baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update policy for manila and trove

Browse Source 
1. update policy for manila, use role instead of rule
2. update policy for trove, use role instead of rule
3. update the dependencies for skyline-policy-manager

Change-Id: I57f010f769575f7b75673c5c154eac4fed07b708
This commit is contained in:
zhu.boxiang 2022-05-10 15:16:05 +08:00
parent 370b8bf229
commit 240e26691d
7 changed files with 1927 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1463
libs/skyline-policy-manager/poetry.lock generated
View File

File diff suppressed because it is too large Load Diff

2
libs/skyline-policy-manager/pyproject.toml
View File

@ -24,6 +24,8 @@ pytest-xdist = "2.4.0"
pytest-cov = "2.12.1"
pytest-html = "3.1.1"
mimesis = "4.1.3"
"oslo.log" = "4.8.0"
neutron-lib = "2.15.0"
skyline-log = {path = "../skyline-log", develop = true}
[tool.pytest.ini_options]

22
libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py
View File

@ -174,7 +174,9 @@ list_rules = ("""
" description={description},\n"
" ),"
)
rule_mappings = {}
for r in rules:
rule_mappings[f"rule:{r.name}"] = r.check_str
print(
rule_format_str.format(
name=json.dumps(r.name),
@ -193,10 +195,26 @@ list_rules = ("""
" ),"
)
for r in api_rules:
name = constants.PREFIX_MAPPINGS.get(entry_point, "") + r.name
check_str = r.check_str
tries = 0
while "rule:" in check_str:
tries += 1
for k, v in rule_mappings.items():
if k + " " in check_str or check_str.endswith(k):
check_str = check_str.replace(k, f"({v})")
elif "(" + k + ")" in check_str:
check_str = check_str.replace(k, v)
if tries > 10:
raise Exception(f"Can't replace rule name in {r.name}")
# Fix for Trove, replace 'project_id:%(tenant)s' with 'project_id:%(project_id)s'
if entry_point == "trove":
check_str = check_str.replace("project_id:%(tenant)s", "project_id:%(project_id)s")
print(
apirule_format_str.format(
name=json.dumps(constants.PREFIX_MAPPINGS.get(entry_point, "") + r.name),
check_str=json.dumps(r.check_str),
name=json.dumps(name),
check_str=json.dumps(check_str),
description=json.dumps(r.description),
scope_types=json.dumps(r.scope_types),
operations=json.dumps(r.operations),

534
libs/skyline-policy-manager/skyline_policy_manager/policies/manila.py
View File

File diff suppressed because it is too large Load Diff

148
libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py
View File

@ -18,49 +18,49 @@ list_rules = (
),
base.APIRule(
name="trove:instance:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a database instance.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances"}],
),
base.APIRule(
name="trove:instance:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a database instance.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
),
base.APIRule(
name="trove:instance:force_delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Forcibly delete a database instance.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
),
base.APIRule(
name="trove:instance:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List database instances.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances"}],
),
base.APIRule(
name="trove:instance:detail",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List database instances with details.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/detail"}],
),
base.APIRule(
name="trove:instance:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get details of a specific database instance.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
),
base.APIRule(
name="trove:instance:update",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Update a database instance to attach/detach configuration",
scope_types=["project"],
operations=[
@ -70,14 +70,14 @@ list_rules = (
),
base.APIRule(
name="trove:instance:edit",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Updates the instance to set or unset one or more attributes.",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
),
base.APIRule(
name="trove:instance:restart",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Restart a database instance.",
scope_types=["project"],
operations=[
@ -89,7 +89,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:resize_volume",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Resize a database instance volume.",
scope_types=["project"],
operations=[
@ -101,7 +101,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:resize_flavor",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Resize a database instance flavor.",
scope_types=["project"],
operations=[
@ -113,7 +113,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:reset_status",
check_str=("rule:admin"),
check_str=("(role:admin or is_admin:True)"),
description="Reset the status of a database instance to ERROR.",
scope_types=["project"],
operations=[
@ -125,7 +125,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:promote_to_replica_source",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Promote instance to replica source.",
scope_types=["project"],
operations=[
@ -137,7 +137,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:eject_replica_source",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Eject the replica source from its replica set.",
scope_types=["project"],
operations=[
@ -149,7 +149,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:configuration",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get the default configuration template applied to the instance.",
scope_types=["project"],
operations=[
@ -158,14 +158,14 @@ list_rules = (
),
base.APIRule(
name="trove:instance:guest_log_list",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get all informations about all logs of a database instance.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/log"}],
),
base.APIRule(
name="trove:instance:backups",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get all backups of a database instance.",
scope_types=["project"],
operations=[
@ -174,7 +174,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:module_list",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations about modules on a database instance.",
scope_types=["project"],
operations=[
@ -183,7 +183,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:module_apply",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Apply modules to a database instance.",
scope_types=["project"],
operations=[
@ -193,7 +193,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:module_remove",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Remove a module from a database instance.",
scope_types=["project"],
operations=[
@ -205,7 +205,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:root:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Enable the root user of a database instance.",
scope_types=["project"],
operations=[
@ -214,7 +214,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:root:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Disable the root user of a database instance.",
scope_types=["project"],
operations=[
@ -223,35 +223,35 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:root:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Show whether the root user of a database instance has been ever enabled.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}],
),
base.APIRule(
name="trove:cluster:extension:root:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Enable the root user of the instances in a cluster.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
),
base.APIRule(
name="trove:cluster:extension:root:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Enable the root user of the instances in a cluster.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
),
base.APIRule(
name="trove:cluster:extension:root:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Disable the root of the instances in a cluster.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
),
base.APIRule(
name="trove:instance:extension:user:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create users for a database instance.",
scope_types=["project"],
operations=[
@ -261,7 +261,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a user from a database instance.",
scope_types=["project"],
operations=[
@ -273,7 +273,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get all users of a database instance.",
scope_types=["project"],
operations=[
@ -282,7 +282,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get the information of a single user of a database instance.",
scope_types=["project"],
operations=[
@ -291,7 +291,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user:update",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Update attributes for a user of a database instance.",
scope_types=["project"],
operations=[
@ -300,7 +300,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user:update_all",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Update the password for one or more users a database instance.",
scope_types=["project"],
operations=[
@ -309,7 +309,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user_access:update",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Grant access for a user to one or more databases.",
scope_types=["project"],
operations=[
@ -321,7 +321,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user_access:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Revoke access for a user to a databases.",
scope_types=["project"],
operations=[
@ -333,7 +333,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:user_access:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get permissions of a user",
scope_types=["project"],
operations=[
@ -345,7 +345,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:database:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a set of Schemas",
scope_types=["project"],
operations=[
@ -355,7 +355,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:database:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a schema from a database.",
scope_types=["project"],
operations=[
@ -367,7 +367,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:database:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all schemas from a database.",
scope_types=["project"],
operations=[
@ -376,7 +376,7 @@ list_rules = (
),
base.APIRule(
name="trove:instance:extension:database:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a schema(Currently Not Implemented).",
scope_types=["project"],
operations=[
@ -388,21 +388,21 @@ list_rules = (
),
base.APIRule(
name="trove:cluster:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a cluster.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters"}],
),
base.APIRule(
name="trove:cluster:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a cluster.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
),
base.APIRule(
name="trove:cluster:force_delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Forcibly delete a cluster.",
scope_types=["project"],
operations=[
@ -411,21 +411,21 @@ list_rules = (
),
base.APIRule(
name="trove:cluster:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all clusters",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters"}],
),
base.APIRule(
name="trove:cluster:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a cluster.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
),
base.APIRule(
name="trove:cluster:show_instance",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a instance in a cluster.",
scope_types=["project"],
operations=[
@ -437,14 +437,14 @@ list_rules = (
),
base.APIRule(
name="trove:cluster:action",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Commit an action against a cluster",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
),
base.APIRule(
name="trove:cluster:reset-status",
check_str=("rule:admin"),
check_str=("(role:admin or is_admin:True)"),
description="Reset the status of a cluster to NONE.",
scope_types=["project"],
operations=[
@ -453,21 +453,21 @@ list_rules = (
),
base.APIRule(
name="trove:backup:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a backup of a database instance.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/backups"}],
),
base.APIRule(
name="trove:backup:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a backup of a database instance.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backups/{backup}"}],
),
base.APIRule(
name="trove:backup:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all backups.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}],
@ -481,63 +481,63 @@ list_rules = (
),
base.APIRule(
name="trove:backup:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a backup.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups/{backup}"}],
),
base.APIRule(
name="trove:backup_strategy:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a backup strategy.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/backup_strategies"}],
),
base.APIRule(
name="trove:backup_strategy:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all backup strategies.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backup_strategies"}],
),
base.APIRule(
name="trove:backup_strategy:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete backup strategies.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backup_strategies"}],
),
base.APIRule(
name="trove:configuration:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a configuration group.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/configurations"}],
),
base.APIRule(
name="trove:configuration:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a configuration group.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/configurations/{config}"}],
),
base.APIRule(
name="trove:configuration:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all configuration groups.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations"}],
),
base.APIRule(
name="trove:configuration:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a configuration group.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}"}],
),
base.APIRule(
name="trove:configuration:instances",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all instances which a configuration group has be assigned to.",
scope_types=["project"],
operations=[
@ -546,21 +546,21 @@ list_rules = (
),
base.APIRule(
name="trove:configuration:update",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Update a configuration group(the configuration group will be replaced completely).", # noqa
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}],
),
base.APIRule(
name="trove:configuration:edit",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Patch a configuration group.",
scope_types=["project"],
operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/configurations/{config}"}],
),
base.APIRule(
name="trove:configuration-parameter:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all parameters bind to a datastore version.",
scope_types=["project"],
operations=[
@ -572,7 +572,7 @@ list_rules = (
),
base.APIRule(
name="trove:configuration-parameter:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get a paramter of a datastore version.",
scope_types=["project"],
operations=[
@ -584,7 +584,7 @@ list_rules = (
),
base.APIRule(
name="trove:configuration-parameter:index_by_version",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all paramters bind to a datastore version by the id of the version(datastore is not provided).", # noqa
scope_types=["project"],
operations=[
@ -596,7 +596,7 @@ list_rules = (
),
base.APIRule(
name="trove:configuration-parameter:show_by_version",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).", # noqa
scope_types=["project"],
operations=[
@ -622,7 +622,7 @@ list_rules = (
),
base.APIRule(
name="trove:datastore:delete",
check_str=("rule:admin"),
check_str=("(role:admin or is_admin:True)"),
description="Delete a datastore.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/datastores/{datastore}"}],
@ -697,56 +697,56 @@ list_rules = (
),
base.APIRule(
name="trove:limits:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all absolute and rate limit informations.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/limits"}],
),
base.APIRule(
name="trove:module:create",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Create a module.",
scope_types=["project"],
operations=[{"method": "POST", "path": "/v1.0/{account_id}/modules"}],
),
base.APIRule(
name="trove:module:delete",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Delete a module.",
scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/modules/{module}"}],
),
base.APIRule(
name="trove:module:index",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all modules.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules"}],
),
base.APIRule(
name="trove:module:show",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Get informations of a module.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}"}],
),
base.APIRule(
name="trove:module:instances",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="List all instances to which a module is applied.",
scope_types=["project"],
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}/instances"}],
),
base.APIRule(
name="trove:module:update",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Update a module.",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}"}],
),
base.APIRule(
name="trove:module:reapply",
check_str=("rule:admin_or_owner"),
check_str=("((role:admin or is_admin:True) or project_id:%(project_id)s)"),
description="Reapply a module to all instances.",
scope_types=["project"],
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}/instances"}],

2
poetry.lock generated
View File

@ -1880,7 +1880,7 @@ testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-flake8", "pytest-
[metadata]
lock-version = "1.1"
python-versions = "^3.8"
content-hash = "5a132cff93a77645045f30752e19bdb9531e0879a74d398ed20c998ad4212ac2"
content-hash = "5d559f245168ea3f166d49367a0bf4909e4efb4c9bcbbc9ce869be9430eb686c"
[metadata.files]
aiofiles = [

1
pyproject.toml
View File

@ -22,6 +22,7 @@ skyline-apiserver = {path = "libs/skyline-apiserver", develop = true}
skyline-nginx = {path = "libs/skyline-nginx", develop = true}
reno = {extras = ["sphinx"], version = "^3.5.0"}
openstackdocstheme = "^2.4.0"
Sphinx = "4.5.0"
[tool.black]
line-length = 98