tool.pytest.ini_options]
minversion = "6.0"
addopts = "-v -s -p no:cacheprovider -n auto --cov=skyline_policy_manager --cov-append --cov-report=term-missing --cov-report=html"
testpaths = [
"tests",
]
markers = [
"ddt(*args: TestData): Mark the test as a data-driven test."
]
[tool.poetry.scripts] [tool.poetry.scripts]
skyline-policy-manager = "skyline_policy_manager.cmd.manage:main" skyline-policy-manager = "skyline_policy_manager.cmd.manage:main"

34
libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py
View File

@ -15,7 +15,7 @@
from __future__ import annotations from __future__ import annotations
import json import json
from importlib.metadata import entry_points from importlib import metadata
from logging import StreamHandler from logging import StreamHandler
from pathlib import Path from pathlib import Path
from typing import Callable, Dict, Iterable, List, Union from typing import Callable, Dict, Iterable, List, Union
@ -23,25 +23,11 @@ from typing import Callable, Dict, Iterable, List, Union
import click import click
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore
from skyline_log import LOG, setup as log_setup from skyline_log import LOG, setup as log_setup
from skyline_policy_manager import constants
from skyline_policy_manager.policies import get_service_rules from skyline_policy_manager.policies import get_service_rules
from skyline_policy_manager.policies.base import APIRule, Rule from skyline_policy_manager.policies.base import APIRule, Rule
DEBUG = False DEBUG = False
POLICY_NS = "oslo.policy.policies"
SUPPORTED_SERVICE_EPS = {
# openstack_service: [<entry_point_name>, <entry_point_name>,]
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"ironic": ["ironic.api", "ironic_inspector.api"],
"keystone": ["keystone"],
"neutron": ["neutron", "neutron-vpnaas"],
"nova": ["nova"],
"octavia": ["octavia"],
"panko": ["panko"],
"placement": ["placement"],
}
OSRules = Iterable[Union[DocumentedRuleDefault, RuleDefault]] OSRules = Iterable[Union[DocumentedRuleDefault, RuleDefault]]
@ -50,7 +36,7 @@ def load_list_rules_funcs(
namespace: str, namespace: str,
service_eps: Dict[str, List[str]], service_eps: Dict[str, List[str]],
) -> Dict[str, Callable[[], OSRules]]: ) -> Dict[str, Callable[[], OSRules]]:
eps = set(entry_points()[namespace]) eps = set(metadata.entry_points()[namespace])
supported_eps = set() supported_eps = set()
for ep_names in service_eps.values(): for ep_names in service_eps.values():
supported_eps.update(ep_names) supported_eps.update(ep_names)
@ -58,7 +44,7 @@ def load_list_rules_funcs(
def load_list_rules_func(namespace: str, service_ep: str) -> Union[None, Callable[[], OSRules]]: def load_list_rules_func(namespace: str, service_ep: str) -> Union[None, Callable[[], OSRules]]:
eps = set(entry_points()[namespace]) eps = set(metadata.entry_points()[namespace])
for ep in eps: for ep in eps:
if ep.name == service_ep: if ep.name == service_ep:
return ep.load() return ep.load()
@ -106,10 +92,10 @@ def policy_manager(debug: bool) -> None:
@click.command(help="Generate sample policy yaml file.") @click.command(help="Generate sample policy yaml file.")
@click.option("--dir", help='Directory of policy file.(default: "./tmp")', default="./tmp") @click.option("--dir", help='Directory of policy file.(default: "./tmp")', default="./tmp")
def generate_sample(dir: str) -> None: def generate_sample(dir: str) -> None:
list_rules_funcs = load_list_rules_funcs(POLICY_NS, SUPPORTED_SERVICE_EPS) list_rules_funcs = load_list_rules_funcs(constants.POLICY_NS, constants.SUPPORTED_SERVICE_EPS)
rule_map = {} rule_map = {}
for service, eps in SUPPORTED_SERVICE_EPS.items(): for service, eps in constants.SUPPORTED_SERVICE_EPS.items():
rules = [] rules = []
api_rules = [] api_rules = []
for ep in eps: for ep in eps:
@ -156,7 +142,7 @@ def generate_conf(dir: str, desc: str) -> None:
@click.command(help="Generate service rule code.") @click.command(help="Generate service rule code.")
@click.argument("entry_point") @click.argument("entry_point")
def generate_rule(entry_point: str) -> None: def generate_rule(entry_point: str) -> None:
ep_rules_func = load_list_rules_func(POLICY_NS, entry_point) ep_rules_func = load_list_rules_func(constants.POLICY_NS, entry_point)
if ep_rules_func is None: if ep_rules_func is None:
raise Exception( raise Exception(
f"Not found entry point '{entry_point}' in oslo.policy.policies namespace.", f"Not found entry point '{entry_point}' in oslo.policy.policies namespace.",
@ -226,10 +212,10 @@ __all__ = ("list_rules",)
@click.command(help="Validate all policy rules.") @click.command(help="Validate all policy rules.")
@click.option("--diff", help="Output policy rule diff info.", is_flag=True, default=False) @click.option("--diff", help="Output policy rule diff info.", is_flag=True, default=False)
def validate(diff: bool) -> None: def validate(diff: bool) -> None:
list_rules_funcs = load_list_rules_funcs(POLICY_NS, SUPPORTED_SERVICE_EPS) list_rules_funcs = load_list_rules_funcs(constants.POLICY_NS, constants.SUPPORTED_SERVICE_EPS)
os_rule_map = {} os_rule_map = {}
for service, eps in SUPPORTED_SERVICE_EPS.items(): for service, eps in constants.SUPPORTED_SERVICE_EPS.items():
service_rules = {} service_rules = {}
for ep in eps: for ep in eps:
ep_rules = list_rules_funcs.get(ep, lambda: [])() ep_rules = list_rules_funcs.get(ep, lambda: [])()
@ -276,7 +262,7 @@ def validate(diff: bool) -> None:
LOG.info("Validate policy completed") LOG.info("Validate policy completed")
def main(): def main() -> None:
policy_manager.add_command(generate_sample) policy_manager.add_command(generate_sample)
policy_manager.add_command(generate_conf) policy_manager.add_command(generate_conf)
policy_manager.add_command(generate_rule) policy_manager.add_command(generate_rule)

29
libs/skyline-policy-manager/skyline_policy_manager/constants.py Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
POLICY_NS = "oslo.policy.policies"
SUPPORTED_SERVICE_EPS = {
# openstack_service: [<entry_point_name>, <entry_point_name>,]
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"ironic": ["ironic.api", "ironic_inspector.api"],
"keystone": ["keystone"],
"neutron": ["neutron", "neutron-vpnaas"],
"nova": ["nova"],
"octavia": ["octavia"],
"panko": ["panko"],
"placement": ["placement"],
}

1
libs/skyline-policy-manager/skyline_policy_manager/policies/base.py
View File

@ -18,7 +18,6 @@ from typing import List
from oslo_policy import _parser # type: ignore from oslo_policy import _parser # type: ignore
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore from oslo_policy.policy import DocumentedRuleDefault, RuleDefault # type: ignore
from skyline_policy_manager.schema import Operation, OperationsSchema, ScopeTypesSchema from skyline_policy_manager.schema import Operation, OperationsSchema, ScopeTypesSchema

39
libs/skyline-policy-manager/skyline_policy_manager/policies/cinder.py
View File

@ -66,7 +66,7 @@ list_rules = (
description="Mark a volume attachment process as completed (in-use)", description="Mark a volume attachment process as completed (in-use)",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"} {"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -251,7 +251,7 @@ list_rules = (
description="Reset status of a snapshot.", description="Reset status of a snapshot.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"} {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -261,7 +261,10 @@ list_rules = (
description="Update database fields of snapshot.", description="Update database fields of snapshot.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (update_snapshot_status)"} {
"method": "POST",
"path": "/snapshots/{snapshot_id}/action (update_snapshot_status)",
},
], ],
), ),
base.APIRule( base.APIRule(
@ -271,7 +274,7 @@ list_rules = (
description="Force delete a snapshot.", description="Force delete a snapshot.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"} {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -566,7 +569,7 @@ list_rules = (
description="Reset status of group snapshot.", description="Reset status of group snapshot.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"} {"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -606,7 +609,7 @@ list_rules = (
description="Disable replication.", description="Disable replication.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"} {"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -618,7 +621,7 @@ list_rules = (
description="Fail over replication.", description="Fail over replication.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"} {"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -630,7 +633,7 @@ list_rules = (
description="List failover replication.", description="List failover replication.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"} {"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1023,7 +1026,7 @@ list_rules = (
description="Update a volume's readonly flag.", description="Update a volume's readonly flag.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1041,7 +1044,7 @@ list_rules = (
description="Upload a volume to image with public visibility.", description="Upload a volume to image with public visibility.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1053,7 +1056,7 @@ list_rules = (
description="Upload a volume to image.", description="Upload a volume to image.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1071,7 +1074,7 @@ list_rules = (
description="migrate a volume to a specified host.", description="migrate a volume to a specified host.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1084,7 +1087,7 @@ list_rules = (
{ {
"method": "POST", "method": "POST",
"path": "/volumes/{volume_id}/action (os-migrate_volume_completion)", "path": "/volumes/{volume_id}/action (os-migrate_volume_completion)",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1096,7 +1099,7 @@ list_rules = (
description="Initialize volume attachment.", description="Initialize volume attachment.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1108,7 +1111,7 @@ list_rules = (
description="Terminate volume attachment.", description="Terminate volume attachment.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1120,7 +1123,7 @@ list_rules = (
description="Roll back volume status to 'in-use'.", description="Roll back volume status to 'in-use'.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1152,7 +1155,7 @@ list_rules = (
description="Begin detach volumes.", description="Begin detach volumes.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"} {"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1351,7 +1354,7 @@ list_rules = (
description="Delete type extra specs.", description="Delete type extra specs.",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"} {"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"},
], ],
), ),
base.APIRule( base.APIRule(

15
libs/skyline-policy-manager/skyline_policy_manager/policies/glance.py
View File

@ -176,7 +176,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="get_image", name="get_image",
check_str=("role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"), check_str=(
'role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s))'
),
basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"),
description="Get specified image", description="Get specified image",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -216,7 +218,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="download_image", name="download_image",
check_str=("role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"), check_str=(
'role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s))'
),
basic_check_str=("role:admin or role:admin or role:member"), basic_check_str=("role:admin or role:admin or role:member"),
description="Downloads given image", description="Downloads given image",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -356,7 +360,12 @@ list_rules = (
basic_check_str=("!"), basic_check_str=("!"),
description="\n#This is a generic blanket policy for protecting all task APIs. It is not\n#granular and will not allow you to separate writable and readable task\n#operations into different roles.\n#", description="\n#This is a generic blanket policy for protecting all task APIs. It is not\n#granular and will not allow you to separate writable and readable task\n#operations into different roles.\n#",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}, {"method": "GET", "path": "/v2/tasks"}, {"method": "POST", "path": "/v2/tasks"}, {"method": "DELETE", "path": "/v2/tasks/{task_id}"}], operations=[
{"method": "GET", "path": "/v2/tasks/{task_id}"},
{"method": "GET", "path": "/v2/tasks"},
{"method": "POST", "path": "/v2/tasks"},
{"method": "DELETE", "path": "/v2/tasks/{task_id}"},
],
), ),
) )

658
libs/skyline-policy-manager/skyline_policy_manager/policies/heat.py
View File

File diff suppressed because it is too large Load Diff

416
libs/skyline-policy-manager/skyline_policy_manager/policies/ironic.py
View File

@ -25,7 +25,9 @@ list_rules = (
), ),
base.Rule( base.Rule(
name="is_member", name="is_member",
check_str=("(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"), check_str=(
"(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"
),
description="May be used to restrict access to specific projects", description="May be used to restrict access to specific projects",
), ),
base.Rule( base.Rule(
@ -67,7 +69,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Node records, filtered by an explicit owner or the client project_id", description="Retrieve multiple Node records, filtered by an explicit owner or the client project_id",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], operations=[
{"method": "GET", "path": "/nodes"},
{"method": "GET", "path": "/nodes/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:list_all", name="baremetal:node:list_all",
@ -75,11 +80,16 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Node records", description="Retrieve multiple Node records",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], operations=[
{"method": "GET", "path": "/nodes"},
{"method": "GET", "path": "/nodes/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get", name="baremetal:node:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve a single Node record", description="Retrieve a single Node record",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -95,7 +105,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get:last_error", name="baremetal:node:get:last_error",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Governs if the node last_error field is masked from APIclients with insufficent privileges.", description="Governs if the node last_error field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -103,7 +115,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get:reservation", name="baremetal:node:get:reservation",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Governs if the node reservation field is masked from APIclients with insufficent privileges.", description="Governs if the node reservation field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -111,7 +125,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get:driver_internal_info", name="baremetal:node:get:driver_internal_info",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Governs if the node driver_internal_info field is masked from API clients with insufficent privileges.", description="Governs if the node driver_internal_info field is masked from API clients with insufficent privileges.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -119,7 +135,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get:driver_info", name="baremetal:node:get:driver_info",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Governs if the driver_info field is masked from APIclients with insufficent privileges.", description="Governs if the driver_info field is masked from APIclients with insufficent privileges.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -127,7 +145,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:driver_info", name="baremetal:node:update:driver_info",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node driver_info field can be updated via the API clients.", description="Governs if node driver_info field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -135,7 +155,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:properties", name="baremetal:node:update:properties",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node properties field can be updated via the API clients.", description="Governs if node properties field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -151,7 +173,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:instance_uuid", name="baremetal:node:update:instance_uuid",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node instance_uuid field can be updated via the API clients.", description="Governs if node instance_uuid field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -159,7 +183,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:lessee", name="baremetal:node:update:lessee",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node lessee field can be updated via the API clients.", description="Governs if node lessee field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -175,7 +201,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:driver_interfaces", name="baremetal:node:update:driver_interfaces",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node driver and driver interfaces field can be updated via the API clients.", description="Governs if node driver and driver interfaces field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -183,7 +211,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:network_data", name="baremetal:node:update:network_data",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node driver_info field can be updated via the API clients.", description="Governs if node driver_info field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -199,7 +229,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:name", name="baremetal:node:update:name",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node name field can be updated via the API clients.", description="Governs if node name field can be updated via the API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -207,7 +239,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update:retired", name="baremetal:node:update:retired",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Governs if node retired and retired reason can be updated by API clients.", description="Governs if node retired and retired reason can be updated by API clients.",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -215,7 +249,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update", name="baremetal:node:update",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Generalized update of node records", description="Generalized update of node records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -223,7 +259,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update_extra", name="baremetal:node:update_extra",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update Node extra field", description="Update Node extra field",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -231,7 +269,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:update_instance_info", name="baremetal:node:update_instance_info",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update Node instance_info field", description="Update Node instance_info field",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -255,7 +295,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:validate", name="baremetal:node:validate",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Request active validation of Nodes", description="Request active validation of Nodes",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -263,7 +305,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_maintenance", name="baremetal:node:set_maintenance",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Set maintenance flag, taking a Node out of service", description="Set maintenance flag, taking a Node out of service",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -271,7 +315,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:clear_maintenance", name="baremetal:node:clear_maintenance",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Clear maintenance flag, placing the Node into service again", description="Clear maintenance flag, placing the Node into service again",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -279,15 +325,22 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get_boot_device", name="baremetal:node:get_boot_device",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Node boot device metadata", description="Retrieve Node boot device metadata",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"}, {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"}], operations=[
{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"},
{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_boot_device", name="baremetal:node:set_boot_device",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node boot device", description="Change Node boot device",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -295,23 +348,40 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get_indicator_state", name="baremetal:node:get_indicator_state",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Node indicators and their states", description="Retrieve Node indicators and their states",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}, {"method": "GET", "path": "/nodes/{node_ident}/management/indicators"}], operations=[
{
"method": "GET",
"path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}",
},
{"method": "GET", "path": "/nodes/{node_ident}/management/indicators"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_indicator_state", name="baremetal:node:set_indicator_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node indicator state", description="Change Node indicator state",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}], operations=[
{
"method": "PUT",
"path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}",
},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:inject_nmi", name="baremetal:node:inject_nmi",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Inject NMI for a node", description="Inject NMI for a node",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -319,7 +389,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get_states", name="baremetal:node:get_states",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="View Node power and provision state", description="View Node power and provision state",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -327,7 +399,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_power_state", name="baremetal:node:set_power_state",
check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node power status", description="Change Node power status",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -335,7 +409,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_provision_state", name="baremetal:node:set_provision_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node provision status", description="Change Node provision status",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -343,7 +419,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_raid_state", name="baremetal:node:set_raid_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node RAID status", description="Change Node RAID status",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -351,7 +429,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:get_console", name="baremetal:node:get_console",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Get Node console connection information", description="Get Node console connection information",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -359,7 +439,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:set_console_state", name="baremetal:node:set_console_state",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change Node console status", description="Change Node console status",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -367,7 +449,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:vif:list", name="baremetal:node:vif:list",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="List VIFs attached to node", description="List VIFs attached to node",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -375,7 +459,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:vif:attach", name="baremetal:node:vif:attach",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Attach a VIF to a node", description="Attach a VIF to a node",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -383,7 +469,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:vif:detach", name="baremetal:node:vif:detach",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Detach a VIF from a node", description="Detach a VIF from a node",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -391,7 +479,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:traits:list", name="baremetal:node:traits:list",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="List node traits", description="List node traits",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -399,27 +489,42 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:node:traits:set", name="baremetal:node:traits:set",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Add a trait to, or replace all traits of, a node", description="Add a trait to, or replace all traits of, a node",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "PUT", "path": "/nodes/{node_ident}/traits"}, {"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"}], operations=[
{"method": "PUT", "path": "/nodes/{node_ident}/traits"},
{"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:traits:delete", name="baremetal:node:traits:delete",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Remove one or all traits from a node", description="Remove one or all traits from a node",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/traits"}, {"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"}], operations=[
{"method": "DELETE", "path": "/nodes/{node_ident}/traits"},
{"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:bios:get", name="baremetal:node:bios:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Node BIOS information", description="Retrieve Node BIOS information",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/nodes/{node_ident}/bios"}, {"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"}], operations=[
{"method": "GET", "path": "/nodes/{node_ident}/bios"},
{"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:disable_cleaning", name="baremetal:node:disable_cleaning",
@ -431,11 +536,19 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:port:get", name="baremetal:port:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Port records", description="Retrieve Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports/{port_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/ports"}, {"method": "GET", "path": "/nodes/{node_ident}/ports/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"}], operations=[
{"method": "GET", "path": "/ports/{port_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/ports"},
{"method": "GET", "path": "/nodes/{node_ident}/ports/detail"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:port:list", name="baremetal:port:list",
@ -443,7 +556,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records, filtered by owner", description="Retrieve multiple Port records, filtered by owner",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], operations=[
{"method": "GET", "path": "/ports"},
{"method": "GET", "path": "/ports/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:port:list_all", name="baremetal:port:list_all",
@ -451,11 +567,16 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records", description="Retrieve multiple Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], operations=[
{"method": "GET", "path": "/ports"},
{"method": "GET", "path": "/ports/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:port:create", name="baremetal:port:create",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Create Port records", description="Create Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -463,7 +584,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:port:delete", name="baremetal:port:delete",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Delete Port records", description="Delete Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -471,7 +594,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:port:update", name="baremetal:port:update",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update Port records", description="Update Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -479,15 +604,25 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:portgroup:get", name="baremetal:portgroup:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Portgroup records", description="Retrieve Portgroup records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"}], operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
{"method": "GET", "path": "/portgroups/{portgroup_ident}"},
{"method": "GET", "path": "/nodes/{node_ident}/portgroups"},
{"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:portgroup:create", name="baremetal:portgroup:create",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Create Portgroup records", description="Create Portgroup records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -495,7 +630,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:portgroup:delete", name="baremetal:portgroup:delete",
check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Delete Portgroup records", description="Delete Portgroup records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -503,7 +640,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:portgroup:update", name="baremetal:portgroup:update",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update Portgroup records", description="Update Portgroup records",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -515,7 +654,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records, filtered by owner", description="Retrieve multiple Port records, filtered by owner",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:portgroup:list_all", name="baremetal:portgroup:list_all",
@ -523,7 +665,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve multiple Port records", description="Retrieve multiple Port records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], operations=[
{"method": "GET", "path": "/portgroups"},
{"method": "GET", "path": "/portgroups/detail"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:chassis:get", name="baremetal:chassis:get",
@ -531,7 +676,11 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Chassis records", description="Retrieve Chassis records",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/chassis"}, {"method": "GET", "path": "/chassis/detail"}, {"method": "GET", "path": "/chassis/{chassis_id}"}], operations=[
{"method": "GET", "path": "/chassis"},
{"method": "GET", "path": "/chassis/detail"},
{"method": "GET", "path": "/chassis/{chassis_id}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:chassis:create", name="baremetal:chassis:create",
@ -563,7 +712,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="View list of available drivers", description="View list of available drivers",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/drivers"}, {"method": "GET", "path": "/drivers/{driver_name}"}], operations=[
{"method": "GET", "path": "/drivers"},
{"method": "GET", "path": "/drivers/{driver_name}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:driver:get_properties", name="baremetal:driver:get_properties",
@ -579,7 +731,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="View driver-specific RAID metadata", description="View driver-specific RAID metadata",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"}], operations=[
{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:vendor_passthru", name="baremetal:node:vendor_passthru",
@ -587,7 +741,20 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Access vendor-specific Node functions", description="Access vendor-specific Node functions",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"}, {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}], operations=[
{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"},
{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"},
{
"method": "PATCH",
"path": "nodes/{node_ident}/vendor_passthru?method={method_name}",
},
{
"method": "DELETE",
"path": "nodes/{node_ident}/vendor_passthru?method={method_name}",
},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:driver:vendor_passthru", name="baremetal:driver:vendor_passthru",
@ -595,7 +762,29 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Access vendor-specific Driver functions", description="Access vendor-specific Driver functions",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"}, {"method": "GET", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}], operations=[
{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"},
{
"method": "GET",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "PUT",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "POST",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "PATCH",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
{
"method": "DELETE",
"path": "drivers/{driver_name}/vendor_passthru?method={method_name}",
},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:node:ipa_heartbeat", name="baremetal:node:ipa_heartbeat",
@ -619,7 +808,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve a list of all Volume connector and target records", description="Retrieve a list of all Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], operations=[
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:list", name="baremetal:volume:list",
@ -627,39 +821,70 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve a list of Volume connector and target records", description="Retrieve a list of Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], operations=[
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:get", name="baremetal:volume:get",
check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), check_str=(
"(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Volume connector and target records", description="Retrieve Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume"}, {"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/volume"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], operations=[
{"method": "GET", "path": "/volume"},
{"method": "GET", "path": "/volume/connectors"},
{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "GET", "path": "/volume/targets"},
{"method": "GET", "path": "/volume/targets/{volume_target_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/volume"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"},
{"method": "GET", "path": "/nodes/{node_ident}/volume/targets"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:create", name="baremetal:volume:create",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Create Volume connector and target records", description="Create Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "POST", "path": "/volume/connectors"}, {"method": "POST", "path": "/volume/targets"}], operations=[
{"method": "POST", "path": "/volume/connectors"},
{"method": "POST", "path": "/volume/targets"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:delete", name="baremetal:volume:delete",
check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Delete Volume connector and target records", description="Delete Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "DELETE", "path": "/volume/targets/{volume_target_id}"}], operations=[
{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "DELETE", "path": "/volume/targets/{volume_target_id}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:update", name="baremetal:volume:update",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update Volume connector and target records", description="Update Volume connector and target records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "PATCH", "path": "/volume/targets/{volume_target_id}"}], operations=[
{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "PATCH", "path": "/volume/targets/{volume_target_id}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:volume:view_target_properties", name="baremetal:volume:view_target_properties",
@ -667,7 +892,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Ability to view volume target properties", description="Ability to view volume target properties",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}], operations=[
{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"},
{"method": "GET", "path": "/volume/targets/{volume_target_id}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:conductor:get", name="baremetal:conductor:get",
@ -675,15 +903,23 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Conductor records", description="Retrieve Conductor records",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/conductors"}, {"method": "GET", "path": "/conductors/{hostname}"}], operations=[
{"method": "GET", "path": "/conductors"},
{"method": "GET", "path": "/conductors/{hostname}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:allocation:get", name="baremetal:allocation:get",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Allocation records", description="Retrieve Allocation records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "GET", "path": "/allocations/{allocation_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/allocation"}], operations=[
{"method": "GET", "path": "/allocations/{allocation_id}"},
{"method": "GET", "path": "/nodes/{node_ident}/allocation"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:allocation:list", name="baremetal:allocation:list",
@ -719,15 +955,22 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:allocation:delete", name="baremetal:allocation:delete",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Delete Allocation records", description="Delete Allocation records",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[{"method": "DELETE", "path": "/allocations/{allocation_id}"}, {"method": "DELETE", "path": "/nodes/{node_ident}/allocation"}], operations=[
{"method": "DELETE", "path": "/allocations/{allocation_id}"},
{"method": "DELETE", "path": "/nodes/{node_ident}/allocation"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:allocation:update", name="baremetal:allocation:update",
check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"), check_str=(
"(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Change name and extra fields of an allocation", description="Change name and extra fields of an allocation",
scope_types=["system", "project"], scope_types=["system", "project"],
@ -735,7 +978,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="baremetal:allocation:create_pre_rbac", name="baremetal:allocation:create_pre_rbac",
check_str=("(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"), check_str=(
"(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"
),
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Logical restrictor to prevent legacy allocation rule missuse - Requires blank allocations to originate from the legacy baremetal_admin.", description="Logical restrictor to prevent legacy allocation rule missuse - Requires blank allocations to originate from the legacy baremetal_admin.",
scope_types=["project"], scope_types=["project"],
@ -755,7 +1000,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Retrieve Deploy Template records", description="Retrieve Deploy Template records",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/deploy_templates"}, {"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"}], operations=[
{"method": "GET", "path": "/deploy_templates"},
{"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"},
],
), ),
base.APIRule( base.APIRule(
name="baremetal:deploy_template:create", name="baremetal:deploy_template:create",

84
libs/skyline-policy-manager/skyline_policy_manager/policies/keystone.py
View File

@ -72,7 +72,7 @@ list_rules = (
description="Delete an access_rule.", description="Delete an access_rule.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"} {"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -93,7 +93,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -106,7 +106,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -127,7 +127,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -140,7 +140,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -189,7 +189,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/users/{user_id}/application_credentials/{application_credential_id}", "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -448,7 +448,7 @@ list_rules = (
description="Show ec2 credential details.", description="Show ec2 credential details.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"} {"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -474,7 +474,10 @@ list_rules = (
description="Delete ec2 credential.", description="Delete ec2 credential.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "DELETE", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"} {
"method": "DELETE",
"path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}",
},
], ],
), ),
base.APIRule( base.APIRule(
@ -551,7 +554,7 @@ list_rules = (
description="Update endpoint group.", description="Update endpoint group.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"} {"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -561,7 +564,7 @@ list_rules = (
description="Delete endpoint group.", description="Delete endpoint group.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"} {"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -574,7 +577,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -587,7 +590,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -614,7 +617,7 @@ list_rules = (
description="List endpoint groups associated with a specific project.", description="List endpoint groups associated with a specific project.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"} {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"},
], ],
), ),
base.APIRule( base.APIRule(
@ -627,7 +630,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -640,7 +643,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1058,7 +1061,7 @@ list_rules = (
description="Delete identity provider.", description="Delete identity provider.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"} {"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1068,7 +1071,7 @@ list_rules = (
description="Get information about an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", description="Get information about an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} {"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1089,7 +1092,7 @@ list_rules = (
description="Create an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", description="Create an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} {"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1099,7 +1102,7 @@ list_rules = (
description="Delete the association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. Removing the association will cause that effect to be eliminated.", description="Delete the association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. Removing the association will cause that effect to be eliminated.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} {"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1120,7 +1123,7 @@ list_rules = (
description="Check an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", description="Check an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} {"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1278,7 +1281,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1308,7 +1311,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1321,7 +1324,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1351,7 +1354,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1364,7 +1367,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1394,7 +1397,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1415,7 +1418,7 @@ list_rules = (
description="List endpoints for policy.", description="List endpoints for policy.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"} {"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1551,7 +1554,7 @@ list_rules = (
description="List projects allowed to access an endpoint.", description="List projects allowed to access an endpoint.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"} {"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1564,7 +1567,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1591,7 +1594,7 @@ list_rules = (
description="List the endpoints a project is allowed to access.", description="List the endpoints a project is allowed to access.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"} {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1604,7 +1607,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1617,7 +1620,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1630,7 +1633,7 @@ list_rules = (
{ {
"method": "PATCH", "method": "PATCH",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1643,7 +1646,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1653,7 +1656,7 @@ list_rules = (
description="List federated protocols.", description="List federated protocols.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"} {"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1666,7 +1669,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1939,7 +1942,10 @@ list_rules = (
description="Create federated service provider.", description="Create federated service provider.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PUT", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"} {
"method": "PUT",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
},
], ],
), ),
base.APIRule( base.APIRule(
@ -1980,7 +1986,7 @@ list_rules = (
{ {
"method": "PATCH", "method": "PATCH",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1993,7 +1999,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(

36
libs/skyline-policy-manager/skyline_policy_manager/policies/neutron.py
View File

@ -257,7 +257,7 @@ list_rules = (
description="Remove a network from a DHCP agent", description="Remove a network from a DHCP agent",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"} {"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -421,7 +421,7 @@ list_rules = (
description="Disassociate a flavor with a service profile", description="Disassociate a flavor with a service profile",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"} {"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -541,7 +541,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -558,7 +558,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -605,7 +605,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -622,7 +622,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1477,7 +1477,7 @@ list_rules = (
description="Create a QoS bandwidth limit rule", description="Create a QoS bandwidth limit rule",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"} {"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1487,7 +1487,10 @@ list_rules = (
description="Update a QoS bandwidth limit rule", description="Update a QoS bandwidth limit rule",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PUT", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"} {
"method": "PUT",
"path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}",
},
], ],
), ),
base.APIRule( base.APIRule(
@ -1500,7 +1503,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1533,7 +1536,7 @@ list_rules = (
description="Update a QoS DSCP marking rule", description="Update a QoS DSCP marking rule",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"} {"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1543,7 +1546,10 @@ list_rules = (
description="Delete a QoS DSCP marking rule", description="Delete a QoS DSCP marking rule",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "DELETE", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"} {
"method": "DELETE",
"path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}",
},
], ],
), ),
base.APIRule( base.APIRule(
@ -1571,7 +1577,7 @@ list_rules = (
description="Create a QoS minimum bandwidth rule", description="Create a QoS minimum bandwidth rule",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"} {"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1584,7 +1590,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1597,7 +1603,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1677,7 +1683,7 @@ list_rules = (
description="Delete a QoS minimum bandwidth rule through alias", description="Delete a QoS minimum bandwidth rule through alias",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"} {"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"},
], ],
), ),
base.APIRule( base.APIRule(

47
libs/skyline-policy-manager/skyline_policy_manager/policies/nova.py
View File

@ -68,7 +68,7 @@ list_rules = (
description="Inject network information into the server", description="Inject network information into the server",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"} {"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -88,7 +88,7 @@ list_rules = (
description="Create or replace metadata for an aggregate", description="Create or replace metadata for an aggregate",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"} {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -98,7 +98,7 @@ list_rules = (
description="Add a host to an aggregate", description="Add a host to an aggregate",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"} {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -116,7 +116,7 @@ list_rules = (
description="Remove a host from an aggregate", description="Remove a host from an aggregate",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"} {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -266,7 +266,7 @@ list_rules = (
description="Show console output for a server", description="Show console output for a server",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"} {"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -346,7 +346,7 @@ list_rules = (
description="Remove flavor access from a tenant", description="Remove flavor access from a tenant",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"} {"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -369,7 +369,7 @@ list_rules = (
{ {
"method": "GET", "method": "GET",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -390,7 +390,7 @@ list_rules = (
{ {
"method": "PUT", "method": "PUT",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -403,7 +403,7 @@ list_rules = (
{ {
"method": "DELETE", "method": "DELETE",
"path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -613,7 +613,7 @@ list_rules = (
description="Search hypervisor by hypervisor_hostname pattern.", description="Search hypervisor by hypervisor_hostname pattern.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"} {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"},
], ],
), ),
base.APIRule( base.APIRule(
@ -623,7 +623,7 @@ list_rules = (
description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.", description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"} {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"},
], ],
), ),
base.APIRule( base.APIRule(
@ -633,7 +633,7 @@ list_rules = (
description="Add \"details\" key in action events for a server.\n#\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.84, new field 'details' is exposed via API which can have more details about\n#event failure. That field is controlled by this policy which is system reader\n#by default. Making the 'details' field visible to the non-admin user helps to\n#understand the nature of the problem (i.e. if the action can be retried),\n#but in the other hand it might leak information about the deployment\n#(e.g. the type of the hypervisor).\n#", description="Add \"details\" key in action events for a server.\n#\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.84, new field 'details' is exposed via API which can have more details about\n#event failure. That field is controlled by this policy which is system reader\n#by default. Making the 'details' field visible to the non-admin user helps to\n#understand the nature of the problem (i.e. if the action can be retried),\n#but in the other hand it might leak information about the deployment\n#(e.g. the type of the hypervisor).\n#",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -643,7 +643,7 @@ list_rules = (
description="Add events details in action details for a server.\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.51, events details are always included; traceback information is provided\n#per event if policy enforcement passes. Beginning with Microversion 2.62,\n#each event includes a hashed host identifier and, if policy enforcement\n#passes, the name of the host.", description="Add events details in action details for a server.\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.51, events details are always included; traceback information is provided\n#per event if policy enforcement passes. Beginning with Microversion 2.62,\n#each event includes a hashed host identifier and, if policy enforcement\n#passes, the name of the host.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -665,7 +665,7 @@ list_rules = (
description="Show action details for a server.", description="Show action details for a server.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1063,7 +1063,7 @@ list_rules = (
description="Remove security groups from server.", description="Remove security groups from server.",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"} {"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1587,7 +1587,7 @@ list_rules = (
description="Trigger crash dump in a server", description="Trigger crash dump in a server",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"} {"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1608,7 +1608,7 @@ list_rules = (
{ {
"method": "POST", "method": "POST",
"path": "/servers/{server_id}/migrations/{migration_id}/action (force_complete)", "path": "/servers/{server_id}/migrations/{migration_id}/action (force_complete)",
} },
], ],
), ),
base.APIRule( base.APIRule(
@ -1618,7 +1618,7 @@ list_rules = (
description="Delete(Abort) an in-progress live migration", description="Delete(Abort) an in-progress live migration",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"} {"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1870,7 +1870,7 @@ list_rules = (
description="Show details of a volume attachment", description="Show details of a volume attachment",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} {"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1882,7 +1882,7 @@ list_rules = (
description="Update a volume attachment.\n#New 'update' policy about 'swap + update' request (which is possible\n#only >2.85) only <swap policy> is checked. We expect <swap policy> to be\n#always superset of this policy permission.\n#", description="Update a volume attachment.\n#New 'update' policy about 'swap + update' request (which is possible\n#only >2.85) only <swap policy> is checked. We expect <swap policy> to be\n#always superset of this policy permission.\n#",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1892,7 +1892,7 @@ list_rules = (
description="Update a volume attachment with a different volumeId", description="Update a volume attachment with a different volumeId",
scope_types=["system"], scope_types=["system"],
operations=[ operations=[
{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"},
], ],
), ),
base.APIRule( base.APIRule(
@ -1904,7 +1904,10 @@ list_rules = (
description="Detach a volume from an instance", description="Detach a volume from an instance",
scope_types=["system", "project"], scope_types=["system", "project"],
operations=[ operations=[
{"method": "DELETE", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} {
"method": "DELETE",
"path": "/servers/{server_id}/os-volume_attachments/{volume_id}",
},
], ],
), ),
) )

268
libs/skyline-policy-manager/skyline_policy_manager/policies/octavia.py
View File

@ -55,7 +55,9 @@ list_rules = (
), ),
base.Rule( base.Rule(
name="load-balancer:read", name="load-balancer:read",
check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"), check_str=(
"rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"
),
description="No description", description="No description",
), ),
base.Rule( base.Rule(
@ -70,12 +72,16 @@ list_rules = (
), ),
base.Rule( base.Rule(
name="load-balancer:read-quota", name="load-balancer:read-quota",
check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"), check_str=(
"rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"
),
description="No description", description="No description",
), ),
base.Rule( base.Rule(
name="load-balancer:read-quota-global", name="load-balancer:read-quota-global",
check_str=("rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"), check_str=(
"rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
),
description="No description", description="No description",
), ),
base.Rule( base.Rule(
@ -86,7 +92,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:flavor:get_all", name="os_load-balancer_api:flavor:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Flavors", description="List Flavors",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors"}], operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors"}],
@ -110,7 +118,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:flavor:get_one", name="os_load-balancer_api:flavor:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Flavor details", description="Show Flavor details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors/{flavor_id}"}],
@ -161,12 +171,16 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Remove a Flavor Profile", description="Remove a Flavor Profile",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], operations=[
{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone:get_all", name="os_load-balancer_api:availability-zone:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Availability Zones", description="List Availability Zones",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones"}], operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones"}],
@ -185,15 +199,21 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update an Availability Zone", description="Update an Availability Zone",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], operations=[
{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone:get_one", name="os_load-balancer_api:availability-zone:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Availability Zone details", description="Show Availability Zone details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], operations=[
{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone:delete", name="os_load-balancer_api:availability-zone:delete",
@ -201,7 +221,9 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Remove an Availability Zone", description="Remove an Availability Zone",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], operations=[
{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone-profile:get_all", name="os_load-balancer_api:availability-zone-profile:get_all",
@ -225,7 +247,12 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update an Availability Zone", description="Update an Availability Zone",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], operations=[
{
"method": "PUT",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone-profile:get_one", name="os_load-balancer_api:availability-zone-profile:get_one",
@ -233,7 +260,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Show Availability Zone details", description="Show Availability Zone details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], operations=[
{
"method": "GET",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:availability-zone-profile:delete", name="os_load-balancer_api:availability-zone-profile:delete",
@ -241,12 +273,19 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Remove an Availability Zone", description="Remove an Availability Zone",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], operations=[
{
"method": "DELETE",
"path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}",
},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:healthmonitor:get_all", name="os_load-balancer_api:healthmonitor:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Health Monitors of a Pool", description="List Health Monitors of a Pool",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}], operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}],
@ -262,7 +301,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:healthmonitor:post", name="os_load-balancer_api:healthmonitor:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Health Monitor", description="Create a Health Monitor",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/healthmonitors"}], operations=[{"method": "POST", "path": "/v2/lbaas/healthmonitors"}],
@ -270,7 +311,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:healthmonitor:get_one", name="os_load-balancer_api:healthmonitor:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Health Monitor details", description="Show Health Monitor details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -278,7 +321,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:healthmonitor:put", name="os_load-balancer_api:healthmonitor:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Health Monitor", description="Update a Health Monitor",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -286,7 +331,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:healthmonitor:delete", name="os_load-balancer_api:healthmonitor:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Health Monitor", description="Remove a Health Monitor",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], operations=[{"method": "DELETE", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}],
@ -294,7 +341,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7policy:get_all", name="os_load-balancer_api:l7policy:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List L7 Policys", description="List L7 Policys",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}],
@ -310,7 +359,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7policy:post", name="os_load-balancer_api:l7policy:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a L7 Policy", description="Create a L7 Policy",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/l7policies"}], operations=[{"method": "POST", "path": "/v2/lbaas/l7policies"}],
@ -318,7 +369,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7policy:get_one", name="os_load-balancer_api:l7policy:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show L7 Policy details", description="Show L7 Policy details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -326,7 +379,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7policy:put", name="os_load-balancer_api:l7policy:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a L7 Policy", description="Update a L7 Policy",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -334,7 +389,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7policy:delete", name="os_load-balancer_api:l7policy:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a L7 Policy", description="Remove a L7 Policy",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}"}],
@ -342,7 +399,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7rule:get_all", name="os_load-balancer_api:l7rule:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List L7 Rules", description="List L7 Rules",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}],
@ -350,7 +409,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7rule:post", name="os_load-balancer_api:l7rule:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a L7 Rule", description="Create a L7 Rule",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], operations=[{"method": "POST", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}],
@ -358,31 +419,45 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7rule:get_one", name="os_load-balancer_api:l7rule:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show L7 Rule details", description="Show L7 Rule details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], operations=[
{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7rule:put", name="os_load-balancer_api:l7rule:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a L7 Rule", description="Update a L7 Rule",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], operations=[
{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:l7rule:delete", name="os_load-balancer_api:l7rule:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a L7 Rule", description="Remove a L7 Rule",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], operations=[
{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:get_all", name="os_load-balancer_api:listener:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Listeners", description="List Listeners",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}], operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}],
@ -398,7 +473,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:post", name="os_load-balancer_api:listener:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Listener", description="Create a Listener",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/listeners"}], operations=[{"method": "POST", "path": "/v2/lbaas/listeners"}],
@ -406,7 +483,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:get_one", name="os_load-balancer_api:listener:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Listener details", description="Show Listener details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -414,7 +493,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:put", name="os_load-balancer_api:listener:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Listener", description="Update a Listener",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/listeners/{listener_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -422,7 +503,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:delete", name="os_load-balancer_api:listener:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Listener", description="Remove a Listener",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/listeners/{listener_id}"}], operations=[{"method": "DELETE", "path": "/v2/lbaas/listeners/{listener_id}"}],
@ -430,7 +513,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:listener:get_stats", name="os_load-balancer_api:listener:get_stats",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Listener statistics", description="Show Listener statistics",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}/stats"}], operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}/stats"}],
@ -438,7 +523,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:get_all", name="os_load-balancer_api:loadbalancer:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Load Balancers", description="List Load Balancers",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}],
@ -454,7 +541,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:post", name="os_load-balancer_api:loadbalancer:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Load Balancer", description="Create a Load Balancer",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/loadbalancers"}], operations=[{"method": "POST", "path": "/v2/lbaas/loadbalancers"}],
@ -462,7 +551,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:get_one", name="os_load-balancer_api:loadbalancer:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer details", description="Show Load Balancer details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -470,7 +561,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:put", name="os_load-balancer_api:loadbalancer:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Load Balancer", description="Update a Load Balancer",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -478,7 +571,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:delete", name="os_load-balancer_api:loadbalancer:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Load Balancer", description="Remove a Load Balancer",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], operations=[{"method": "DELETE", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}],
@ -486,7 +581,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:get_stats", name="os_load-balancer_api:loadbalancer:get_stats",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer statistics", description="Show Load Balancer statistics",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}],
@ -494,10 +591,14 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:get_status", name="os_load-balancer_api:loadbalancer:get_status",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Load Balancer status", description="Show Load Balancer status",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"}], operations=[
{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:loadbalancer:put_failover", name="os_load-balancer_api:loadbalancer:put_failover",
@ -505,12 +606,16 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Failover a Load Balancer", description="Failover a Load Balancer",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"}], operations=[
{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:member:get_all", name="os_load-balancer_api:member:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Members of a Pool", description="List Members of a Pool",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members"}], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members"}],
@ -518,7 +623,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:member:post", name="os_load-balancer_api:member:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Member", description="Create a Member",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/pools/{pool_id}/members"}], operations=[{"method": "POST", "path": "/v2/lbaas/pools/{pool_id}/members"}],
@ -526,7 +633,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:member:get_one", name="os_load-balancer_api:member:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Member details", description="Show Member details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}],
@ -534,7 +643,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:member:put", name="os_load-balancer_api:member:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Member", description="Update a Member",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}],
@ -542,15 +653,21 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:member:delete", name="os_load-balancer_api:member:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Member", description="Remove a Member",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], operations=[
{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:pool:get_all", name="os_load-balancer_api:pool:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Pools", description="List Pools",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools"}], operations=[{"method": "GET", "path": "/v2/lbaas/pools"}],
@ -566,7 +683,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:pool:post", name="os_load-balancer_api:pool:post",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Create a Pool", description="Create a Pool",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v2/lbaas/pools"}], operations=[{"method": "POST", "path": "/v2/lbaas/pools"}],
@ -574,7 +693,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:pool:get_one", name="os_load-balancer_api:pool:get_one",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Pool details", description="Show Pool details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -582,7 +703,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:pool:put", name="os_load-balancer_api:pool:put",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Update a Pool", description="Update a Pool",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}"}], operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -590,7 +713,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:pool:delete", name="os_load-balancer_api:pool:delete",
check_str=("rule:load-balancer:write"), check_str=("rule:load-balancer:write"),
basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"
),
description="Remove a Pool", description="Remove a Pool",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}"}], operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}"}],
@ -598,7 +723,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:provider:get_all", name="os_load-balancer_api:provider:get_all",
check_str=("rule:load-balancer:read"), check_str=("rule:load-balancer:read"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List enabled providers", description="List enabled providers",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers"}], operations=[{"method": "GET", "path": "/v2/lbaas/providers"}],
@ -606,7 +733,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:quota:get_all", name="os_load-balancer_api:quota:get_all",
check_str=("rule:load-balancer:read-quota"), check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="List Quotas", description="List Quotas",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}], operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}],
@ -622,7 +751,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:quota:get_one", name="os_load-balancer_api:quota:get_one",
check_str=("rule:load-balancer:read-quota"), check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Quota details", description="Show Quota details",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}"}], operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}"}],
@ -646,7 +777,9 @@ list_rules = (
base.APIRule( base.APIRule(
name="os_load-balancer_api:quota:get_defaults", name="os_load-balancer_api:quota:get_defaults",
check_str=("rule:load-balancer:read-quota"), check_str=("rule:load-balancer:read-quota"),
basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), basic_check_str=(
"role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"
),
description="Show Default Quota for a Project", description="Show Default Quota for a Project",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}/default"}], operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}/default"}],
@ -705,7 +838,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="List the provider flavor capabilities.", description="List the provider flavor capabilities.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"}], operations=[
{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"},
],
), ),
base.APIRule( base.APIRule(
name="os_load-balancer_api:provider-availability-zone:get_all", name="os_load-balancer_api:provider-availability-zone:get_all",
@ -713,7 +848,12 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="List the provider availability zone capabilities.", description="List the provider availability zone capabilities.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities"}], operations=[
{
"method": "GET",
"path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities",
},
],
), ),
) )

5
libs/skyline-policy-manager/skyline_policy_manager/policies/panko.py
View File

@ -14,7 +14,10 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Return the user and project the requestshould be limited to", description="Return the user and project the requestshould be limited to",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/v2/events"}, {"method": "GET", "path": "/v2/events/{message_id}"}], operations=[
{"method": "GET", "path": "/v2/events"},
{"method": "GET", "path": "/v2/events/{message_id}"},
],
), ),
base.APIRule( base.APIRule(
name="telemetry:events:index", name="telemetry:events:index",

21
libs/skyline-policy-manager/skyline_policy_manager/policies/placement.py
View File

@ -110,7 +110,9 @@ list_rules = (
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="Show resource provider inventory.", description="Show resource provider inventory.",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], operations=[
{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"},
],
), ),
base.APIRule( base.APIRule(
name="placement:resource_providers:inventories:update", name="placement:resource_providers:inventories:update",
@ -118,7 +120,10 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Update resource provider inventory.", description="Update resource provider inventory.",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, {"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], operations=[
{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"},
{"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"},
],
), ),
base.APIRule( base.APIRule(
name="placement:resource_providers:inventories:delete", name="placement:resource_providers:inventories:delete",
@ -126,7 +131,13 @@ list_rules = (
basic_check_str=("role:admin"), basic_check_str=("role:admin"),
description="Delete resource provider inventory.", description="Delete resource provider inventory.",
scope_types=["system"], scope_types=["system"],
operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], operations=[
{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"},
{
"method": "DELETE",
"path": "/resource_providers/{uuid}/inventories/{resource_class}",
},
],
), ),
base.APIRule( base.APIRule(
name="placement:resource_providers:aggregates:list", name="placement:resource_providers:aggregates:list",
@ -154,7 +165,9 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="placement:usages", name="placement:usages",
check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), check_str=(
"(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"
),
basic_check_str=("role:admin or role:reader"), basic_check_str=("role:admin or role:reader"),
description="List total resource usages for a given project.", description="List total resource usages for a given project.",
scope_types=["system", "project"], scope_types=["system", "project"],

47
libs/skyline-policy-manager/tests/conftest.py Normal file
View File

@ -0,0 +1,47 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from typing import TYPE_CHECKING
from _pytest.mark import ParameterSet
from tests.models import TestData
if TYPE_CHECKING:
from _pytest.python import Metafunc
def pytest_generate_tests(metafunc: Metafunc) -> None:
for marker in metafunc.definition.iter_markers(name="ddt"):
test_data: TestData
for test_data in marker.args:
argument_length = len(test_data.arguments)
argvalues = []
for argument_data in test_data.argument_data_set:
if len(argument_data.values) != argument_length:
raise ValueError(
f'Argument data "{argument_data.id}" of method '
f'"{metafunc.function.__name__}" doesn\'t match '
"number of arguments.",
)
argvalues.append(
ParameterSet(
id=argument_data.id,
marks=argument_data.marks,
values=argument_data.values,
),
)
metafunc.parametrize(test_data.arguments, argvalues, indirect=test_data.indirect)

87
libs/skyline-policy-manager/tests/fake.py Normal file
View File

@ -0,0 +1,87 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
import sys
from dataclasses import asdict, dataclass, field
from typing import Dict, List
from mimesis import Generic
FAKER = Generic()
FAKE_NS = "skyline_policy_manager.tests.mock_ns"
FAKE_SERVICE_EPS = {
"cinder": ["cinder"],
"glance": ["glance"],
"heat": ["heat"],
"keystone": ["keystone"],
"neutron": ["neutron"],
"nova": ["nova"],
}
current_module = sys.modules[__name__]
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
setattr(current_module, f"{ep_name}_list_rules", lambda: [])
@dataclass
class FakeOperation:
method: str = field(
default_factory=lambda: FAKER.choice(["GET", "POST", "PUT", "PATCH", "DELETE"]),
)
path: str = field(
default_factory=lambda: FAKER.choice(["/resources", "/resources/{resource_id}"]),
)
@dataclass
class FakeDocumentedRuleData:
name: str = field(default_factory=lambda: ":".join(FAKER.text.words()))
description: str = field(default_factory=lambda: FAKER.text.text())
check_str: str = field(
default_factory=lambda: f'role:{FAKER.choice(["admin", "member", "reader"])}',
)
scope_types: List[str] = field(
default_factory=lambda: FAKER.choice(
["system", "domain", "project"],
length=FAKER.numbers.integer_number(1, 3),
unique=True,
),
)
operations: List[Dict[str, str]] = field(
default_factory=lambda: [
asdict(FakeOperation()) for _ in range(FAKER.numbers.integer_number(1, 5))
],
)
@dataclass
class FakeRuleData:
name: str = field(default_factory=lambda: ":".join(FAKER.text.words()))
description: str = field(default_factory=lambda: FAKER.text.text())
check_str: str = field(
default_factory=lambda: f'role:{FAKER.choice(["admin", "member", "reader"])}',
)
scope_types: List[str] = field(
default_factory=lambda: FAKER.choice(
["system", "domain", "project"],
length=FAKER.numbers.integer_number(1, 3),
unique=True,
),
)

36
libs/skyline-policy-manager/tests/models.py Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from dataclasses import dataclass
from typing import Any, Collection, Sequence, Tuple, Union
@dataclass
class ArgumentData:
id: str
values: Sequence[object]
# TODO: Fix type annotation of `marks` after the pytest > 7.0.0
# marks: Collection[Union[pytest.MarkDecorator, pytest.Mark]]
marks: Collection[Any] = ()
@dataclass
class TestData:
arguments: Tuple[str, ...]
argument_data_set: Sequence[ArgumentData]
indirect: Union[bool, Tuple[str]] = False
__test__ = False

0
libs/skyline-policy-manager/tests/unit/__init__.py Normal file
View File

0
libs/skyline-policy-manager/tests/unit/cmd/__init__.py Normal file
View File

158
libs/skyline-policy-manager/tests/unit/cmd/test_manage.py Normal file
View File

@ -0,0 +1,158 @@
# Copyright 2021 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
from dataclasses import asdict
from importlib import metadata
from importlib.metadata import EntryPoint
from pathlib import Path
from typing import Dict, List, Tuple, Union
import pytest
from click.testing import CliRunner
from oslo_policy.policy import DocumentedRuleDefault, RuleDefault
from skyline_policy_manager import constants, policies
from skyline_policy_manager.cmd.manage import (
generate_conf,
generate_rule,
generate_sample,
policy_manager,
validate,
)
from tests import fake
from tests.fake import FAKE_NS, FAKE_SERVICE_EPS, FAKER, FakeDocumentedRuleData, FakeRuleData
from tests.models import ArgumentData, TestData
class TestPolicyManager:
@pytest.fixture(autouse=True)
def setup_entry_points(self, monkeypatch) -> None:
eps = []
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
fake_rules: List[Union[DocumentedRuleDefault, RuleDefault]]
fake_rules = [
DocumentedRuleDefault(**asdict(FakeDocumentedRuleData()))
for _ in range(FAKER.numbers.integer_number(1, 10))
]
fake_rules.extend(
[
RuleDefault(**asdict(FakeRuleData()))
for _ in range(FAKER.numbers.integer_number(1, 3))
],
)
monkeypatch.setattr(fake, f"{ep_name}_list_rules", lambda: fake_rules)
eps.append(
EntryPoint(
name=ep_name,
value=f"tests.fake:{ep_name}_list_rules",
group=FAKE_NS,
),
)
def entry_points() -> Dict[str, Tuple[EntryPoint, ...]]:
return {FAKE_NS: tuple(eps)}
monkeypatch.setattr(metadata, "entry_points", entry_points)
monkeypatch.setattr(constants, "POLICY_NS", FAKE_NS)
monkeypatch.setattr(constants, "SUPPORTED_SERVICE_EPS", FAKE_SERVICE_EPS)
@pytest.fixture
def runner(self) -> CliRunner:
runner = CliRunner()
return runner
@pytest.mark.ddt(
TestData(
arguments=("dir_path",),
argument_data_set=[
ArgumentData(
id="str_dir_path",
values=(FAKER.text.word(),),
),
],
),
)
def test_generate_sample(self, runner: CliRunner, tmp_path: Path, dir_path: str) -> None:
sample_dir = tmp_path.joinpath(dir_path)
sample_dir.mkdir(parents=True, exist_ok=True)
policy_manager.add_command(generate_sample)
result = runner.invoke(
policy_manager,
["generate-sample", "--dir", sample_dir.as_posix()],
)
assert result.exit_code == 0
for service in FAKE_SERVICE_EPS:
assert sample_dir.joinpath(service).exists()
assert sample_dir.joinpath(service).joinpath("policy.yaml.sample").exists()
@pytest.mark.ddt(
TestData(
arguments=("dir_path",),
argument_data_set=[
ArgumentData(
id="str_dir_path",
values=(FAKER.text.word(),),
),
],
),
TestData(
arguments=("description",),
argument_data_set=[
ArgumentData(
id="str_description",
values=(FAKER.text.text(),),
),
],
),
)
def test_generate_conf(
self,
runner: CliRunner,
tmp_path: Path,
dir_path: str,
description: str,
) -> None:
conf_dir = tmp_path.joinpath(dir_path)
conf_dir.mkdir(parents=True, exist_ok=True)
policy_manager.add_command(generate_conf)
result = runner.invoke(
policy_manager,
["generate-conf", "--dir", conf_dir.as_posix(), "--desc", description],
)
service_rules = policies.get_service_rules()
assert result.exit_code == 0
for service in service_rules:
assert conf_dir.joinpath(service).exists()
assert conf_dir.joinpath(service).joinpath("policy.yaml").exists()
assert description in conf_dir.joinpath(service).joinpath("policy.yaml").read_text()
def test_generate_rule(self, runner: CliRunner) -> None:
policy_manager.add_command(generate_rule)
for ep_names in FAKE_SERVICE_EPS.values():
for ep_name in ep_names:
result = runner.invoke(policy_manager, ["generate-rule", ep_name])
assert result.exit_code == 0
def test_validate(self, runner: CliRunner) -> None:
policy_manager.add_command(validate)
result = runner.invoke(
policy_manager,
[
"validate",
"--diff",
],
)
assert result.exit_code == 0

2
libs/skyline-policy-manager/tests/test_skyline_policy_manager.py → libs/skyline-policy-manager/tests/unit/test_skyline_policy_manager.py
View File

@ -15,5 +15,5 @@
from skyline_policy_manager import __version__ from skyline_policy_manager import __version__
def test_version(): def test_version() -> None:
assert __version__ == "0.1.0" assert __version__ == "0.1.0"