diff --git a/Makefile b/Makefile index b9266f9..b170001 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,6 @@ PYTHON ?= python3 -SOURCES := src -LIBS := libs -TESTS := tests -TOOLS := tools +LIBS := $(shell \ls libs) +LIB_PATHS := $(addprefix libs/,$(LIBS)) ROOT_DIR ?= $(shell git rev-parse --show-toplevel) # Color @@ -22,6 +20,10 @@ GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD) GIT_COMMIT ?= $(shell git rev-parse --verify HEAD) +.PHONY: all +all: install fmt lint test package + + .PHONY: help help: @echo "Skyline API server development makefile" @@ -32,7 +34,8 @@ help: @echo " git_config Initialize git configuration." @echo " venv Create virtualenvs." @echo " install Installs the project dependencies." - @echo " build Build source and wheel packages." + @echo " package Build package from source code." + @echo " build Build container image." @echo " lint Check python code." @echo " fmt Format python code style." @echo " test Run unit tests." @@ -70,65 +73,64 @@ endif .PHONY: venv venv: git_config + if [ ! -e "libs/skyline-console/.git" ]; then git submodule update --init; fi poetry env use $(PYTHON) -.PHONY: install -install: venv - poetry run pip install -U pip - poetry run pip install -U setuptools +.PHONY: install $(INSTALL_LIBS) +INSTALL_LIBS := $(addsuffix .install,$(LIB_PATHS)) +install: venv $(INSTALL_LIBS) + poetry run pip install -U pip setuptools poetry install -vvv - $(MAKE) -C $(LIBS)/skyline-policy-manager install - $(MAKE) -C $(LIBS)/skyline-log install - $(MAKE) -C $(LIBS)/skyline-config install +$(INSTALL_LIBS): + $(MAKE) -C $(basename $@) install + + +.PHONY: package $(PACKAGE_LIBS) +PACKAGE_LIBS := $(addsuffix .package,$(LIB_PATHS)) +package: $(PACKAGE_LIBS) + poetry build -f wheel +$(PACKAGE_LIBS): + $(MAKE) -C $(basename $@) package + + +.PHONY: fmt $(FMT_LIBS) +FMT_LIBS := $(addsuffix .fmt,$(LIB_PATHS)) +fmt: $(FMT_LIBS) +$(FMT_LIBS): + $(MAKE) -C $(basename $@) fmt + + +.PHONY: lint $(LINT_LIBS) +LINT_LIBS := $(addsuffix .lint,$(LIB_PATHS)) +lint: $(LINT_LIBS) +$(LINT_LIBS): + $(MAKE) -C $(basename $@) lint + + +.PHONY: test $(TEST_LIBS) +TEST_LIBS := $(addsuffix .test,$(LIB_PATHS)) +test: $(TEST_LIBS) +$(TEST_LIBS): + $(MAKE) -C $(basename $@) test .PHONY: build +BUILD_ENGINE ?= docker +BUILD_CONTEXT ?= . +DOCKER_FILE ?= container/Dockerfile +IMAGE ?= skyline +IMAGE_TAG ?= latest +ifeq ($(BUILD_ENGINE), docker) + build_cmd = docker build +else ifeq ($(BUILD_ENGINE), buildah) + build_cmd = buildah bud +else + $(error Unsupported build engine $(BUILD_ENGINE)) +endif build: - $(MAKE) -C $(LIBS)/skyline-policy-manager build - $(MAKE) -C $(LIBS)/skyline-log build - $(MAKE) -C $(LIBS)/skyline-config build - poetry build - - -.PHONY: lint -lint: - $(MAKE) -C $(LIBS)/skyline-policy-manager lint - $(MAKE) -C $(LIBS)/skyline-log lint - $(MAKE) -C $(LIBS)/skyline-config lint - # poetry run mypy --no-incremental $(SOURCES) - poetry run isort --check-only --diff $(SOURCES) $(TESTS) $(TOOLS) - poetry run black --check --diff --color $(SOURCES) $(TESTS) $(TOOLS) - poetry run flake8 $(SOURCES) $(TESTS) $(TOOLS) - - -.PHONY: fmt -fmt: - $(MAKE) -C $(LIBS)/skyline-policy-manager fmt - $(MAKE) -C $(LIBS)/skyline-log fmt - $(MAKE) -C $(LIBS)/skyline-config fmt - poetry run isort $(SOURCES) $(TESTS) $(TOOLS) - poetry run black $(SOURCES) $(TESTS) $(TOOLS) - poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed `find $(SOURCES) $(TESTS) $(TOOLS) -name '*.py'` - - -.PHONY: test -test: - echo null - - -.PHONY: db_revision -HEAD_REV ?= $(shell poetry run alembic heads | awk '{print $$1}') -NEW_REV ?= $(shell python3 -c 'import sys; print(f"{int(sys.argv[1])+1:03}")' $(HEAD_REV)) -REV_MEG ?= -db_revision: - $(shell [ -z "$(REV_MEG)" ] && printf '$(red)Missing required message, use "make db_revision REV_MEG="$(no_color)') - poetry run alembic revision --autogenerate --rev-id $(NEW_REV) -m '$(REV_MEG)' - - -.PHONY: db_sync -db_sync: - poetry run alembic upgrade head + if [ ! -e "libs/skyline-console/.git" ]; then git submodule update --init; fi + $(build_cmd) --no-cache --pull --force-rm --build-arg RELEASE_VERSION=$(RELEASE_VERSION) --build-arg GIT_BRANCH=$(GIT_BRANCH) --build-arg GIT_COMMIT=$(GIT_COMMIT) $(BUILD_ARGS) -f $(DOCKER_FILE) -t $(IMAGE):$(IMAGE_TAG) $(BUILD_CONTEXT) .PHONY: swagger @@ -138,7 +140,7 @@ swagger: .PHONY: genconfig genconfig: - poetry run config-sample-generator -o $(ROOT_DIR)/etc/skyline-apiserver.yaml.sample + poetry run config-sample-generator -o $(ROOT_DIR)/etc/skyline.yaml.sample # Find python files without "type annotations" diff --git a/docs/api/swagger.json b/docs/api/swagger.json index a6a5691..67d534f 100644 --- a/docs/api/swagger.json +++ b/docs/api/swagger.json @@ -2562,50 +2562,6 @@ } } }, - "License": { - "title": "License", - "required": [ - "name", - "summary", - "macs", - "features", - "start", - "end" - ], - "type": "object", - "properties": { - "name": { - "title": "Name", - "type": "string" - }, - "summary": { - "title": "Summary", - "type": "string" - }, - "macs": { - "title": "Macs", - "type": "array", - "items": { - "type": "string" - } - }, - "features": { - "title": "Features", - "type": "array", - "items": { - "type": "object" - } - }, - "start": { - "title": "Start", - "type": "string" - }, - "end": { - "title": "End", - "type": "string" - } - } - }, "NotFoundMessage": { "title": "NotFoundMessage", "required": [ @@ -2765,16 +2721,6 @@ "version": { "title": "Version", "type": "string" - }, - "license": { - "$ref": "#/components/schemas/License" - }, - "currency": { - "title": "Currency", - "type": "object", - "additionalProperties": { - "type": "string" - } } } }, diff --git a/etc/skyline-apiserver.yaml.sample b/etc/skyline.yaml.sample similarity index 97% rename from etc/skyline-apiserver.yaml.sample rename to etc/skyline.yaml.sample index 95f60f4..5a51f40 100644 --- a/etc/skyline-apiserver.yaml.sample +++ b/etc/skyline.yaml.sample @@ -88,11 +88,6 @@ setting: - flavor_families - gpu_models - usb_models - - license - - currency - currency: - en: CNY - zh: 元 flavor_families: - architecture: x86_architecture categories: @@ -112,6 +107,5 @@ setting: properties: [] gpu_models: - nvidia_t4 - license: '' usb_models: - usb_c diff --git a/libs/skyline-config/.flake8 b/libs/skyline-config/.flake8 deleted file mode 100644 index e5582fa..0000000 --- a/libs/skyline-config/.flake8 +++ /dev/null @@ -1,5 +0,0 @@ -[flake8] -max-line-length = 99 -max-doc-length = 99 -show-source = True -extend-ignore = E203 diff --git a/libs/skyline-config/LICENSE b/libs/skyline-config/LICENSE deleted file mode 100644 index f433b1a..0000000 --- a/libs/skyline-config/LICENSE +++ /dev/null @@ -1,177 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/libs/skyline-config/Makefile b/libs/skyline-config/Makefile index d42f081..5695936 100644 --- a/libs/skyline-config/Makefile +++ b/libs/skyline-config/Makefile @@ -1,6 +1,8 @@ PYTHON ?= python3 -SOURCES := src -TESTS := tests + + +.PHONY: all +all: install fmt lint test package .PHONY: venv @@ -10,26 +12,30 @@ venv: .PHONY: install install: venv - poetry run pip install -U pip - poetry run pip install -U setuptools + poetry run pip install -U pip setuptools poetry install -vvv -.PHONY: build -build: - poetry build - - -.PHONY: lint -lint: - poetry run mypy --no-incremental $(SOURCES) - poetry run isort --check-only --diff $(SOURCES) $(TESTS) - poetry run black --check --diff --color $(SOURCES) $(TESTS) - poetry run flake8 $(SOURCES) $(TESTS) +.PHONY: package +package: + poetry build -f wheel .PHONY: fmt fmt: - poetry run isort $(SOURCES) $(TESTS) - poetry run black $(SOURCES) $(TESTS) - poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed `find $(SOURCES) $(TESTS) -name '*.py'` + poetry run isort $$(git ls-files -- **/*.py) + poetry run black --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $$(git ls-files -- **/*.py) + + +.PHONY: lint +lint: + poetry run mypy --no-incremental $$(git ls-files -- **/*.py) + poetry run isort --check-only --diff $$(git ls-files -- **/*.py) + poetry run black --check --diff --color --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run flake8 $$(git ls-files -- **/*.py) + + +.PHONY: test +test: + echo TODO diff --git a/libs/skyline-config/mypy.ini b/libs/skyline-config/mypy.ini deleted file mode 100644 index baa39f6..0000000 --- a/libs/skyline-config/mypy.ini +++ /dev/null @@ -1,3 +0,0 @@ -[mypy] -show_error_codes = true -show_error_context = true diff --git a/libs/skyline-config/poetry.lock b/libs/skyline-config/poetry.lock index 5f471e7..c083cb1 100644 --- a/libs/skyline-config/poetry.lock +++ b/libs/skyline-config/poetry.lock @@ -41,29 +41,29 @@ tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (> [[package]] name = "black" -version = "20.8b1" +version = "21.6b0" description = "The uncompromising code formatter." category = "dev" optional = false -python-versions = ">=3.6" +python-versions = ">=3.6.2" [package.dependencies] appdirs = "*" click = ">=7.1.2" mypy-extensions = ">=0.4.3" -pathspec = ">=0.6,<1" +pathspec = ">=0.8.1,<1" regex = ">=2020.1.8" toml = ">=0.10.1" -typed-ast = ">=1.4.0" -typing-extensions = ">=3.7.4" [package.extras] colorama = ["colorama (>=0.4.3)"] -d = ["aiohttp (>=3.3.2)", "aiohttp-cors"] +d = ["aiohttp (>=3.6.0)", "aiohttp-cors (>=0.4.0)"] +python2 = ["typed-ast (>=1.4.2)"] +uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "click" -version = "8.0.0" +version = "8.0.1" description = "Composable command line interface toolkit" category = "dev" optional = false @@ -80,6 +80,17 @@ category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +[[package]] +name = "execnet" +version = "1.9.0" +description = "execnet: rapid multi-Python deployment" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.extras] +testing = ["pre-commit"] + [[package]] name = "flake8" version = "3.9.2" @@ -114,16 +125,17 @@ python-versions = "*" [[package]] name = "isort" -version = "5.8.0" +version = "5.9.2" description = "A Python utility / library to sort Python imports." category = "dev" optional = false -python-versions = ">=3.6,<4.0" +python-versions = ">=3.6.1,<4.0" [package.extras] pipfile_deprecated_finder = ["pipreqs", "requirementslib"] requirements_deprecated_finder = ["pipreqs", "pip-api"] colors = ["colorama (>=0.4.3,<0.5.0)"] +plugins = ["setuptools"] [[package]] name = "mccabe" @@ -135,7 +147,7 @@ python-versions = "*" [[package]] name = "mypy" -version = "0.812" +version = "0.910" description = "Optional static typing for Python" category = "dev" optional = false @@ -143,11 +155,12 @@ python-versions = ">=3.5" [package.dependencies] mypy-extensions = ">=0.4.3,<0.5.0" -typed-ast = ">=1.4.0,<1.5.0" +toml = "*" typing-extensions = ">=3.7.4" [package.extras] dmypy = ["psutil (>=4.0)"] +python2 = ["typed-ast (>=1.4.0,<1.5.0)"] [[package]] name = "mypy-extensions" @@ -159,11 +172,11 @@ python-versions = "*" [[package]] name = "packaging" -version = "20.9" +version = "21.0" description = "Core utilities for Python packages" category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.6" [package.dependencies] pyparsing = ">=2.0.2" @@ -187,6 +200,17 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" [package.extras] dev = ["pre-commit", "tox"] +[[package]] +name = "psutil" +version = "5.8.0" +description = "Cross-platform lib for process and system monitoring in Python." +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.extras] +test = ["ipaddress", "mock", "unittest2", "enum34", "pywin32", "wmi"] + [[package]] name = "py" version = "1.10.0" @@ -255,9 +279,47 @@ toml = "*" [package.extras] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] +[[package]] +name = "pytest-forked" +version = "1.3.0" +description = "run tests in isolated forked subprocesses" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.dependencies] +py = "*" +pytest = ">=3.10" + +[[package]] +name = "pytest-xdist" +version = "2.3.0" +description = "pytest xdist plugin for distributed testing and loop-on-failing modes" +category = "dev" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +execnet = ">=1.1" +psutil = {version = ">=3.0", optional = true, markers = "extra == \"psutil\""} +pytest = ">=6.0.0" +pytest-forked = "*" + +[package.extras] +psutil = ["psutil (>=3.0)"] +testing = ["filelock"] + +[[package]] +name = "pyyaml" +version = "5.4.1" +description = "YAML parser and emitter for Python" +category = "main" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" + [[package]] name = "regex" -version = "2021.4.4" +version = "2021.7.6" description = "Alternative regular expression module, to replace re." category = "dev" optional = false @@ -280,9 +342,9 @@ optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" [[package]] -name = "typed-ast" -version = "1.4.3" -description = "a fork of Python 2 and 3 ast modules with type comment support" +name = "types-pyyaml" +version = "5.4.3" +description = "Typing stubs for PyYAML" category = "dev" optional = false python-versions = "*" @@ -298,7 +360,7 @@ python-versions = "*" [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "e85f307c08ea88e428963088b525ae8d271d3e50d211ffe631b2c4c5302b9b38" +content-hash = "3d8e122d2e4fc549634018994b5df61bb57951291f33bfde5ed2372948be9aec" [metadata.files] add-trailing-comma = [ @@ -318,16 +380,21 @@ attrs = [ {file = "attrs-21.2.0.tar.gz", hash = "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb"}, ] black = [ - {file = "black-20.8b1.tar.gz", hash = "sha256:1c02557aa099101b9d21496f8a914e9ed2222ef70336404eeeac8edba836fbea"}, + {file = "black-21.6b0-py3-none-any.whl", hash = "sha256:dfb8c5a069012b2ab1e972e7b908f5fb42b6bbabcba0a788b86dc05067c7d9c7"}, + {file = "black-21.6b0.tar.gz", hash = "sha256:dc132348a88d103016726fe360cb9ede02cecf99b76e3660ce6c596be132ce04"}, ] click = [ - {file = "click-8.0.0-py3-none-any.whl", hash = "sha256:e90e62ced43dc8105fb9a26d62f0d9340b5c8db053a814e25d95c19873ae87db"}, - {file = "click-8.0.0.tar.gz", hash = "sha256:7d8c289ee437bcb0316820ccee14aefcb056e58d31830ecab8e47eda6540e136"}, + {file = "click-8.0.1-py3-none-any.whl", hash = "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6"}, + {file = "click-8.0.1.tar.gz", hash = "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a"}, ] colorama = [ {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, ] +execnet = [ + {file = "execnet-1.9.0-py2.py3-none-any.whl", hash = "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"}, + {file = "execnet-1.9.0.tar.gz", hash = "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5"}, +] flake8 = [ {file = "flake8-3.9.2-py2.py3-none-any.whl", hash = "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"}, {file = "flake8-3.9.2.tar.gz", hash = "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"}, @@ -354,44 +421,45 @@ iniconfig = [ {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, ] isort = [ - {file = "isort-5.8.0-py3-none-any.whl", hash = "sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d"}, - {file = "isort-5.8.0.tar.gz", hash = "sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6"}, + {file = "isort-5.9.2-py3-none-any.whl", hash = "sha256:eed17b53c3e7912425579853d078a0832820f023191561fcee9d7cae424e0813"}, + {file = "isort-5.9.2.tar.gz", hash = "sha256:f65ce5bd4cbc6abdfbe29afc2f0245538ab358c14590912df638033f157d555e"}, ] mccabe = [ {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, ] mypy = [ - {file = "mypy-0.812-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a26f8ec704e5a7423c8824d425086705e381b4f1dfdef6e3a1edab7ba174ec49"}, - {file = "mypy-0.812-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:28fb5479c494b1bab244620685e2eb3c3f988d71fd5d64cc753195e8ed53df7c"}, - {file = "mypy-0.812-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:9743c91088d396c1a5a3c9978354b61b0382b4e3c440ce83cf77994a43e8c521"}, - {file = "mypy-0.812-cp35-cp35m-win_amd64.whl", hash = "sha256:d7da2e1d5f558c37d6e8c1246f1aec1e7349e4913d8fb3cb289a35de573fe2eb"}, - {file = "mypy-0.812-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4eec37370483331d13514c3f55f446fc5248d6373e7029a29ecb7b7494851e7a"}, - {file = "mypy-0.812-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d65cc1df038ef55a99e617431f0553cd77763869eebdf9042403e16089fe746c"}, - {file = "mypy-0.812-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:61a3d5b97955422964be6b3baf05ff2ce7f26f52c85dd88db11d5e03e146a3a6"}, - {file = "mypy-0.812-cp36-cp36m-win_amd64.whl", hash = "sha256:25adde9b862f8f9aac9d2d11971f226bd4c8fbaa89fb76bdadb267ef22d10064"}, - {file = "mypy-0.812-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:552a815579aa1e995f39fd05dde6cd378e191b063f031f2acfe73ce9fb7f9e56"}, - {file = "mypy-0.812-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:499c798053cdebcaa916eef8cd733e5584b5909f789de856b482cd7d069bdad8"}, - {file = "mypy-0.812-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:5873888fff1c7cf5b71efbe80e0e73153fe9212fafdf8e44adfe4c20ec9f82d7"}, - {file = "mypy-0.812-cp37-cp37m-win_amd64.whl", hash = "sha256:9f94aac67a2045ec719ffe6111df543bac7874cee01f41928f6969756e030564"}, - {file = "mypy-0.812-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d23e0ea196702d918b60c8288561e722bf437d82cb7ef2edcd98cfa38905d506"}, - {file = "mypy-0.812-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:674e822aa665b9fd75130c6c5f5ed9564a38c6cea6a6432ce47eafb68ee578c5"}, - {file = "mypy-0.812-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:abf7e0c3cf117c44d9285cc6128856106183938c68fd4944763003decdcfeb66"}, - {file = "mypy-0.812-cp38-cp38-win_amd64.whl", hash = "sha256:0d0a87c0e7e3a9becdfbe936c981d32e5ee0ccda3e0f07e1ef2c3d1a817cf73e"}, - {file = "mypy-0.812-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:7ce3175801d0ae5fdfa79b4f0cfed08807af4d075b402b7e294e6aa72af9aa2a"}, - {file = "mypy-0.812-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:b09669bcda124e83708f34a94606e01b614fa71931d356c1f1a5297ba11f110a"}, - {file = "mypy-0.812-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:33f159443db0829d16f0a8d83d94df3109bb6dd801975fe86bacb9bf71628e97"}, - {file = "mypy-0.812-cp39-cp39-win_amd64.whl", hash = "sha256:3f2aca7f68580dc2508289c729bd49ee929a436208d2b2b6aab15745a70a57df"}, - {file = "mypy-0.812-py3-none-any.whl", hash = "sha256:2f9b3407c58347a452fc0736861593e105139b905cca7d097e413453a1d650b4"}, - {file = "mypy-0.812.tar.gz", hash = "sha256:cd07039aa5df222037005b08fbbfd69b3ab0b0bd7a07d7906de75ae52c4e3119"}, + {file = "mypy-0.910-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a155d80ea6cee511a3694b108c4494a39f42de11ee4e61e72bc424c490e46457"}, + {file = "mypy-0.910-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:b94e4b785e304a04ea0828759172a15add27088520dc7e49ceade7834275bedb"}, + {file = "mypy-0.910-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:088cd9c7904b4ad80bec811053272986611b84221835e079be5bcad029e79dd9"}, + {file = "mypy-0.910-cp35-cp35m-win_amd64.whl", hash = "sha256:adaeee09bfde366d2c13fe6093a7df5df83c9a2ba98638c7d76b010694db760e"}, + {file = "mypy-0.910-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:ecd2c3fe726758037234c93df7e98deb257fd15c24c9180dacf1ef829da5f921"}, + {file = "mypy-0.910-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d9dd839eb0dc1bbe866a288ba3c1afc33a202015d2ad83b31e875b5905a079b6"}, + {file = "mypy-0.910-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:3e382b29f8e0ccf19a2df2b29a167591245df90c0b5a2542249873b5c1d78212"}, + {file = "mypy-0.910-cp36-cp36m-win_amd64.whl", hash = "sha256:53fd2eb27a8ee2892614370896956af2ff61254c275aaee4c230ae771cadd885"}, + {file = "mypy-0.910-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b6fb13123aeef4a3abbcfd7e71773ff3ff1526a7d3dc538f3929a49b42be03f0"}, + {file = "mypy-0.910-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:e4dab234478e3bd3ce83bac4193b2ecd9cf94e720ddd95ce69840273bf44f6de"}, + {file = "mypy-0.910-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:7df1ead20c81371ccd6091fa3e2878559b5c4d4caadaf1a484cf88d93ca06703"}, + {file = "mypy-0.910-cp37-cp37m-win_amd64.whl", hash = "sha256:0aadfb2d3935988ec3815952e44058a3100499f5be5b28c34ac9d79f002a4a9a"}, + {file = "mypy-0.910-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ec4e0cd079db280b6bdabdc807047ff3e199f334050db5cbb91ba3e959a67504"}, + {file = "mypy-0.910-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:119bed3832d961f3a880787bf621634ba042cb8dc850a7429f643508eeac97b9"}, + {file = "mypy-0.910-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:866c41f28cee548475f146aa4d39a51cf3b6a84246969f3759cb3e9c742fc072"}, + {file = "mypy-0.910-cp38-cp38-win_amd64.whl", hash = "sha256:ceb6e0a6e27fb364fb3853389607cf7eb3a126ad335790fa1e14ed02fba50811"}, + {file = "mypy-0.910-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1a85e280d4d217150ce8cb1a6dddffd14e753a4e0c3cf90baabb32cefa41b59e"}, + {file = "mypy-0.910-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:42c266ced41b65ed40a282c575705325fa7991af370036d3f134518336636f5b"}, + {file = "mypy-0.910-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:3c4b8ca36877fc75339253721f69603a9c7fdb5d4d5a95a1a1b899d8b86a4de2"}, + {file = "mypy-0.910-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:c0df2d30ed496a08de5daed2a9ea807d07c21ae0ab23acf541ab88c24b26ab97"}, + {file = "mypy-0.910-cp39-cp39-win_amd64.whl", hash = "sha256:c6c2602dffb74867498f86e6129fd52a2770c48b7cd3ece77ada4fa38f94eba8"}, + {file = "mypy-0.910-py3-none-any.whl", hash = "sha256:ef565033fa5a958e62796867b1df10c40263ea9ded87164d67572834e57a174d"}, + {file = "mypy-0.910.tar.gz", hash = "sha256:704098302473cb31a218f1775a873b376b30b4c18229421e9e9dc8916fd16150"}, ] mypy-extensions = [ {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"}, ] packaging = [ - {file = "packaging-20.9-py2.py3-none-any.whl", hash = "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"}, - {file = "packaging-20.9.tar.gz", hash = "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5"}, + {file = "packaging-21.0-py3-none-any.whl", hash = "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"}, + {file = "packaging-21.0.tar.gz", hash = "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"}, ] pathspec = [ {file = "pathspec-0.8.1-py2.py3-none-any.whl", hash = "sha256:aa0cb481c4041bf52ffa7b0d8fa6cd3e88a2ca4879c533c9153882ee2556790d"}, @@ -401,6 +469,36 @@ pluggy = [ {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, ] +psutil = [ + {file = "psutil-5.8.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60"}, + {file = "psutil-5.8.0-cp27-none-win32.whl", hash = "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876"}, + {file = "psutil-5.8.0-cp27-none-win_amd64.whl", hash = "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65"}, + {file = "psutil-5.8.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac"}, + {file = "psutil-5.8.0-cp36-cp36m-win32.whl", hash = "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2"}, + {file = "psutil-5.8.0-cp36-cp36m-win_amd64.whl", hash = "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d"}, + {file = "psutil-5.8.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023"}, + {file = "psutil-5.8.0-cp37-cp37m-win32.whl", hash = "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394"}, + {file = "psutil-5.8.0-cp37-cp37m-win_amd64.whl", hash = "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563"}, + {file = "psutil-5.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b"}, + {file = "psutil-5.8.0-cp38-cp38-win32.whl", hash = "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d"}, + {file = "psutil-5.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d"}, + {file = "psutil-5.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b"}, + {file = "psutil-5.8.0-cp39-cp39-win32.whl", hash = "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0"}, + {file = "psutil-5.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3"}, + {file = "psutil-5.8.0.tar.gz", hash = "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6"}, +] py = [ {file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"}, {file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"}, @@ -445,48 +543,87 @@ pytest = [ {file = "pytest-6.2.4-py3-none-any.whl", hash = "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890"}, {file = "pytest-6.2.4.tar.gz", hash = "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b"}, ] +pytest-forked = [ + {file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"}, + {file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"}, +] +pytest-xdist = [ + {file = "pytest-xdist-2.3.0.tar.gz", hash = "sha256:e8ecde2f85d88fbcadb7d28cb33da0fa29bca5cf7d5967fa89fc0e97e5299ea5"}, + {file = "pytest_xdist-2.3.0-py3-none-any.whl", hash = "sha256:ed3d7da961070fce2a01818b51f6888327fb88df4379edeb6b9d990e789d9c8d"}, +] +pyyaml = [ + {file = "PyYAML-5.4.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922"}, + {file = "PyYAML-5.4.1-cp27-cp27m-win32.whl", hash = "sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393"}, + {file = "PyYAML-5.4.1-cp27-cp27m-win_amd64.whl", hash = "sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8"}, + {file = "PyYAML-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185"}, + {file = "PyYAML-5.4.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253"}, + {file = "PyYAML-5.4.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc"}, + {file = "PyYAML-5.4.1-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:72a01f726a9c7851ca9bfad6fd09ca4e090a023c00945ea05ba1638c09dc3347"}, + {file = "PyYAML-5.4.1-cp36-cp36m-manylinux2014_s390x.whl", hash = "sha256:895f61ef02e8fed38159bb70f7e100e00f471eae2bc838cd0f4ebb21e28f8541"}, + {file = "PyYAML-5.4.1-cp36-cp36m-win32.whl", hash = "sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5"}, + {file = "PyYAML-5.4.1-cp36-cp36m-win_amd64.whl", hash = "sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df"}, + {file = "PyYAML-5.4.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018"}, + {file = "PyYAML-5.4.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63"}, + {file = "PyYAML-5.4.1-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:cb333c16912324fd5f769fff6bc5de372e9e7a202247b48870bc251ed40239aa"}, + {file = "PyYAML-5.4.1-cp37-cp37m-manylinux2014_s390x.whl", hash = "sha256:fe69978f3f768926cfa37b867e3843918e012cf83f680806599ddce33c2c68b0"}, + {file = "PyYAML-5.4.1-cp37-cp37m-win32.whl", hash = "sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b"}, + {file = "PyYAML-5.4.1-cp37-cp37m-win_amd64.whl", hash = "sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf"}, + {file = "PyYAML-5.4.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46"}, + {file = "PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb"}, + {file = "PyYAML-5.4.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:fd7f6999a8070df521b6384004ef42833b9bd62cfee11a09bda1079b4b704247"}, + {file = "PyYAML-5.4.1-cp38-cp38-manylinux2014_s390x.whl", hash = "sha256:bfb51918d4ff3d77c1c856a9699f8492c612cde32fd3bcd344af9be34999bfdc"}, + {file = "PyYAML-5.4.1-cp38-cp38-win32.whl", hash = "sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc"}, + {file = "PyYAML-5.4.1-cp38-cp38-win_amd64.whl", hash = "sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696"}, + {file = "PyYAML-5.4.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77"}, + {file = "PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183"}, + {file = "PyYAML-5.4.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:d483ad4e639292c90170eb6f7783ad19490e7a8defb3e46f97dfe4bacae89122"}, + {file = "PyYAML-5.4.1-cp39-cp39-manylinux2014_s390x.whl", hash = "sha256:fdc842473cd33f45ff6bce46aea678a54e3d21f1b61a7750ce3c498eedfe25d6"}, + {file = "PyYAML-5.4.1-cp39-cp39-win32.whl", hash = "sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10"}, + {file = "PyYAML-5.4.1-cp39-cp39-win_amd64.whl", hash = "sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db"}, + {file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"}, +] regex = [ - {file = "regex-2021.4.4-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:619d71c59a78b84d7f18891fe914446d07edd48dc8328c8e149cbe0929b4e000"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:47bf5bf60cf04d72bf6055ae5927a0bd9016096bf3d742fa50d9bf9f45aa0711"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:281d2fd05555079448537fe108d79eb031b403dac622621c78944c235f3fcf11"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:bd28bc2e3a772acbb07787c6308e00d9626ff89e3bfcdebe87fa5afbfdedf968"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:7c2a1af393fcc09e898beba5dd59196edaa3116191cc7257f9224beaed3e1aa0"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c38c71df845e2aabb7fb0b920d11a1b5ac8526005e533a8920aea97efb8ec6a4"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:96fcd1888ab4d03adfc9303a7b3c0bd78c5412b2bfbe76db5b56d9eae004907a"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:ade17eb5d643b7fead300a1641e9f45401c98eee23763e9ed66a43f92f20b4a7"}, - {file = "regex-2021.4.4-cp36-cp36m-win32.whl", hash = "sha256:e8e5b509d5c2ff12f8418006d5a90e9436766133b564db0abaec92fd27fcee29"}, - {file = "regex-2021.4.4-cp36-cp36m-win_amd64.whl", hash = "sha256:11d773d75fa650cd36f68d7ca936e3c7afaae41b863b8c387a22aaa78d3c5c79"}, - {file = "regex-2021.4.4-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:d3029c340cfbb3ac0a71798100ccc13b97dddf373a4ae56b6a72cf70dfd53bc8"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:18c071c3eb09c30a264879f0d310d37fe5d3a3111662438889ae2eb6fc570c31"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:4c557a7b470908b1712fe27fb1ef20772b78079808c87d20a90d051660b1d69a"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:01afaf2ec48e196ba91b37451aa353cb7eda77efe518e481707e0515025f0cd5"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:3a9cd17e6e5c7eb328517969e0cb0c3d31fd329298dd0c04af99ebf42e904f82"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:90f11ff637fe8798933fb29f5ae1148c978cccb0452005bf4c69e13db951e765"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:919859aa909429fb5aa9cf8807f6045592c85ef56fdd30a9a3747e513db2536e"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:339456e7d8c06dd36a22e451d58ef72cef293112b559010db3d054d5560ef439"}, - {file = "regex-2021.4.4-cp37-cp37m-win32.whl", hash = "sha256:67bdb9702427ceddc6ef3dc382455e90f785af4c13d495f9626861763ee13f9d"}, - {file = "regex-2021.4.4-cp37-cp37m-win_amd64.whl", hash = "sha256:32e65442138b7b76dd8173ffa2cf67356b7bc1768851dded39a7a13bf9223da3"}, - {file = "regex-2021.4.4-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1e1c20e29358165242928c2de1482fb2cf4ea54a6a6dea2bd7a0e0d8ee321500"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_i686.whl", hash = "sha256:314d66636c494ed9c148a42731b3834496cc9a2c4251b1661e40936814542b14"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:6d1b01031dedf2503631d0903cb563743f397ccaf6607a5e3b19a3d76fc10480"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:741a9647fcf2e45f3a1cf0e24f5e17febf3efe8d4ba1281dcc3aa0459ef424dc"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:4c46e22a0933dd783467cf32b3516299fb98cfebd895817d685130cc50cd1093"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:e512d8ef5ad7b898cdb2d8ee1cb09a8339e4f8be706d27eaa180c2f177248a10"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:980d7be47c84979d9136328d882f67ec5e50008681d94ecc8afa8a65ed1f4a6f"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:ce15b6d103daff8e9fee13cf7f0add05245a05d866e73926c358e871221eae87"}, - {file = "regex-2021.4.4-cp38-cp38-win32.whl", hash = "sha256:a91aa8619b23b79bcbeb37abe286f2f408d2f2d6f29a17237afda55bb54e7aac"}, - {file = "regex-2021.4.4-cp38-cp38-win_amd64.whl", hash = "sha256:c0502c0fadef0d23b128605d69b58edb2c681c25d44574fc673b0e52dce71ee2"}, - {file = "regex-2021.4.4-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:598585c9f0af8374c28edd609eb291b5726d7cbce16be6a8b95aa074d252ee17"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_i686.whl", hash = "sha256:ee54ff27bf0afaf4c3b3a62bcd016c12c3fdb4ec4f413391a90bd38bc3624605"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7d9884d86dd4dd489e981d94a65cd30d6f07203d90e98f6f657f05170f6324c9"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:bf5824bfac591ddb2c1f0a5f4ab72da28994548c708d2191e3b87dd207eb3ad7"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:563085e55b0d4fb8f746f6a335893bda5c2cef43b2f0258fe1020ab1dd874df8"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9c3db21af35e3b3c05764461b262d6f05bbca08a71a7849fd79d47ba7bc33ed"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:3916d08be28a1149fb97f7728fca1f7c15d309a9f9682d89d79db75d5e52091c"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:fd45ff9293d9274c5008a2054ecef86a9bfe819a67c7be1afb65e69b405b3042"}, - {file = "regex-2021.4.4-cp39-cp39-win32.whl", hash = "sha256:fa4537fb4a98fe8fde99626e4681cc644bdcf2a795038533f9f711513a862ae6"}, - {file = "regex-2021.4.4-cp39-cp39-win_amd64.whl", hash = "sha256:97f29f57d5b84e73fbaf99ab3e26134e6687348e95ef6b48cfd2c06807005a07"}, - {file = "regex-2021.4.4.tar.gz", hash = "sha256:52ba3d3f9b942c49d7e4bc105bb28551c44065f139a65062ab7912bef10c9afb"}, + {file = "regex-2021.7.6-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:e6a1e5ca97d411a461041d057348e578dc344ecd2add3555aedba3b408c9f874"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:6afe6a627888c9a6cfbb603d1d017ce204cebd589d66e0703309b8048c3b0854"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ccb3d2190476d00414aab36cca453e4596e8f70a206e2aa8db3d495a109153d2"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:ed693137a9187052fc46eedfafdcb74e09917166362af4cc4fddc3b31560e93d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99d8ab206a5270c1002bfcf25c51bf329ca951e5a169f3b43214fdda1f0b5f0d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:b85ac458354165405c8a84725de7bbd07b00d9f72c31a60ffbf96bb38d3e25fa"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:3f5716923d3d0bfb27048242a6e0f14eecdb2e2a7fac47eda1d055288595f222"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e5983c19d0beb6af88cb4d47afb92d96751fb3fa1784d8785b1cdf14c6519407"}, + {file = "regex-2021.7.6-cp36-cp36m-win32.whl", hash = "sha256:c92831dac113a6e0ab28bc98f33781383fe294df1a2c3dfd1e850114da35fd5b"}, + {file = "regex-2021.7.6-cp36-cp36m-win_amd64.whl", hash = "sha256:791aa1b300e5b6e5d597c37c346fb4d66422178566bbb426dd87eaae475053fb"}, + {file = "regex-2021.7.6-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:59506c6e8bd9306cd8a41511e32d16d5d1194110b8cfe5a11d102d8b63cf945d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:564a4c8a29435d1f2256ba247a0315325ea63335508ad8ed938a4f14c4116a5d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:59c00bb8dd8775473cbfb967925ad2c3ecc8886b3b2d0c90a8e2707e06c743f0"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:9a854b916806c7e3b40e6616ac9e85d3cdb7649d9e6590653deb5b341a736cec"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:db2b7df831c3187a37f3bb80ec095f249fa276dbe09abd3d35297fc250385694"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:173bc44ff95bc1e96398c38f3629d86fa72e539c79900283afa895694229fe6a"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:15dddb19823f5147e7517bb12635b3c82e6f2a3a6b696cc3e321522e8b9308ad"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ddeabc7652024803666ea09f32dd1ed40a0579b6fbb2a213eba590683025895"}, + {file = "regex-2021.7.6-cp37-cp37m-win32.whl", hash = "sha256:f080248b3e029d052bf74a897b9d74cfb7643537fbde97fe8225a6467fb559b5"}, + {file = "regex-2021.7.6-cp37-cp37m-win_amd64.whl", hash = "sha256:d8bbce0c96462dbceaa7ac4a7dfbbee92745b801b24bce10a98d2f2b1ea9432f"}, + {file = "regex-2021.7.6-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:edd1a68f79b89b0c57339bce297ad5d5ffcc6ae7e1afdb10f1947706ed066c9c"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_i686.whl", hash = "sha256:422dec1e7cbb2efbbe50e3f1de36b82906def93ed48da12d1714cabcd993d7f0"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:cbe23b323988a04c3e5b0c387fe3f8f363bf06c0680daf775875d979e376bd26"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:0eb2c6e0fcec5e0f1d3bcc1133556563222a2ffd2211945d7b1480c1b1a42a6f"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:1c78780bf46d620ff4fff40728f98b8afd8b8e35c3efd638c7df67be2d5cddbf"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:bc84fb254a875a9f66616ed4538542fb7965db6356f3df571d783f7c8d256edd"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:598c0a79b4b851b922f504f9f39a863d83ebdfff787261a5ed061c21e67dd761"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:875c355360d0f8d3d827e462b29ea7682bf52327d500a4f837e934e9e4656068"}, + {file = "regex-2021.7.6-cp38-cp38-win32.whl", hash = "sha256:e586f448df2bbc37dfadccdb7ccd125c62b4348cb90c10840d695592aa1b29e0"}, + {file = "regex-2021.7.6-cp38-cp38-win_amd64.whl", hash = "sha256:2fe5e71e11a54e3355fa272137d521a40aace5d937d08b494bed4529964c19c4"}, + {file = "regex-2021.7.6-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6110bab7eab6566492618540c70edd4d2a18f40ca1d51d704f1d81c52d245026"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_i686.whl", hash = "sha256:4f64fc59fd5b10557f6cd0937e1597af022ad9b27d454e182485f1db3008f417"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:89e5528803566af4df368df2d6f503c84fbfb8249e6631c7b025fe23e6bd0cde"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2366fe0479ca0e9afa534174faa2beae87847d208d457d200183f28c74eaea59"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:f9392a4555f3e4cb45310a65b403d86b589adc773898c25a39184b1ba4db8985"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:2bceeb491b38225b1fee4517107b8491ba54fba77cf22a12e996d96a3c55613d"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:f98dc35ab9a749276f1a4a38ab3e0e2ba1662ce710f6530f5b0a6656f1c32b58"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:319eb2a8d0888fa6f1d9177705f341bc9455a2c8aca130016e52c7fe8d6c37a3"}, + {file = "regex-2021.7.6-cp39-cp39-win32.whl", hash = "sha256:eaf58b9e30e0e546cdc3ac06cf9165a1ca5b3de8221e9df679416ca667972035"}, + {file = "regex-2021.7.6-cp39-cp39-win_amd64.whl", hash = "sha256:4c9c3155fe74269f61e27617529b7f09552fbb12e44b1189cebbdb24294e6e1c"}, + {file = "regex-2021.7.6.tar.gz", hash = "sha256:8394e266005f2d8c6f0bc6780001f7afa3ef81a7a2111fa35058ded6fce79e4d"}, ] tokenize-rt = [ {file = "tokenize_rt-4.1.0-py2.py3-none-any.whl", hash = "sha256:b37251fa28c21e8cce2e42f7769a35fba2dd2ecafb297208f9a9a8add3ca7793"}, @@ -496,37 +633,9 @@ toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] -typed-ast = [ - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:2068531575a125b87a41802130fa7e29f26c09a2833fea68d9a40cf33902eba6"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:c907f561b1e83e93fad565bac5ba9c22d96a54e7ea0267c708bffe863cbe4075"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux2014_aarch64.whl", hash = "sha256:1b3ead4a96c9101bef08f9f7d1217c096f31667617b58de957f690c92378b528"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:dde816ca9dac1d9c01dd504ea5967821606f02e510438120091b84e852367428"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:777a26c84bea6cd934422ac2e3b78863a37017618b6e5c08f92ef69853e765d3"}, - {file = "typed_ast-1.4.3-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:f8afcf15cc511ada719a88e013cec87c11aff7b91f019295eb4530f96fe5ef2f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:52b1eb8c83f178ab787f3a4283f68258525f8d70f778a2f6dd54d3b5e5fb4341"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:01ae5f73431d21eead5015997ab41afa53aa1fbe252f9da060be5dad2c730ace"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c190f0899e9f9f8b6b7863debfb739abcb21a5c054f911ca3596d12b8a4c4c7f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:398e44cd480f4d2b7ee8d98385ca104e35c81525dd98c519acff1b79bdaac363"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:bff6ad71c81b3bba8fa35f0f1921fb24ff4476235a6e94a26ada2e54370e6da7"}, - {file = "typed_ast-1.4.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:0fb71b8c643187d7492c1f8352f2c15b4c4af3f6338f21681d3681b3dc31a266"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:760ad187b1041a154f0e4d0f6aae3e40fdb51d6de16e5c99aedadd9246450e9e"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:5feca99c17af94057417d744607b82dd0a664fd5e4ca98061480fd8b14b18d04"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:95431a26309a21874005845c21118c83991c63ea800dd44843e42a916aec5899"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:aee0c1256be6c07bd3e1263ff920c325b59849dc95392a05f258bb9b259cf39c"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9ad2c92ec681e02baf81fdfa056fe0d818645efa9af1f1cd5fd6f1bd2bdfd805"}, - {file = "typed_ast-1.4.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b36b4f3920103a25e1d5d024d155c504080959582b928e91cb608a65c3a49e1a"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_i686.whl", hash = "sha256:067a74454df670dcaa4e59349a2e5c81e567d8d65458d480a5b3dfecec08c5ff"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:7538e495704e2ccda9b234b82423a4038f324f3a10c43bc088a1636180f11a41"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:af3d4a73793725138d6b334d9d247ce7e5f084d96284ed23f22ee626a7b88e39"}, - {file = "typed_ast-1.4.3-cp38-cp38-win32.whl", hash = "sha256:f2362f3cb0f3172c42938946dbc5b7843c2a28aec307c49100c8b38764eb6927"}, - {file = "typed_ast-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:dd4a21253f42b8d2b48410cb31fe501d32f8b9fbeb1f55063ad102fe9c425e40"}, - {file = "typed_ast-1.4.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f328adcfebed9f11301eaedfa48e15bdece9b519fb27e6a8c01aa52a17ec31b3"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:2c726c276d09fc5c414693a2de063f521052d9ea7c240ce553316f70656c84d4"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:cae53c389825d3b46fb37538441f75d6aecc4174f615d048321b716df2757fb0"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9574c6f03f685070d859e75c7f9eeca02d6933273b5e69572e5ff9d5e3931c3"}, - {file = "typed_ast-1.4.3-cp39-cp39-win32.whl", hash = "sha256:209596a4ec71d990d71d5e0d312ac935d86930e6eecff6ccc7007fe54d703808"}, - {file = "typed_ast-1.4.3-cp39-cp39-win_amd64.whl", hash = "sha256:9c6d1a54552b5330bc657b7ef0eae25d00ba7ffe85d9ea8ae6540d2197a3788c"}, - {file = "typed_ast-1.4.3.tar.gz", hash = "sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65"}, +types-pyyaml = [ + {file = "types-PyYAML-5.4.3.tar.gz", hash = "sha256:2e7b81b2b7af751634425107b986086c6ba7cb61270a43a5c290c58be8cdbc3a"}, + {file = "types_PyYAML-5.4.3-py2.py3-none-any.whl", hash = "sha256:bca83cbfc0be48600a8abf1e3d87fb762a91e6d35d724029a3321dd2dce2ceb1"}, ] typing-extensions = [ {file = "typing_extensions-3.10.0.0-py2-none-any.whl", hash = "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497"}, diff --git a/libs/skyline-config/pyproject.toml b/libs/skyline-config/pyproject.toml index 001f5b1..46936a6 100644 --- a/libs/skyline-config/pyproject.toml +++ b/libs/skyline-config/pyproject.toml @@ -9,46 +9,17 @@ authors = ["OpenStack "] python = "^3.8" pydantic = "*" immutables = "*" +PyYAML = "*" [tool.poetry.dev-dependencies] -pytest = "*" -mypy = "*" -black = "^20.8b1" isort = "*" -flake8 = "*" +black = "^21.5b1" add-trailing-comma = "*" - -[tool.black] -line-length = 98 -target-version = ['py38'] -include = '\.pyi?$' -exclude = ''' -( - /( - \.eggs - | \.git - | \.hg - | \.mypy_cache - | \.tox - | \.venv - | _build - | buck-out - | build - | dist - )/ - | exclude.py -) -''' -verbos = true - -[tool.isort] -multi_line_output = 3 -include_trailing_comma = true -force_grid_wrap = 0 -use_parentheses = true -line_length = 98 -reverse_relative = true -combine_as_imports = true +flake8 = "*" +mypy = "*" +types-PyYAML = "*" +pytest = "*" +pytest-xdist = {extras = ["psutil"], version = "*"} [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/libs/skyline-config/src/skyline_config/__init__.py b/libs/skyline-config/skyline_config/__init__.py similarity index 100% rename from libs/skyline-config/src/skyline_config/__init__.py rename to libs/skyline-config/skyline_config/__init__.py diff --git a/libs/skyline-config/src/skyline_config/config.py b/libs/skyline-config/skyline_config/config.py similarity index 97% rename from libs/skyline-config/src/skyline_config/config.py rename to libs/skyline-config/skyline_config/config.py index fc9c142..b21ea9c 100644 --- a/libs/skyline-config/src/skyline_config/config.py +++ b/libs/skyline-config/skyline_config/config.py @@ -18,13 +18,15 @@ import os import warnings from dataclasses import InitVar, dataclass, field from pathlib import Path, PurePath -from typing import Any, Dict, Iterator, Sequence, Tuple, Type +from typing import TYPE_CHECKING, Any, Dict, Iterator, Sequence, Tuple, Type import yaml from immutables import Map -from immutables._map import MapItems, MapKeys, MapValues from pydantic import BaseModel, create_model +if TYPE_CHECKING: + from immutables._map import MapItems, MapKeys, MapValues + @dataclass(frozen=True) class Opt: diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/cmd/__init__.py b/libs/skyline-config/skyline_config/py.typed similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/cmd/__init__.py rename to libs/skyline-config/skyline_config/py.typed diff --git a/libs/skyline-log/.flake8 b/libs/skyline-log/.flake8 deleted file mode 100644 index e5582fa..0000000 --- a/libs/skyline-log/.flake8 +++ /dev/null @@ -1,5 +0,0 @@ -[flake8] -max-line-length = 99 -max-doc-length = 99 -show-source = True -extend-ignore = E203 diff --git a/libs/skyline-log/LICENSE b/libs/skyline-log/LICENSE deleted file mode 100644 index f433b1a..0000000 --- a/libs/skyline-log/LICENSE +++ /dev/null @@ -1,177 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/libs/skyline-log/Makefile b/libs/skyline-log/Makefile index d42f081..5695936 100644 --- a/libs/skyline-log/Makefile +++ b/libs/skyline-log/Makefile @@ -1,6 +1,8 @@ PYTHON ?= python3 -SOURCES := src -TESTS := tests + + +.PHONY: all +all: install fmt lint test package .PHONY: venv @@ -10,26 +12,30 @@ venv: .PHONY: install install: venv - poetry run pip install -U pip - poetry run pip install -U setuptools + poetry run pip install -U pip setuptools poetry install -vvv -.PHONY: build -build: - poetry build - - -.PHONY: lint -lint: - poetry run mypy --no-incremental $(SOURCES) - poetry run isort --check-only --diff $(SOURCES) $(TESTS) - poetry run black --check --diff --color $(SOURCES) $(TESTS) - poetry run flake8 $(SOURCES) $(TESTS) +.PHONY: package +package: + poetry build -f wheel .PHONY: fmt fmt: - poetry run isort $(SOURCES) $(TESTS) - poetry run black $(SOURCES) $(TESTS) - poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed `find $(SOURCES) $(TESTS) -name '*.py'` + poetry run isort $$(git ls-files -- **/*.py) + poetry run black --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $$(git ls-files -- **/*.py) + + +.PHONY: lint +lint: + poetry run mypy --no-incremental $$(git ls-files -- **/*.py) + poetry run isort --check-only --diff $$(git ls-files -- **/*.py) + poetry run black --check --diff --color --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run flake8 $$(git ls-files -- **/*.py) + + +.PHONY: test +test: + echo TODO diff --git a/libs/skyline-log/mypy.ini b/libs/skyline-log/mypy.ini deleted file mode 100644 index baa39f6..0000000 --- a/libs/skyline-log/mypy.ini +++ /dev/null @@ -1,3 +0,0 @@ -[mypy] -show_error_codes = true -show_error_context = true diff --git a/libs/skyline-log/poetry.lock b/libs/skyline-log/poetry.lock index 465923c..fbff01f 100644 --- a/libs/skyline-log/poetry.lock +++ b/libs/skyline-log/poetry.lock @@ -41,29 +41,29 @@ tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (> [[package]] name = "black" -version = "20.8b1" +version = "21.6b0" description = "The uncompromising code formatter." category = "dev" optional = false -python-versions = ">=3.6" +python-versions = ">=3.6.2" [package.dependencies] appdirs = "*" click = ">=7.1.2" mypy-extensions = ">=0.4.3" -pathspec = ">=0.6,<1" +pathspec = ">=0.8.1,<1" regex = ">=2020.1.8" toml = ">=0.10.1" -typed-ast = ">=1.4.0" -typing-extensions = ">=3.7.4" [package.extras] colorama = ["colorama (>=0.4.3)"] -d = ["aiohttp (>=3.3.2)", "aiohttp-cors"] +d = ["aiohttp (>=3.6.0)", "aiohttp-cors (>=0.4.0)"] +python2 = ["typed-ast (>=1.4.2)"] +uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "click" -version = "8.0.0" +version = "8.0.1" description = "Composable command line interface toolkit" category = "dev" optional = false @@ -80,6 +80,17 @@ category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +[[package]] +name = "execnet" +version = "1.9.0" +description = "execnet: rapid multi-Python deployment" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.extras] +testing = ["pre-commit"] + [[package]] name = "flake8" version = "3.9.2" @@ -103,16 +114,17 @@ python-versions = "*" [[package]] name = "isort" -version = "5.8.0" +version = "5.9.2" description = "A Python utility / library to sort Python imports." category = "dev" optional = false -python-versions = ">=3.6,<4.0" +python-versions = ">=3.6.1,<4.0" [package.extras] pipfile_deprecated_finder = ["pipreqs", "requirementslib"] requirements_deprecated_finder = ["pipreqs", "pip-api"] colors = ["colorama (>=0.4.3,<0.5.0)"] +plugins = ["setuptools"] [[package]] name = "loguru" @@ -139,7 +151,7 @@ python-versions = "*" [[package]] name = "mypy" -version = "0.812" +version = "0.910" description = "Optional static typing for Python" category = "dev" optional = false @@ -147,11 +159,12 @@ python-versions = ">=3.5" [package.dependencies] mypy-extensions = ">=0.4.3,<0.5.0" -typed-ast = ">=1.4.0,<1.5.0" +toml = "*" typing-extensions = ">=3.7.4" [package.extras] dmypy = ["psutil (>=4.0)"] +python2 = ["typed-ast (>=1.4.0,<1.5.0)"] [[package]] name = "mypy-extensions" @@ -163,11 +176,11 @@ python-versions = "*" [[package]] name = "packaging" -version = "20.9" +version = "21.0" description = "Core utilities for Python packages" category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.6" [package.dependencies] pyparsing = ">=2.0.2" @@ -191,6 +204,17 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" [package.extras] dev = ["pre-commit", "tox"] +[[package]] +name = "psutil" +version = "5.8.0" +description = "Cross-platform lib for process and system monitoring in Python." +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.extras] +test = ["ipaddress", "mock", "unittest2", "enum34", "pywin32", "wmi"] + [[package]] name = "py" version = "1.10.0" @@ -244,9 +268,39 @@ toml = "*" [package.extras] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] +[[package]] +name = "pytest-forked" +version = "1.3.0" +description = "run tests in isolated forked subprocesses" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.dependencies] +py = "*" +pytest = ">=3.10" + +[[package]] +name = "pytest-xdist" +version = "2.3.0" +description = "pytest xdist plugin for distributed testing and loop-on-failing modes" +category = "dev" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +execnet = ">=1.1" +psutil = {version = ">=3.0", optional = true, markers = "extra == \"psutil\""} +pytest = ">=6.0.0" +pytest-forked = "*" + +[package.extras] +psutil = ["psutil (>=3.0)"] +testing = ["filelock"] + [[package]] name = "regex" -version = "2021.4.4" +version = "2021.7.6" description = "Alternative regular expression module, to replace re." category = "dev" optional = false @@ -268,14 +322,6 @@ category = "dev" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -[[package]] -name = "typed-ast" -version = "1.4.3" -description = "a fork of Python 2 and 3 ast modules with type comment support" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "typing-extensions" version = "3.10.0.0" @@ -298,7 +344,7 @@ dev = ["pytest (>=4.6.2)", "black (>=19.3b0)"] [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "514eb800914e4b19c4fe26cc33512163ef7f38e7d422059c8c941b71e830def0" +content-hash = "9dcd1ca4b24c38131f8fda2443cb847c1d89703201024026562cc27d6fe984b1" [metadata.files] add-trailing-comma = [ @@ -318,16 +364,21 @@ attrs = [ {file = "attrs-21.2.0.tar.gz", hash = "sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb"}, ] black = [ - {file = "black-20.8b1.tar.gz", hash = "sha256:1c02557aa099101b9d21496f8a914e9ed2222ef70336404eeeac8edba836fbea"}, + {file = "black-21.6b0-py3-none-any.whl", hash = "sha256:dfb8c5a069012b2ab1e972e7b908f5fb42b6bbabcba0a788b86dc05067c7d9c7"}, + {file = "black-21.6b0.tar.gz", hash = "sha256:dc132348a88d103016726fe360cb9ede02cecf99b76e3660ce6c596be132ce04"}, ] click = [ - {file = "click-8.0.0-py3-none-any.whl", hash = "sha256:e90e62ced43dc8105fb9a26d62f0d9340b5c8db053a814e25d95c19873ae87db"}, - {file = "click-8.0.0.tar.gz", hash = "sha256:7d8c289ee437bcb0316820ccee14aefcb056e58d31830ecab8e47eda6540e136"}, + {file = "click-8.0.1-py3-none-any.whl", hash = "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6"}, + {file = "click-8.0.1.tar.gz", hash = "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a"}, ] colorama = [ {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, {file = "colorama-0.4.4.tar.gz", hash = "sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"}, ] +execnet = [ + {file = "execnet-1.9.0-py2.py3-none-any.whl", hash = "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"}, + {file = "execnet-1.9.0.tar.gz", hash = "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5"}, +] flake8 = [ {file = "flake8-3.9.2-py2.py3-none-any.whl", hash = "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"}, {file = "flake8-3.9.2.tar.gz", hash = "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"}, @@ -337,8 +388,8 @@ iniconfig = [ {file = "iniconfig-1.1.1.tar.gz", hash = "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"}, ] isort = [ - {file = "isort-5.8.0-py3-none-any.whl", hash = "sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d"}, - {file = "isort-5.8.0.tar.gz", hash = "sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6"}, + {file = "isort-5.9.2-py3-none-any.whl", hash = "sha256:eed17b53c3e7912425579853d078a0832820f023191561fcee9d7cae424e0813"}, + {file = "isort-5.9.2.tar.gz", hash = "sha256:f65ce5bd4cbc6abdfbe29afc2f0245538ab358c14590912df638033f157d555e"}, ] loguru = [ {file = "loguru-0.5.3-py3-none-any.whl", hash = "sha256:f8087ac396b5ee5f67c963b495d615ebbceac2796379599820e324419d53667c"}, @@ -349,36 +400,37 @@ mccabe = [ {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, ] mypy = [ - {file = "mypy-0.812-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a26f8ec704e5a7423c8824d425086705e381b4f1dfdef6e3a1edab7ba174ec49"}, - {file = "mypy-0.812-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:28fb5479c494b1bab244620685e2eb3c3f988d71fd5d64cc753195e8ed53df7c"}, - {file = "mypy-0.812-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:9743c91088d396c1a5a3c9978354b61b0382b4e3c440ce83cf77994a43e8c521"}, - {file = "mypy-0.812-cp35-cp35m-win_amd64.whl", hash = "sha256:d7da2e1d5f558c37d6e8c1246f1aec1e7349e4913d8fb3cb289a35de573fe2eb"}, - {file = "mypy-0.812-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4eec37370483331d13514c3f55f446fc5248d6373e7029a29ecb7b7494851e7a"}, - {file = "mypy-0.812-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d65cc1df038ef55a99e617431f0553cd77763869eebdf9042403e16089fe746c"}, - {file = "mypy-0.812-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:61a3d5b97955422964be6b3baf05ff2ce7f26f52c85dd88db11d5e03e146a3a6"}, - {file = "mypy-0.812-cp36-cp36m-win_amd64.whl", hash = "sha256:25adde9b862f8f9aac9d2d11971f226bd4c8fbaa89fb76bdadb267ef22d10064"}, - {file = "mypy-0.812-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:552a815579aa1e995f39fd05dde6cd378e191b063f031f2acfe73ce9fb7f9e56"}, - {file = "mypy-0.812-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:499c798053cdebcaa916eef8cd733e5584b5909f789de856b482cd7d069bdad8"}, - {file = "mypy-0.812-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:5873888fff1c7cf5b71efbe80e0e73153fe9212fafdf8e44adfe4c20ec9f82d7"}, - {file = "mypy-0.812-cp37-cp37m-win_amd64.whl", hash = "sha256:9f94aac67a2045ec719ffe6111df543bac7874cee01f41928f6969756e030564"}, - {file = "mypy-0.812-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d23e0ea196702d918b60c8288561e722bf437d82cb7ef2edcd98cfa38905d506"}, - {file = "mypy-0.812-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:674e822aa665b9fd75130c6c5f5ed9564a38c6cea6a6432ce47eafb68ee578c5"}, - {file = "mypy-0.812-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:abf7e0c3cf117c44d9285cc6128856106183938c68fd4944763003decdcfeb66"}, - {file = "mypy-0.812-cp38-cp38-win_amd64.whl", hash = "sha256:0d0a87c0e7e3a9becdfbe936c981d32e5ee0ccda3e0f07e1ef2c3d1a817cf73e"}, - {file = "mypy-0.812-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:7ce3175801d0ae5fdfa79b4f0cfed08807af4d075b402b7e294e6aa72af9aa2a"}, - {file = "mypy-0.812-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:b09669bcda124e83708f34a94606e01b614fa71931d356c1f1a5297ba11f110a"}, - {file = "mypy-0.812-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:33f159443db0829d16f0a8d83d94df3109bb6dd801975fe86bacb9bf71628e97"}, - {file = "mypy-0.812-cp39-cp39-win_amd64.whl", hash = "sha256:3f2aca7f68580dc2508289c729bd49ee929a436208d2b2b6aab15745a70a57df"}, - {file = "mypy-0.812-py3-none-any.whl", hash = "sha256:2f9b3407c58347a452fc0736861593e105139b905cca7d097e413453a1d650b4"}, - {file = "mypy-0.812.tar.gz", hash = "sha256:cd07039aa5df222037005b08fbbfd69b3ab0b0bd7a07d7906de75ae52c4e3119"}, + {file = "mypy-0.910-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a155d80ea6cee511a3694b108c4494a39f42de11ee4e61e72bc424c490e46457"}, + {file = "mypy-0.910-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:b94e4b785e304a04ea0828759172a15add27088520dc7e49ceade7834275bedb"}, + {file = "mypy-0.910-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:088cd9c7904b4ad80bec811053272986611b84221835e079be5bcad029e79dd9"}, + {file = "mypy-0.910-cp35-cp35m-win_amd64.whl", hash = "sha256:adaeee09bfde366d2c13fe6093a7df5df83c9a2ba98638c7d76b010694db760e"}, + {file = "mypy-0.910-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:ecd2c3fe726758037234c93df7e98deb257fd15c24c9180dacf1ef829da5f921"}, + {file = "mypy-0.910-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d9dd839eb0dc1bbe866a288ba3c1afc33a202015d2ad83b31e875b5905a079b6"}, + {file = "mypy-0.910-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:3e382b29f8e0ccf19a2df2b29a167591245df90c0b5a2542249873b5c1d78212"}, + {file = "mypy-0.910-cp36-cp36m-win_amd64.whl", hash = "sha256:53fd2eb27a8ee2892614370896956af2ff61254c275aaee4c230ae771cadd885"}, + {file = "mypy-0.910-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b6fb13123aeef4a3abbcfd7e71773ff3ff1526a7d3dc538f3929a49b42be03f0"}, + {file = "mypy-0.910-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:e4dab234478e3bd3ce83bac4193b2ecd9cf94e720ddd95ce69840273bf44f6de"}, + {file = "mypy-0.910-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:7df1ead20c81371ccd6091fa3e2878559b5c4d4caadaf1a484cf88d93ca06703"}, + {file = "mypy-0.910-cp37-cp37m-win_amd64.whl", hash = "sha256:0aadfb2d3935988ec3815952e44058a3100499f5be5b28c34ac9d79f002a4a9a"}, + {file = "mypy-0.910-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ec4e0cd079db280b6bdabdc807047ff3e199f334050db5cbb91ba3e959a67504"}, + {file = "mypy-0.910-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:119bed3832d961f3a880787bf621634ba042cb8dc850a7429f643508eeac97b9"}, + {file = "mypy-0.910-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:866c41f28cee548475f146aa4d39a51cf3b6a84246969f3759cb3e9c742fc072"}, + {file = "mypy-0.910-cp38-cp38-win_amd64.whl", hash = "sha256:ceb6e0a6e27fb364fb3853389607cf7eb3a126ad335790fa1e14ed02fba50811"}, + {file = "mypy-0.910-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1a85e280d4d217150ce8cb1a6dddffd14e753a4e0c3cf90baabb32cefa41b59e"}, + {file = "mypy-0.910-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:42c266ced41b65ed40a282c575705325fa7991af370036d3f134518336636f5b"}, + {file = "mypy-0.910-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:3c4b8ca36877fc75339253721f69603a9c7fdb5d4d5a95a1a1b899d8b86a4de2"}, + {file = "mypy-0.910-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:c0df2d30ed496a08de5daed2a9ea807d07c21ae0ab23acf541ab88c24b26ab97"}, + {file = "mypy-0.910-cp39-cp39-win_amd64.whl", hash = "sha256:c6c2602dffb74867498f86e6129fd52a2770c48b7cd3ece77ada4fa38f94eba8"}, + {file = "mypy-0.910-py3-none-any.whl", hash = "sha256:ef565033fa5a958e62796867b1df10c40263ea9ded87164d67572834e57a174d"}, + {file = "mypy-0.910.tar.gz", hash = "sha256:704098302473cb31a218f1775a873b376b30b4c18229421e9e9dc8916fd16150"}, ] mypy-extensions = [ {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, {file = "mypy_extensions-0.4.3.tar.gz", hash = "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"}, ] packaging = [ - {file = "packaging-20.9-py2.py3-none-any.whl", hash = "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"}, - {file = "packaging-20.9.tar.gz", hash = "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5"}, + {file = "packaging-21.0-py3-none-any.whl", hash = "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"}, + {file = "packaging-21.0.tar.gz", hash = "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"}, ] pathspec = [ {file = "pathspec-0.8.1-py2.py3-none-any.whl", hash = "sha256:aa0cb481c4041bf52ffa7b0d8fa6cd3e88a2ca4879c533c9153882ee2556790d"}, @@ -388,6 +440,36 @@ pluggy = [ {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, ] +psutil = [ + {file = "psutil-5.8.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60"}, + {file = "psutil-5.8.0-cp27-none-win32.whl", hash = "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876"}, + {file = "psutil-5.8.0-cp27-none-win_amd64.whl", hash = "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65"}, + {file = "psutil-5.8.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac"}, + {file = "psutil-5.8.0-cp36-cp36m-win32.whl", hash = "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2"}, + {file = "psutil-5.8.0-cp36-cp36m-win_amd64.whl", hash = "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d"}, + {file = "psutil-5.8.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023"}, + {file = "psutil-5.8.0-cp37-cp37m-win32.whl", hash = "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394"}, + {file = "psutil-5.8.0-cp37-cp37m-win_amd64.whl", hash = "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563"}, + {file = "psutil-5.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b"}, + {file = "psutil-5.8.0-cp38-cp38-win32.whl", hash = "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d"}, + {file = "psutil-5.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d"}, + {file = "psutil-5.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b"}, + {file = "psutil-5.8.0-cp39-cp39-win32.whl", hash = "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0"}, + {file = "psutil-5.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3"}, + {file = "psutil-5.8.0.tar.gz", hash = "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6"}, +] py = [ {file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"}, {file = "py-1.10.0.tar.gz", hash = "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3"}, @@ -408,48 +490,56 @@ pytest = [ {file = "pytest-6.2.4-py3-none-any.whl", hash = "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890"}, {file = "pytest-6.2.4.tar.gz", hash = "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b"}, ] +pytest-forked = [ + {file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"}, + {file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"}, +] +pytest-xdist = [ + {file = "pytest-xdist-2.3.0.tar.gz", hash = "sha256:e8ecde2f85d88fbcadb7d28cb33da0fa29bca5cf7d5967fa89fc0e97e5299ea5"}, + {file = "pytest_xdist-2.3.0-py3-none-any.whl", hash = "sha256:ed3d7da961070fce2a01818b51f6888327fb88df4379edeb6b9d990e789d9c8d"}, +] regex = [ - {file = "regex-2021.4.4-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:619d71c59a78b84d7f18891fe914446d07edd48dc8328c8e149cbe0929b4e000"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:47bf5bf60cf04d72bf6055ae5927a0bd9016096bf3d742fa50d9bf9f45aa0711"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:281d2fd05555079448537fe108d79eb031b403dac622621c78944c235f3fcf11"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:bd28bc2e3a772acbb07787c6308e00d9626ff89e3bfcdebe87fa5afbfdedf968"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:7c2a1af393fcc09e898beba5dd59196edaa3116191cc7257f9224beaed3e1aa0"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c38c71df845e2aabb7fb0b920d11a1b5ac8526005e533a8920aea97efb8ec6a4"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:96fcd1888ab4d03adfc9303a7b3c0bd78c5412b2bfbe76db5b56d9eae004907a"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:ade17eb5d643b7fead300a1641e9f45401c98eee23763e9ed66a43f92f20b4a7"}, - {file = "regex-2021.4.4-cp36-cp36m-win32.whl", hash = "sha256:e8e5b509d5c2ff12f8418006d5a90e9436766133b564db0abaec92fd27fcee29"}, - {file = "regex-2021.4.4-cp36-cp36m-win_amd64.whl", hash = "sha256:11d773d75fa650cd36f68d7ca936e3c7afaae41b863b8c387a22aaa78d3c5c79"}, - {file = "regex-2021.4.4-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:d3029c340cfbb3ac0a71798100ccc13b97dddf373a4ae56b6a72cf70dfd53bc8"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:18c071c3eb09c30a264879f0d310d37fe5d3a3111662438889ae2eb6fc570c31"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:4c557a7b470908b1712fe27fb1ef20772b78079808c87d20a90d051660b1d69a"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:01afaf2ec48e196ba91b37451aa353cb7eda77efe518e481707e0515025f0cd5"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:3a9cd17e6e5c7eb328517969e0cb0c3d31fd329298dd0c04af99ebf42e904f82"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:90f11ff637fe8798933fb29f5ae1148c978cccb0452005bf4c69e13db951e765"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:919859aa909429fb5aa9cf8807f6045592c85ef56fdd30a9a3747e513db2536e"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:339456e7d8c06dd36a22e451d58ef72cef293112b559010db3d054d5560ef439"}, - {file = "regex-2021.4.4-cp37-cp37m-win32.whl", hash = "sha256:67bdb9702427ceddc6ef3dc382455e90f785af4c13d495f9626861763ee13f9d"}, - {file = "regex-2021.4.4-cp37-cp37m-win_amd64.whl", hash = "sha256:32e65442138b7b76dd8173ffa2cf67356b7bc1768851dded39a7a13bf9223da3"}, - {file = "regex-2021.4.4-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1e1c20e29358165242928c2de1482fb2cf4ea54a6a6dea2bd7a0e0d8ee321500"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_i686.whl", hash = "sha256:314d66636c494ed9c148a42731b3834496cc9a2c4251b1661e40936814542b14"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:6d1b01031dedf2503631d0903cb563743f397ccaf6607a5e3b19a3d76fc10480"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:741a9647fcf2e45f3a1cf0e24f5e17febf3efe8d4ba1281dcc3aa0459ef424dc"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:4c46e22a0933dd783467cf32b3516299fb98cfebd895817d685130cc50cd1093"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:e512d8ef5ad7b898cdb2d8ee1cb09a8339e4f8be706d27eaa180c2f177248a10"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:980d7be47c84979d9136328d882f67ec5e50008681d94ecc8afa8a65ed1f4a6f"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:ce15b6d103daff8e9fee13cf7f0add05245a05d866e73926c358e871221eae87"}, - {file = "regex-2021.4.4-cp38-cp38-win32.whl", hash = "sha256:a91aa8619b23b79bcbeb37abe286f2f408d2f2d6f29a17237afda55bb54e7aac"}, - {file = "regex-2021.4.4-cp38-cp38-win_amd64.whl", hash = "sha256:c0502c0fadef0d23b128605d69b58edb2c681c25d44574fc673b0e52dce71ee2"}, - {file = "regex-2021.4.4-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:598585c9f0af8374c28edd609eb291b5726d7cbce16be6a8b95aa074d252ee17"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_i686.whl", hash = "sha256:ee54ff27bf0afaf4c3b3a62bcd016c12c3fdb4ec4f413391a90bd38bc3624605"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7d9884d86dd4dd489e981d94a65cd30d6f07203d90e98f6f657f05170f6324c9"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:bf5824bfac591ddb2c1f0a5f4ab72da28994548c708d2191e3b87dd207eb3ad7"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:563085e55b0d4fb8f746f6a335893bda5c2cef43b2f0258fe1020ab1dd874df8"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9c3db21af35e3b3c05764461b262d6f05bbca08a71a7849fd79d47ba7bc33ed"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:3916d08be28a1149fb97f7728fca1f7c15d309a9f9682d89d79db75d5e52091c"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:fd45ff9293d9274c5008a2054ecef86a9bfe819a67c7be1afb65e69b405b3042"}, - {file = "regex-2021.4.4-cp39-cp39-win32.whl", hash = "sha256:fa4537fb4a98fe8fde99626e4681cc644bdcf2a795038533f9f711513a862ae6"}, - {file = "regex-2021.4.4-cp39-cp39-win_amd64.whl", hash = "sha256:97f29f57d5b84e73fbaf99ab3e26134e6687348e95ef6b48cfd2c06807005a07"}, - {file = "regex-2021.4.4.tar.gz", hash = "sha256:52ba3d3f9b942c49d7e4bc105bb28551c44065f139a65062ab7912bef10c9afb"}, + {file = "regex-2021.7.6-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:e6a1e5ca97d411a461041d057348e578dc344ecd2add3555aedba3b408c9f874"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:6afe6a627888c9a6cfbb603d1d017ce204cebd589d66e0703309b8048c3b0854"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ccb3d2190476d00414aab36cca453e4596e8f70a206e2aa8db3d495a109153d2"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:ed693137a9187052fc46eedfafdcb74e09917166362af4cc4fddc3b31560e93d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99d8ab206a5270c1002bfcf25c51bf329ca951e5a169f3b43214fdda1f0b5f0d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:b85ac458354165405c8a84725de7bbd07b00d9f72c31a60ffbf96bb38d3e25fa"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:3f5716923d3d0bfb27048242a6e0f14eecdb2e2a7fac47eda1d055288595f222"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e5983c19d0beb6af88cb4d47afb92d96751fb3fa1784d8785b1cdf14c6519407"}, + {file = "regex-2021.7.6-cp36-cp36m-win32.whl", hash = "sha256:c92831dac113a6e0ab28bc98f33781383fe294df1a2c3dfd1e850114da35fd5b"}, + {file = "regex-2021.7.6-cp36-cp36m-win_amd64.whl", hash = "sha256:791aa1b300e5b6e5d597c37c346fb4d66422178566bbb426dd87eaae475053fb"}, + {file = "regex-2021.7.6-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:59506c6e8bd9306cd8a41511e32d16d5d1194110b8cfe5a11d102d8b63cf945d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:564a4c8a29435d1f2256ba247a0315325ea63335508ad8ed938a4f14c4116a5d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:59c00bb8dd8775473cbfb967925ad2c3ecc8886b3b2d0c90a8e2707e06c743f0"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:9a854b916806c7e3b40e6616ac9e85d3cdb7649d9e6590653deb5b341a736cec"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:db2b7df831c3187a37f3bb80ec095f249fa276dbe09abd3d35297fc250385694"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:173bc44ff95bc1e96398c38f3629d86fa72e539c79900283afa895694229fe6a"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:15dddb19823f5147e7517bb12635b3c82e6f2a3a6b696cc3e321522e8b9308ad"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ddeabc7652024803666ea09f32dd1ed40a0579b6fbb2a213eba590683025895"}, + {file = "regex-2021.7.6-cp37-cp37m-win32.whl", hash = "sha256:f080248b3e029d052bf74a897b9d74cfb7643537fbde97fe8225a6467fb559b5"}, + {file = "regex-2021.7.6-cp37-cp37m-win_amd64.whl", hash = "sha256:d8bbce0c96462dbceaa7ac4a7dfbbee92745b801b24bce10a98d2f2b1ea9432f"}, + {file = "regex-2021.7.6-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:edd1a68f79b89b0c57339bce297ad5d5ffcc6ae7e1afdb10f1947706ed066c9c"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_i686.whl", hash = "sha256:422dec1e7cbb2efbbe50e3f1de36b82906def93ed48da12d1714cabcd993d7f0"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:cbe23b323988a04c3e5b0c387fe3f8f363bf06c0680daf775875d979e376bd26"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:0eb2c6e0fcec5e0f1d3bcc1133556563222a2ffd2211945d7b1480c1b1a42a6f"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:1c78780bf46d620ff4fff40728f98b8afd8b8e35c3efd638c7df67be2d5cddbf"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:bc84fb254a875a9f66616ed4538542fb7965db6356f3df571d783f7c8d256edd"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:598c0a79b4b851b922f504f9f39a863d83ebdfff787261a5ed061c21e67dd761"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:875c355360d0f8d3d827e462b29ea7682bf52327d500a4f837e934e9e4656068"}, + {file = "regex-2021.7.6-cp38-cp38-win32.whl", hash = "sha256:e586f448df2bbc37dfadccdb7ccd125c62b4348cb90c10840d695592aa1b29e0"}, + {file = "regex-2021.7.6-cp38-cp38-win_amd64.whl", hash = "sha256:2fe5e71e11a54e3355fa272137d521a40aace5d937d08b494bed4529964c19c4"}, + {file = "regex-2021.7.6-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6110bab7eab6566492618540c70edd4d2a18f40ca1d51d704f1d81c52d245026"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_i686.whl", hash = "sha256:4f64fc59fd5b10557f6cd0937e1597af022ad9b27d454e182485f1db3008f417"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:89e5528803566af4df368df2d6f503c84fbfb8249e6631c7b025fe23e6bd0cde"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2366fe0479ca0e9afa534174faa2beae87847d208d457d200183f28c74eaea59"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:f9392a4555f3e4cb45310a65b403d86b589adc773898c25a39184b1ba4db8985"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:2bceeb491b38225b1fee4517107b8491ba54fba77cf22a12e996d96a3c55613d"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:f98dc35ab9a749276f1a4a38ab3e0e2ba1662ce710f6530f5b0a6656f1c32b58"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:319eb2a8d0888fa6f1d9177705f341bc9455a2c8aca130016e52c7fe8d6c37a3"}, + {file = "regex-2021.7.6-cp39-cp39-win32.whl", hash = "sha256:eaf58b9e30e0e546cdc3ac06cf9165a1ca5b3de8221e9df679416ca667972035"}, + {file = "regex-2021.7.6-cp39-cp39-win_amd64.whl", hash = "sha256:4c9c3155fe74269f61e27617529b7f09552fbb12e44b1189cebbdb24294e6e1c"}, + {file = "regex-2021.7.6.tar.gz", hash = "sha256:8394e266005f2d8c6f0bc6780001f7afa3ef81a7a2111fa35058ded6fce79e4d"}, ] tokenize-rt = [ {file = "tokenize_rt-4.1.0-py2.py3-none-any.whl", hash = "sha256:b37251fa28c21e8cce2e42f7769a35fba2dd2ecafb297208f9a9a8add3ca7793"}, @@ -459,38 +549,6 @@ toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] -typed-ast = [ - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:2068531575a125b87a41802130fa7e29f26c09a2833fea68d9a40cf33902eba6"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:c907f561b1e83e93fad565bac5ba9c22d96a54e7ea0267c708bffe863cbe4075"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux2014_aarch64.whl", hash = "sha256:1b3ead4a96c9101bef08f9f7d1217c096f31667617b58de957f690c92378b528"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:dde816ca9dac1d9c01dd504ea5967821606f02e510438120091b84e852367428"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:777a26c84bea6cd934422ac2e3b78863a37017618b6e5c08f92ef69853e765d3"}, - {file = "typed_ast-1.4.3-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:f8afcf15cc511ada719a88e013cec87c11aff7b91f019295eb4530f96fe5ef2f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:52b1eb8c83f178ab787f3a4283f68258525f8d70f778a2f6dd54d3b5e5fb4341"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:01ae5f73431d21eead5015997ab41afa53aa1fbe252f9da060be5dad2c730ace"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c190f0899e9f9f8b6b7863debfb739abcb21a5c054f911ca3596d12b8a4c4c7f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:398e44cd480f4d2b7ee8d98385ca104e35c81525dd98c519acff1b79bdaac363"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:bff6ad71c81b3bba8fa35f0f1921fb24ff4476235a6e94a26ada2e54370e6da7"}, - {file = "typed_ast-1.4.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:0fb71b8c643187d7492c1f8352f2c15b4c4af3f6338f21681d3681b3dc31a266"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:760ad187b1041a154f0e4d0f6aae3e40fdb51d6de16e5c99aedadd9246450e9e"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:5feca99c17af94057417d744607b82dd0a664fd5e4ca98061480fd8b14b18d04"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:95431a26309a21874005845c21118c83991c63ea800dd44843e42a916aec5899"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:aee0c1256be6c07bd3e1263ff920c325b59849dc95392a05f258bb9b259cf39c"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9ad2c92ec681e02baf81fdfa056fe0d818645efa9af1f1cd5fd6f1bd2bdfd805"}, - {file = "typed_ast-1.4.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b36b4f3920103a25e1d5d024d155c504080959582b928e91cb608a65c3a49e1a"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_i686.whl", hash = "sha256:067a74454df670dcaa4e59349a2e5c81e567d8d65458d480a5b3dfecec08c5ff"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:7538e495704e2ccda9b234b82423a4038f324f3a10c43bc088a1636180f11a41"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:af3d4a73793725138d6b334d9d247ce7e5f084d96284ed23f22ee626a7b88e39"}, - {file = "typed_ast-1.4.3-cp38-cp38-win32.whl", hash = "sha256:f2362f3cb0f3172c42938946dbc5b7843c2a28aec307c49100c8b38764eb6927"}, - {file = "typed_ast-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:dd4a21253f42b8d2b48410cb31fe501d32f8b9fbeb1f55063ad102fe9c425e40"}, - {file = "typed_ast-1.4.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f328adcfebed9f11301eaedfa48e15bdece9b519fb27e6a8c01aa52a17ec31b3"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:2c726c276d09fc5c414693a2de063f521052d9ea7c240ce553316f70656c84d4"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:cae53c389825d3b46fb37538441f75d6aecc4174f615d048321b716df2757fb0"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9574c6f03f685070d859e75c7f9eeca02d6933273b5e69572e5ff9d5e3931c3"}, - {file = "typed_ast-1.4.3-cp39-cp39-win32.whl", hash = "sha256:209596a4ec71d990d71d5e0d312ac935d86930e6eecff6ccc7007fe54d703808"}, - {file = "typed_ast-1.4.3-cp39-cp39-win_amd64.whl", hash = "sha256:9c6d1a54552b5330bc657b7ef0eae25d00ba7ffe85d9ea8ae6540d2197a3788c"}, - {file = "typed_ast-1.4.3.tar.gz", hash = "sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65"}, -] typing-extensions = [ {file = "typing_extensions-3.10.0.0-py2-none-any.whl", hash = "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497"}, {file = "typing_extensions-3.10.0.0-py3-none-any.whl", hash = "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84"}, diff --git a/libs/skyline-log/pyproject.toml b/libs/skyline-log/pyproject.toml index fbf3495..4986373 100644 --- a/libs/skyline-log/pyproject.toml +++ b/libs/skyline-log/pyproject.toml @@ -10,44 +10,13 @@ python = "^3.8" loguru = "*" [tool.poetry.dev-dependencies] -pytest = "*" -mypy = "*" -black = "^20.8b1" isort = "*" -flake8 = "*" +black = "^21.5b1" add-trailing-comma = "*" - -[tool.black] -line-length = 98 -target-version = ['py38'] -include = '\.pyi?$' -exclude = ''' -( - /( - \.eggs - | \.git - | \.hg - | \.mypy_cache - | \.tox - | \.venv - | _build - | buck-out - | build - | dist - )/ - | exclude.py -) -''' -verbos = true - -[tool.isort] -multi_line_output = 3 -include_trailing_comma = true -force_grid_wrap = 0 -use_parentheses = true -line_length = 98 -reverse_relative = true -combine_as_imports = true +flake8 = "*" +mypy = "*" +pytest = "*" +pytest-xdist = {extras = ["psutil"], version = "*"} [build-system] requires = ["poetry-core>=1.0.0"] diff --git a/libs/skyline-log/src/skyline_log/__init__.py b/libs/skyline-log/skyline_log/__init__.py similarity index 100% rename from libs/skyline-log/src/skyline_log/__init__.py rename to libs/skyline-log/skyline_log/__init__.py diff --git a/libs/skyline-log/src/skyline_log/log.py b/libs/skyline-log/skyline_log/log.py similarity index 100% rename from libs/skyline-log/src/skyline_log/log.py rename to libs/skyline-log/skyline_log/log.py diff --git a/libs/skyline-log/skyline_log/py.typed b/libs/skyline-log/skyline_log/py.typed new file mode 100644 index 0000000..e69de29 diff --git a/libs/skyline-policy-manager/.flake8 b/libs/skyline-policy-manager/.flake8 deleted file mode 100644 index e5582fa..0000000 --- a/libs/skyline-policy-manager/.flake8 +++ /dev/null @@ -1,5 +0,0 @@ -[flake8] -max-line-length = 99 -max-doc-length = 99 -show-source = True -extend-ignore = E203 diff --git a/libs/skyline-policy-manager/LICENSE b/libs/skyline-policy-manager/LICENSE deleted file mode 100644 index f433b1a..0000000 --- a/libs/skyline-policy-manager/LICENSE +++ /dev/null @@ -1,177 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/libs/skyline-policy-manager/Makefile b/libs/skyline-policy-manager/Makefile index c337ec8..cdb2af5 100644 --- a/libs/skyline-policy-manager/Makefile +++ b/libs/skyline-policy-manager/Makefile @@ -1,7 +1,8 @@ PYTHON ?= python3 -SOURCES := src -TESTS := tests -TOOLS := tools + + +.PHONY: all +all: install fmt lint test package .PHONY: venv @@ -11,27 +12,31 @@ venv: .PHONY: install install: venv - poetry run pip install -U pip - poetry run pip install -U setuptools + poetry run pip install -U pip setuptools poetry install -vvv tools/post_install.sh -.PHONY: build -build: - poetry build - - -.PHONY: lint -lint: - poetry run mypy --no-incremental $(SOURCES) - poetry run isort --check-only --diff $(SOURCES) $(TESTS) $(TOOLS) - poetry run black --check --diff --color $(SOURCES) $(TESTS) $(TOOLS) - poetry run flake8 $(SOURCES) $(TESTS) $(TOOLS) +.PHONY: package +package: + poetry build -f wheel .PHONY: fmt fmt: - poetry run isort $(SOURCES) $(TESTS) $(TOOLS) - poetry run black $(SOURCES) $(TESTS) $(TOOLS) - poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed `find $(SOURCES) $(TESTS) $(TOOLS) -name '*.py'` + poetry run isort $$(git ls-files -- **/*.py) + poetry run black --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run add-trailing-comma --py36-plus --exit-zero-even-if-changed $$(git ls-files -- **/*.py) + + +.PHONY: lint +lint: + poetry run mypy --no-incremental $$(git ls-files -- **/*.py) + poetry run isort --check-only --diff $$(git ls-files -- **/*.py) + poetry run black --check --diff --color --config ../../pyproject.toml $$(git ls-files -- **/*.py) + poetry run flake8 $$(git ls-files -- **/*.py) + + +.PHONY: test +test: + echo TODO diff --git a/libs/skyline-policy-manager/mypy.ini b/libs/skyline-policy-manager/mypy.ini deleted file mode 100644 index 300653d..0000000 --- a/libs/skyline-policy-manager/mypy.ini +++ /dev/null @@ -1,4 +0,0 @@ -[mypy] -show_error_codes = true -show_error_context = true -mypy_path = ../skyline-log/src \ No newline at end of file diff --git a/libs/skyline-policy-manager/poetry.lock b/libs/skyline-policy-manager/poetry.lock index e778421..18c00dc 100644 --- a/libs/skyline-policy-manager/poetry.lock +++ b/libs/skyline-policy-manager/poetry.lock @@ -11,7 +11,7 @@ tokenize-rt = ">=3.0.1" [[package]] name = "alembic" -version = "1.6.2" +version = "1.6.5" description = "A database migration tool for SQLAlchemy." category = "dev" optional = false @@ -42,14 +42,6 @@ category = "dev" optional = false python-versions = "*" -[[package]] -name = "argparse" -version = "1.4.0" -description = "Python command-line parsing library" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "atomicwrites" version = "1.4.0" @@ -89,25 +81,25 @@ lxml = ["lxml"] [[package]] name = "black" -version = "20.8b1" +version = "21.6b0" description = "The uncompromising code formatter." category = "dev" optional = false -python-versions = ">=3.6" +python-versions = ">=3.6.2" [package.dependencies] appdirs = "*" click = ">=7.1.2" mypy-extensions = ">=0.4.3" -pathspec = ">=0.6,<1" +pathspec = ">=0.8.1,<1" regex = ">=2020.1.8" toml = ">=0.10.1" -typed-ast = ">=1.4.0" -typing-extensions = ">=3.7.4" [package.extras] colorama = ["colorama (>=0.4.3)"] -d = ["aiohttp (>=3.3.2)", "aiohttp-cors"] +d = ["aiohttp (>=3.6.0)", "aiohttp-cors (>=0.4.0)"] +python2 = ["typed-ast (>=1.4.2)"] +uvloop = ["uvloop (>=0.15.2)"] [[package]] name = "cachetools" @@ -119,23 +111,26 @@ python-versions = "~=3.5" [[package]] name = "certifi" -version = "2020.12.5" +version = "2021.5.30" description = "Python package for providing Mozilla's CA Bundle." category = "main" optional = false python-versions = "*" [[package]] -name = "chardet" -version = "4.0.0" -description = "Universal encoding detector for Python 2 and 3" +name = "charset-normalizer" +version = "2.0.2" +description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=3.5.0" + +[package.extras] +unicode_backport = ["unicodedata2"] [[package]] name = "click" -version = "8.0.0" +version = "8.0.1" description = "Composable command line interface toolkit" category = "main" optional = false @@ -187,7 +182,7 @@ IDNA = ["idna (>=2.1)"] [[package]] name = "eventlet" -version = "0.31.0" +version = "0.31.1" description = "Highly concurrent networking library" category = "dev" optional = false @@ -198,6 +193,17 @@ dnspython = ">=1.15.0,<2.0.0" greenlet = ">=0.3" six = ">=1.10.0" +[[package]] +name = "execnet" +version = "1.9.0" +description = "execnet: rapid multi-Python deployment" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.extras] +testing = ["pre-commit"] + [[package]] name = "extras" version = "1.0.0" @@ -208,7 +214,7 @@ python-versions = "*" [[package]] name = "fasteners" -version = "0.16" +version = "0.16.3" description = "A python package that provides useful locks." category = "dev" optional = false @@ -272,11 +278,11 @@ docs = ["sphinx"] [[package]] name = "idna" -version = "2.10" +version = "3.2" description = "Internationalized Domain Names in Applications (IDNA)" category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.5" [[package]] name = "iniconfig" @@ -296,16 +302,17 @@ python-versions = "*" [[package]] name = "isort" -version = "5.8.0" +version = "5.9.2" description = "A Python utility / library to sort Python imports." category = "dev" optional = false -python-versions = ">=3.6,<4.0" +python-versions = ">=3.6.1,<4.0" [package.extras] pipfile_deprecated_finder = ["pipreqs", "requirementslib"] requirements_deprecated_finder = ["pipreqs", "pip-api"] colors = ["colorama (>=0.4.3,<0.5.0)"] +plugins = ["setuptools"] [[package]] name = "jinja2" @@ -372,14 +379,6 @@ sqs = ["boto3 (>=1.4.4)", "pycurl (==7.43.0.2)", "urllib3 (<1.26)"] yaml = ["PyYAML (>=3.10)"] zookeeper = ["kazoo (>=1.3.1)"] -[[package]] -name = "linecache2" -version = "1.0.0" -description = "Backports of the linecache module" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "loguru" version = "0.5.3" @@ -444,7 +443,7 @@ python-versions = "*" [[package]] name = "mypy" -version = "0.812" +version = "0.910" description = "Optional static typing for Python" category = "dev" optional = false @@ -452,11 +451,12 @@ python-versions = ">=3.5" [package.dependencies] mypy-extensions = ">=0.4.3,<0.5.0" -typed-ast = ">=1.4.0,<1.5.0" +toml = "*" typing-extensions = ">=3.7.4" [package.extras] dmypy = ["psutil (>=4.0)"] +python2 = ["typed-ast (>=1.4.0,<1.5.0)"] [[package]] name = "mypy-extensions" @@ -476,7 +476,7 @@ python-versions = "*" [[package]] name = "netifaces" -version = "0.10.9" +version = "0.11.0" description = "Portable network interface information." category = "main" optional = false @@ -484,7 +484,7 @@ python-versions = "*" [[package]] name = "neutron-lib" -version = "2.11.0" +version = "2.12.0" description = "Neutron shared routines and utilities" category = "dev" optional = false @@ -517,7 +517,7 @@ WebOb = ">=1.7.1" [[package]] name = "os-ken" -version = "1.4.0" +version = "2.0.0" description = "A component-based software defined networking framework for OpenStack." category = "dev" optional = false @@ -532,7 +532,6 @@ ovs = ">=2.8.0" pbr = ">=2.0.0" Routes = ">=2.3.1" six = ">=1.10.0" -tinyrpc = ">=0.6" WebOb = ">=1.8.2" [[package]] @@ -574,7 +573,7 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "oslo.config" -version = "8.7.0" +version = "8.7.1" description = "Oslo Configuration API" category = "main" optional = false @@ -595,7 +594,7 @@ test = ["bandit (>=1.6.0,<1.7.0)", "coverage (>=4.0,!=4.4)", "fixtures (>=3.0.0) [[package]] name = "oslo.context" -version = "3.2.0" +version = "3.3.0" description = "Oslo Context library" category = "main" optional = false @@ -607,7 +606,7 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "oslo.db" -version = "9.0.0" +version = "10.0.0" description = "Oslo Database library" category = "dev" optional = false @@ -645,7 +644,7 @@ six = ">=1.10.0" [[package]] name = "oslo.log" -version = "4.5.0" +version = "4.6.0" description = "oslo.log library" category = "dev" optional = false @@ -699,7 +698,7 @@ test = ["bandit (>=1.6.0,<1.7.0)", "confluent-kafka (>=1.3.0)", "coverage (>=4.0 [[package]] name = "oslo.middleware" -version = "4.2.0" +version = "4.3.0" description = "Oslo Middleware library" category = "dev" optional = false @@ -719,7 +718,7 @@ WebOb = ">=1.8.0" [[package]] name = "oslo.policy" -version = "3.8.0" +version = "3.8.1" description = "Oslo Policy library" category = "main" optional = false @@ -751,7 +750,7 @@ pytz = ">=2013.6" [[package]] name = "oslo.service" -version = "2.5.0" +version = "2.6.0" description = "oslo.service library" category = "dev" optional = false @@ -775,7 +774,7 @@ Yappi = ">=1.0" [[package]] name = "oslo.utils" -version = "4.9.0" +version = "4.9.2" description = "Oslo Utility library" category = "main" optional = false @@ -815,7 +814,7 @@ WebOb = ">=1.7.1" [[package]] name = "osprofiler" -version = "3.4.0" +version = "3.4.1" description = "OpenStack Profiler Library" category = "dev" optional = false @@ -826,14 +825,14 @@ netaddr = ">=0.7.18" "oslo.concurrency" = ">=3.26.0" "oslo.serialization" = ">=2.18.0" "oslo.utils" = ">=3.33.0" -PrettyTable = ">=0.7.2,<0.8" +PrettyTable = ">=0.7.2" requests = ">=2.14.2" six = ">=1.10.0" WebOb = ">=1.7.1" [package.extras] oslo_config = ["oslo.config (>=5.2.0)"] -test = ["bandit (>=1.6.0,<1.7.0)", "coverage (>=4.0)", "ddt (>=1.0.1)", "elasticsearch (>=2.0.0,<3.0.0)", "flake8-import-order (==0.18.1)", "hacking (>=3.1.0,<3.2.0)", "jaeger-client (>=3.8.0)", "openstackdocstheme (>=2.2.1)", "pymongo (>=3.0.2,!=3.1)", "redis (>=2.10.0)", "reno (>=3.1.0)", "sphinx (>=2.0.0,!=2.1.0)", "stestr (>=2.0.0)", "testtools (>=2.2.0)"] +test = ["bandit (>=1.6.0,<1.7.0)", "coverage (>=4.0)", "ddt (>=1.0.1)", "elasticsearch (>=2.0.0,<3.0.0)", "flake8-import-order (==0.18.1)", "hacking (>=3.1.0,<3.2.0)", "jaeger-client (>=3.8.0)", "openstackdocstheme (>=2.2.1)", "pre-commit (>=2.6.0)", "pymongo (>=3.0.2,!=3.1)", "redis (>=2.10.0)", "reno (>=3.1.0)", "sphinx (>=2.0.0,!=2.1.0)", "stestr (>=2.0.0)", "testtools (>=2.2.0)"] [[package]] name = "ovs" @@ -849,11 +848,11 @@ sortedcontainers = "*" [[package]] name = "packaging" -version = "20.9" +version = "21.0" description = "Core utilities for Python packages" category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +python-versions = ">=3.6" [package.dependencies] pyparsing = ">=2.0.2" @@ -929,11 +928,28 @@ dev = ["pre-commit", "tox"] [[package]] name = "prettytable" -version = "0.7.2" -description = "A simple Python library for easily displaying tabular data in a visually appealing ASCII table format." +version = "2.1.0" +description = "A simple Python library for easily displaying tabular data in a visually appealing ASCII table format" category = "dev" optional = false -python-versions = "*" +python-versions = ">=3.6" + +[package.dependencies] +wcwidth = "*" + +[package.extras] +tests = ["pytest", "pytest-cov"] + +[[package]] +name = "psutil" +version = "5.8.0" +description = "Cross-platform lib for process and system monitoring in Python." +category = "dev" +optional = false +python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + +[package.extras] +test = ["ipaddress", "mock", "unittest2", "enum34", "pywin32", "wmi"] [[package]] name = "py" @@ -1011,9 +1027,39 @@ toml = "*" [package.extras] testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "requests", "xmlschema"] +[[package]] +name = "pytest-forked" +version = "1.3.0" +description = "run tests in isolated forked subprocesses" +category = "dev" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" + +[package.dependencies] +py = "*" +pytest = ">=3.10" + +[[package]] +name = "pytest-xdist" +version = "2.3.0" +description = "pytest xdist plugin for distributed testing and loop-on-failing modes" +category = "dev" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +execnet = ">=1.1" +psutil = {version = ">=3.0", optional = true, markers = "extra == \"psutil\""} +pytest = ">=6.0.0" +pytest-forked = "*" + +[package.extras] +psutil = ["psutil (>=3.0)"] +testing = ["filelock"] + [[package]] name = "python-dateutil" -version = "2.8.1" +version = "2.8.2" description = "Extensions to the standard Python datetime module" category = "dev" optional = false @@ -1030,14 +1076,6 @@ category = "dev" optional = false python-versions = "*" -[[package]] -name = "python-mimeparse" -version = "1.6.0" -description = "A module provides basic functions for parsing mime-type names and matching them against a list of media-ranges." -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "pytz" version = "2021.1" @@ -1064,7 +1102,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" [[package]] name = "regex" -version = "2021.4.4" +version = "2021.7.6" description = "Alternative regular expression module, to replace re." category = "dev" optional = false @@ -1084,21 +1122,21 @@ testing = ["coverage", "nose"] [[package]] name = "requests" -version = "2.25.1" +version = "2.26.0" description = "Python HTTP for Humans." category = "main" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" [package.dependencies] certifi = ">=2017.4.17" -chardet = ">=3.0.2,<5" -idna = ">=2.5,<3" +charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""} +idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""} urllib3 = ">=1.21.1,<1.27" [package.extras] -security = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)"] socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"] +use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"] [[package]] name = "rfc3986" @@ -1180,7 +1218,7 @@ python-versions = ">=3.6" [[package]] name = "sqlalchemy" -version = "1.4.15" +version = "1.4.21" description = "Database Abstraction Library" category = "dev" optional = false @@ -1288,43 +1326,19 @@ testtools = "*" [[package]] name = "testtools" -version = "2.4.0" +version = "2.5.0" description = "Extensions to the Python standard library unit testing framework" category = "dev" optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +python-versions = ">=3.5" [package.dependencies] extras = ">=1.0.0" fixtures = ">=1.3.0" pbr = ">=0.11" -python-mimeparse = "*" -six = ">=1.4.0" -traceback2 = "*" -unittest2 = ">=1.0.0" [package.extras] -test = ["testresources", "testscenarios", "unittest2 (>=1.1.0)"] - -[[package]] -name = "tinyrpc" -version = "1.0.4" -description = "A small, modular, transport and protocol neutral RPC library that, among other things, supports JSON-RPC and zmq." -category = "dev" -optional = false -python-versions = "*" - -[package.dependencies] -six = "*" - -[package.extras] -gevent = ["gevent"] -httpclient = ["gevent-websocket", "requests", "websocket-client"] -jsonext = ["jsonext"] -msgpack = ["msgpack"] -websocket = ["gevent-websocket"] -wsgi = ["werkzeug"] -zmq = ["pyzmq"] +test = ["testscenarios", "testresources"] [[package]] name = "tokenize-rt" @@ -1342,25 +1356,6 @@ category = "dev" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" -[[package]] -name = "traceback2" -version = "1.4.0" -description = "Backports of the traceback module" -category = "dev" -optional = false -python-versions = "*" - -[package.dependencies] -linecache2 = "*" - -[[package]] -name = "typed-ast" -version = "1.4.3" -description = "a fork of Python 2 and 3 ast modules with type comment support" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "typing-extensions" version = "3.10.0.0" @@ -1369,31 +1364,18 @@ category = "main" optional = false python-versions = "*" -[[package]] -name = "unittest2" -version = "1.1.0" -description = "The new features in unittest backported to Python 2.4+." -category = "dev" -optional = false -python-versions = "*" - -[package.dependencies] -argparse = "*" -six = ">=1.4" -traceback2 = "*" - [[package]] name = "urllib3" -version = "1.26.4" +version = "1.26.6" description = "HTTP library with thread-safe connection pooling, file post, and more." category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" [package.extras] +brotli = ["brotlipy (>=0.6.0)"] secure = ["pyOpenSSL (>=0.14)", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "certifi", "ipaddress"] socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"] -brotli = ["brotlipy (>=0.6.0)"] [[package]] name = "vine" @@ -1415,6 +1397,14 @@ python-versions = ">=3.6.0" docs = ["Sphinx (>=1.8.1)", "docutils", "pylons-sphinx-themes (>=1.0.9)"] testing = ["pytest", "pytest-cover", "coverage (>=5.0)"] +[[package]] +name = "wcwidth" +version = "0.2.5" +description = "Measures the displayed width of unicode strings in a terminal" +category = "dev" +optional = false +python-versions = "*" + [[package]] name = "webob" version = "1.8.7" @@ -1489,7 +1479,7 @@ test = ["gevent (>=20.6.2)"] [metadata] lock-version = "1.1" python-versions = "^3.8" -content-hash = "3f95080a440a5cd28b1656dbc86d091f0ddf796e34f029cf2af69cc4520956df" +content-hash = "0737b8cb1359cd19a07102e508d51d838d1950a26bc2c68bcfd8918de08586ae" [metadata.files] add-trailing-comma = [ @@ -1497,7 +1487,8 @@ add-trailing-comma = [ {file = "add_trailing_comma-2.1.0.tar.gz", hash = "sha256:f9864ffbc12ea4e54916a356d57341ab58f612867c2ad453339c51004807e8ce"}, ] alembic = [ - {file = "alembic-1.6.2.tar.gz", hash = "sha256:fb9a39a7c68e55490be962fb5f70463d384d340e6563d6e3911447778e3b4576"}, + {file = "alembic-1.6.5-py2.py3-none-any.whl", hash = "sha256:e78be5b919f5bb184e3e0e2dd1ca986f2362e29a2bc933c446fe89f39dbe4e9c"}, + {file = "alembic-1.6.5.tar.gz", hash = "sha256:a21fedebb3fb8f6bbbba51a11114f08c78709377051384c9c5ead5705ee93a51"}, ] amqp = [ {file = "amqp-5.0.6-py3-none-any.whl", hash = "sha256:493a2ac6788ce270a2f6a765b017299f60c1998f5a8617908ee9be082f7300fb"}, @@ -1507,10 +1498,6 @@ appdirs = [ {file = "appdirs-1.4.4-py2.py3-none-any.whl", hash = "sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128"}, {file = "appdirs-1.4.4.tar.gz", hash = "sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41"}, ] -argparse = [ - {file = "argparse-1.4.0-py2.py3-none-any.whl", hash = "sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314"}, - {file = "argparse-1.4.0.tar.gz", hash = "sha256:62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4"}, -] atomicwrites = [ {file = "atomicwrites-1.4.0-py2.py3-none-any.whl", hash = "sha256:6d1784dea7c0c8d4a5172b6c620f40b6e4cbfdf96d783691f2e1302a7b88e197"}, {file = "atomicwrites-1.4.0.tar.gz", hash = "sha256:ae70396ad1a434f9c7046fd2dd196fc04b12f9e91ffb859164193be8b6168a7a"}, @@ -1525,23 +1512,24 @@ beautifulsoup4 = [ {file = "beautifulsoup4-4.9.3.tar.gz", hash = "sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25"}, ] black = [ - {file = "black-20.8b1.tar.gz", hash = "sha256:1c02557aa099101b9d21496f8a914e9ed2222ef70336404eeeac8edba836fbea"}, + {file = "black-21.6b0-py3-none-any.whl", hash = "sha256:dfb8c5a069012b2ab1e972e7b908f5fb42b6bbabcba0a788b86dc05067c7d9c7"}, + {file = "black-21.6b0.tar.gz", hash = "sha256:dc132348a88d103016726fe360cb9ede02cecf99b76e3660ce6c596be132ce04"}, ] cachetools = [ {file = "cachetools-4.2.2-py3-none-any.whl", hash = "sha256:2cc0b89715337ab6dbba85b5b50effe2b0c74e035d83ee8ed637cf52f12ae001"}, {file = "cachetools-4.2.2.tar.gz", hash = "sha256:61b5ed1e22a0924aed1d23b478f37e8d52549ff8a961de2909c69bf950020cff"}, ] certifi = [ - {file = "certifi-2020.12.5-py2.py3-none-any.whl", hash = "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830"}, - {file = "certifi-2020.12.5.tar.gz", hash = "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c"}, + {file = "certifi-2021.5.30-py2.py3-none-any.whl", hash = "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8"}, + {file = "certifi-2021.5.30.tar.gz", hash = "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee"}, ] -chardet = [ - {file = "chardet-4.0.0-py2.py3-none-any.whl", hash = "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5"}, - {file = "chardet-4.0.0.tar.gz", hash = "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa"}, +charset-normalizer = [ + {file = "charset-normalizer-2.0.2.tar.gz", hash = "sha256:951567c2f7433a70ab63f1be67e5ee05d3925d9423306ecb71a3b272757bcc95"}, + {file = "charset_normalizer-2.0.2-py3-none-any.whl", hash = "sha256:3c502a35807c9df35697b0f44b1d65008f83071ff29c69677c7c22573bc5a45a"}, ] click = [ - {file = "click-8.0.0-py3-none-any.whl", hash = "sha256:e90e62ced43dc8105fb9a26d62f0d9340b5c8db053a814e25d95c19873ae87db"}, - {file = "click-8.0.0.tar.gz", hash = "sha256:7d8c289ee437bcb0316820ccee14aefcb056e58d31830ecab8e47eda6540e136"}, + {file = "click-8.0.1-py3-none-any.whl", hash = "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6"}, + {file = "click-8.0.1.tar.gz", hash = "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a"}, ] colorama = [ {file = "colorama-0.4.4-py2.py3-none-any.whl", hash = "sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"}, @@ -1560,16 +1548,20 @@ dnspython = [ {file = "dnspython-1.16.0.zip", hash = "sha256:36c5e8e38d4369a08b6780b7f27d790a292b2b08eea01607865bf0936c558e01"}, ] eventlet = [ - {file = "eventlet-0.31.0-py2.py3-none-any.whl", hash = "sha256:27ae41fad9deed9bbf4166f3e3b65acc15d524d42210a518e5877da85a6b8c5d"}, - {file = "eventlet-0.31.0.tar.gz", hash = "sha256:b36ec2ecc003de87fc87b93197d77fea528aa0f9204a34fdf3b2f8d0f01e017b"}, + {file = "eventlet-0.31.1-py2.py3-none-any.whl", hash = "sha256:1524405edc7dddd3bad2600350ec10a241769a6855175f355e532d88e3f981e5"}, + {file = "eventlet-0.31.1.tar.gz", hash = "sha256:b9e9126304fae3cdf203f1f17660bba79ab7c488e05d60331277cae4247f8d76"}, +] +execnet = [ + {file = "execnet-1.9.0-py2.py3-none-any.whl", hash = "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"}, + {file = "execnet-1.9.0.tar.gz", hash = "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5"}, ] extras = [ {file = "extras-1.0.0-py2.py3-none-any.whl", hash = "sha256:f689f08df47e2decf76aa6208c081306e7bd472630eb1ec8a875c67de2366e87"}, {file = "extras-1.0.0.tar.gz", hash = "sha256:132e36de10b9c91d5d4cc620160a476e0468a88f16c9431817a6729611a81b4e"}, ] fasteners = [ - {file = "fasteners-0.16-py2.py3-none-any.whl", hash = "sha256:74b6847e0a6bb3b56c8511af8e24c40e4cf7a774dfff5b251c260ed338096a4b"}, - {file = "fasteners-0.16.tar.gz", hash = "sha256:c995d8c26b017c5d6a6de9ad29a0f9cdd57de61ae1113d28fac26622b06a0933"}, + {file = "fasteners-0.16.3-py2.py3-none-any.whl", hash = "sha256:8408e52656455977053871990bd25824d85803b9417aa348f10ba29ef0c751f7"}, + {file = "fasteners-0.16.3.tar.gz", hash = "sha256:b1ab4e5adfbc28681ce44b3024421c4f567e705cc3963c732bf1cba3348307de"}, ] fixtures = [ {file = "fixtures-3.0.0-py2.py3-none-any.whl", hash = "sha256:2a551b0421101de112d9497fb5f6fd25e5019391c0fbec9bad591ecae981420d"}, @@ -1635,8 +1627,8 @@ greenlet = [ {file = "greenlet-1.1.0.tar.gz", hash = "sha256:c87df8ae3f01ffb4483c796fe1b15232ce2b219f0b18126948616224d3f658ee"}, ] idna = [ - {file = "idna-2.10-py2.py3-none-any.whl", hash = "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"}, - {file = "idna-2.10.tar.gz", hash = "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6"}, + {file = "idna-3.2-py3-none-any.whl", hash = "sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a"}, + {file = "idna-3.2.tar.gz", hash = "sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3"}, ] iniconfig = [ {file = "iniconfig-1.1.1-py2.py3-none-any.whl", hash = "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3"}, @@ -1647,8 +1639,8 @@ iso8601 = [ {file = "iso8601-0.1.14.tar.gz", hash = "sha256:8aafd56fa0290496c5edbb13c311f78fa3a241f0853540da09d9363eae3ebd79"}, ] isort = [ - {file = "isort-5.8.0-py3-none-any.whl", hash = "sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d"}, - {file = "isort-5.8.0.tar.gz", hash = "sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6"}, + {file = "isort-5.9.2-py3-none-any.whl", hash = "sha256:eed17b53c3e7912425579853d078a0832820f023191561fcee9d7cae424e0813"}, + {file = "isort-5.9.2.tar.gz", hash = "sha256:f65ce5bd4cbc6abdfbe29afc2f0245538ab358c14590912df638033f157d555e"}, ] jinja2 = [ {file = "Jinja2-3.0.1-py3-none-any.whl", hash = "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4"}, @@ -1662,10 +1654,6 @@ kombu = [ {file = "kombu-5.1.0-py3-none-any.whl", hash = "sha256:e2dedd8a86c9077c350555153825a31e456a0dc20c15d5751f00137ec9c75f0a"}, {file = "kombu-5.1.0.tar.gz", hash = "sha256:01481d99f4606f6939cdc9b637264ed353ee9e3e4f62cfb582324142c41a572d"}, ] -linecache2 = [ - {file = "linecache2-1.0.0-py2.py3-none-any.whl", hash = "sha256:e78be9c0a0dfcbac712fe04fbf92b96cddae80b1b842f24248214c8496f006ef"}, - {file = "linecache2-1.0.0.tar.gz", hash = "sha256:4b26ff4e7110db76eeb6f5a7b64a82623839d595c2038eeda662f2a2db78e97c"}, -] loguru = [ {file = "loguru-0.5.3-py3-none-any.whl", hash = "sha256:f8087ac396b5ee5f67c963b495d615ebbceac2796379599820e324419d53667c"}, {file = "loguru-0.5.3.tar.gz", hash = "sha256:b28e72ac7a98be3d28ad28570299a393dfcd32e5e3f6a353dec94675767b6319"}, @@ -1748,28 +1736,29 @@ msgpack = [ {file = "msgpack-1.0.2.tar.gz", hash = "sha256:fae04496f5bc150eefad4e9571d1a76c55d021325dcd484ce45065ebbdd00984"}, ] mypy = [ - {file = "mypy-0.812-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a26f8ec704e5a7423c8824d425086705e381b4f1dfdef6e3a1edab7ba174ec49"}, - {file = "mypy-0.812-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:28fb5479c494b1bab244620685e2eb3c3f988d71fd5d64cc753195e8ed53df7c"}, - {file = "mypy-0.812-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:9743c91088d396c1a5a3c9978354b61b0382b4e3c440ce83cf77994a43e8c521"}, - {file = "mypy-0.812-cp35-cp35m-win_amd64.whl", hash = "sha256:d7da2e1d5f558c37d6e8c1246f1aec1e7349e4913d8fb3cb289a35de573fe2eb"}, - {file = "mypy-0.812-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:4eec37370483331d13514c3f55f446fc5248d6373e7029a29ecb7b7494851e7a"}, - {file = "mypy-0.812-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d65cc1df038ef55a99e617431f0553cd77763869eebdf9042403e16089fe746c"}, - {file = "mypy-0.812-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:61a3d5b97955422964be6b3baf05ff2ce7f26f52c85dd88db11d5e03e146a3a6"}, - {file = "mypy-0.812-cp36-cp36m-win_amd64.whl", hash = "sha256:25adde9b862f8f9aac9d2d11971f226bd4c8fbaa89fb76bdadb267ef22d10064"}, - {file = "mypy-0.812-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:552a815579aa1e995f39fd05dde6cd378e191b063f031f2acfe73ce9fb7f9e56"}, - {file = "mypy-0.812-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:499c798053cdebcaa916eef8cd733e5584b5909f789de856b482cd7d069bdad8"}, - {file = "mypy-0.812-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:5873888fff1c7cf5b71efbe80e0e73153fe9212fafdf8e44adfe4c20ec9f82d7"}, - {file = "mypy-0.812-cp37-cp37m-win_amd64.whl", hash = "sha256:9f94aac67a2045ec719ffe6111df543bac7874cee01f41928f6969756e030564"}, - {file = "mypy-0.812-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:d23e0ea196702d918b60c8288561e722bf437d82cb7ef2edcd98cfa38905d506"}, - {file = "mypy-0.812-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:674e822aa665b9fd75130c6c5f5ed9564a38c6cea6a6432ce47eafb68ee578c5"}, - {file = "mypy-0.812-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:abf7e0c3cf117c44d9285cc6128856106183938c68fd4944763003decdcfeb66"}, - {file = "mypy-0.812-cp38-cp38-win_amd64.whl", hash = "sha256:0d0a87c0e7e3a9becdfbe936c981d32e5ee0ccda3e0f07e1ef2c3d1a817cf73e"}, - {file = "mypy-0.812-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:7ce3175801d0ae5fdfa79b4f0cfed08807af4d075b402b7e294e6aa72af9aa2a"}, - {file = "mypy-0.812-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:b09669bcda124e83708f34a94606e01b614fa71931d356c1f1a5297ba11f110a"}, - {file = "mypy-0.812-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:33f159443db0829d16f0a8d83d94df3109bb6dd801975fe86bacb9bf71628e97"}, - {file = "mypy-0.812-cp39-cp39-win_amd64.whl", hash = "sha256:3f2aca7f68580dc2508289c729bd49ee929a436208d2b2b6aab15745a70a57df"}, - {file = "mypy-0.812-py3-none-any.whl", hash = "sha256:2f9b3407c58347a452fc0736861593e105139b905cca7d097e413453a1d650b4"}, - {file = "mypy-0.812.tar.gz", hash = "sha256:cd07039aa5df222037005b08fbbfd69b3ab0b0bd7a07d7906de75ae52c4e3119"}, + {file = "mypy-0.910-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:a155d80ea6cee511a3694b108c4494a39f42de11ee4e61e72bc424c490e46457"}, + {file = "mypy-0.910-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:b94e4b785e304a04ea0828759172a15add27088520dc7e49ceade7834275bedb"}, + {file = "mypy-0.910-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:088cd9c7904b4ad80bec811053272986611b84221835e079be5bcad029e79dd9"}, + {file = "mypy-0.910-cp35-cp35m-win_amd64.whl", hash = "sha256:adaeee09bfde366d2c13fe6093a7df5df83c9a2ba98638c7d76b010694db760e"}, + {file = "mypy-0.910-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:ecd2c3fe726758037234c93df7e98deb257fd15c24c9180dacf1ef829da5f921"}, + {file = "mypy-0.910-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:d9dd839eb0dc1bbe866a288ba3c1afc33a202015d2ad83b31e875b5905a079b6"}, + {file = "mypy-0.910-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:3e382b29f8e0ccf19a2df2b29a167591245df90c0b5a2542249873b5c1d78212"}, + {file = "mypy-0.910-cp36-cp36m-win_amd64.whl", hash = "sha256:53fd2eb27a8ee2892614370896956af2ff61254c275aaee4c230ae771cadd885"}, + {file = "mypy-0.910-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:b6fb13123aeef4a3abbcfd7e71773ff3ff1526a7d3dc538f3929a49b42be03f0"}, + {file = "mypy-0.910-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:e4dab234478e3bd3ce83bac4193b2ecd9cf94e720ddd95ce69840273bf44f6de"}, + {file = "mypy-0.910-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:7df1ead20c81371ccd6091fa3e2878559b5c4d4caadaf1a484cf88d93ca06703"}, + {file = "mypy-0.910-cp37-cp37m-win_amd64.whl", hash = "sha256:0aadfb2d3935988ec3815952e44058a3100499f5be5b28c34ac9d79f002a4a9a"}, + {file = "mypy-0.910-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:ec4e0cd079db280b6bdabdc807047ff3e199f334050db5cbb91ba3e959a67504"}, + {file = "mypy-0.910-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:119bed3832d961f3a880787bf621634ba042cb8dc850a7429f643508eeac97b9"}, + {file = "mypy-0.910-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:866c41f28cee548475f146aa4d39a51cf3b6a84246969f3759cb3e9c742fc072"}, + {file = "mypy-0.910-cp38-cp38-win_amd64.whl", hash = "sha256:ceb6e0a6e27fb364fb3853389607cf7eb3a126ad335790fa1e14ed02fba50811"}, + {file = "mypy-0.910-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:1a85e280d4d217150ce8cb1a6dddffd14e753a4e0c3cf90baabb32cefa41b59e"}, + {file = "mypy-0.910-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:42c266ced41b65ed40a282c575705325fa7991af370036d3f134518336636f5b"}, + {file = "mypy-0.910-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:3c4b8ca36877fc75339253721f69603a9c7fdb5d4d5a95a1a1b899d8b86a4de2"}, + {file = "mypy-0.910-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:c0df2d30ed496a08de5daed2a9ea807d07c21ae0ab23acf541ab88c24b26ab97"}, + {file = "mypy-0.910-cp39-cp39-win_amd64.whl", hash = "sha256:c6c2602dffb74867498f86e6129fd52a2770c48b7cd3ece77ada4fa38f94eba8"}, + {file = "mypy-0.910-py3-none-any.whl", hash = "sha256:ef565033fa5a958e62796867b1df10c40263ea9ded87164d67572834e57a174d"}, + {file = "mypy-0.910.tar.gz", hash = "sha256:704098302473cb31a218f1775a873b376b30b4c18229421e9e9dc8916fd16150"}, ] mypy-extensions = [ {file = "mypy_extensions-0.4.3-py2.py3-none-any.whl", hash = "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"}, @@ -1780,36 +1769,44 @@ netaddr = [ {file = "netaddr-0.8.0.tar.gz", hash = "sha256:d6cc57c7a07b1d9d2e917aa8b36ae8ce61c35ba3fcd1b83ca31c5a0ee2b5a243"}, ] netifaces = [ - {file = "netifaces-0.10.9-cp27-cp27m-macosx_10_13_x86_64.whl", hash = "sha256:b2ff3a0a4f991d2da5376efd3365064a43909877e9fabfa801df970771161d29"}, - {file = "netifaces-0.10.9-cp27-cp27m-manylinux1_i686.whl", hash = "sha256:0c4304c6d5b33fbd9b20fdc369f3a2fef1a8bbacfb6fd05b9708db01333e9e7b"}, - {file = "netifaces-0.10.9-cp27-cp27m-manylinux1_x86_64.whl", hash = "sha256:7a25a8e28281504f0e23e181d7a9ed699c72f061ca6bdfcd96c423c2a89e75fc"}, - {file = "netifaces-0.10.9-cp27-cp27m-win32.whl", hash = "sha256:6d84e50ec28e5d766c9911dce945412dc5b1ce760757c224c71e1a9759fa80c2"}, - {file = "netifaces-0.10.9-cp27-cp27mu-manylinux1_i686.whl", hash = "sha256:f911b7f0083d445c8d24cfa5b42ad4996e33250400492080f5018a28c026db2b"}, - {file = "netifaces-0.10.9-cp27-cp27mu-manylinux1_x86_64.whl", hash = "sha256:4921ed406386246b84465950d15a4f63480c1458b0979c272364054b29d73084"}, - {file = "netifaces-0.10.9-cp33-cp33m-manylinux1_i686.whl", hash = "sha256:5b3167f923f67924b356c1338eb9ba275b2ba8d64c7c2c47cf5b5db49d574994"}, - {file = "netifaces-0.10.9-cp34-cp34m-manylinux1_i686.whl", hash = "sha256:db881478f1170c6dd524175ba1c83b99d3a6f992a35eca756de0ddc4690a1940"}, - {file = "netifaces-0.10.9-cp34-cp34m-manylinux1_x86_64.whl", hash = "sha256:f0427755c68571df37dc58835e53a4307884a48dec76f3c01e33eb0d4a3a81d7"}, - {file = "netifaces-0.10.9-cp34-cp34m-win32.whl", hash = "sha256:7cc6fd1eca65be588f001005446a47981cbe0b2909f5be8feafef3bf351a4e24"}, - {file = "netifaces-0.10.9-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:b47e8f9ff6846756be3dc3fb242ca8e86752cd35a08e06d54ffc2e2a2aca70ea"}, - {file = "netifaces-0.10.9-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:f8885cc48c8c7ad51f36c175e462840f163cb4687eeb6c6d7dfaf7197308e36b"}, - {file = "netifaces-0.10.9-cp35-cp35m-win32.whl", hash = "sha256:755050799b5d5aedb1396046f270abfc4befca9ccba3074f3dbbb3cb34f13aae"}, - {file = "netifaces-0.10.9-cp36-cp36m-macosx_10_13_x86_64.whl", hash = "sha256:ad10acab2ef691eb29a1cc52c3be5ad1423700e993cc035066049fa72999d0dc"}, - {file = "netifaces-0.10.9-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:563a1a366ee0fb3d96caab79b7ac7abd2c0a0577b157cc5a40301373a0501f89"}, - {file = "netifaces-0.10.9-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:30ed89ab8aff715caf9a9d827aa69cd02ad9f6b1896fd3fb4beb998466ed9a3c"}, - {file = "netifaces-0.10.9-cp36-cp36m-win32.whl", hash = "sha256:75d3a4ec5035db7478520ac547f7c176e9fd438269e795819b67223c486e5cbe"}, - {file = "netifaces-0.10.9-cp36-cp36m-win_amd64.whl", hash = "sha256:078986caf4d6a602a4257d3686afe4544ea74362b8928e9f4389b5cd262bc215"}, - {file = "netifaces-0.10.9-cp37-cp37m-macosx_10_14_x86_64.whl", hash = "sha256:3095218b66d359092b82f07c5422293c2f6559cf8d36b96b379cc4cdc26eeffa"}, - {file = "netifaces-0.10.9-cp37-cp37m-win32.whl", hash = "sha256:da298241d87bcf468aa0f0705ba14572ad296f24c4fda5055d6988701d6fd8e1"}, - {file = "netifaces-0.10.9-cp37-cp37m-win_amd64.whl", hash = "sha256:86b8a140e891bb23c8b9cb1804f1475eb13eea3dbbebef01fcbbf10fbafbee42"}, - {file = "netifaces-0.10.9.tar.gz", hash = "sha256:2dee9ffdd16292878336a58d04a20f0ffe95555465fee7c9bd23b3490ef2abf3"}, + {file = "netifaces-0.11.0-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:eb4813b77d5df99903af4757ce980a98c4d702bbcb81f32a0b305a1537bdf0b1"}, + {file = "netifaces-0.11.0-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:5f9ca13babe4d845e400921973f6165a4c2f9f3379c7abfc7478160e25d196a4"}, + {file = "netifaces-0.11.0-cp27-cp27m-win32.whl", hash = "sha256:7dbb71ea26d304e78ccccf6faccef71bb27ea35e259fb883cfd7fd7b4f17ecb1"}, + {file = "netifaces-0.11.0-cp27-cp27m-win_amd64.whl", hash = "sha256:0f6133ac02521270d9f7c490f0c8c60638ff4aec8338efeff10a1b51506abe85"}, + {file = "netifaces-0.11.0-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:08e3f102a59f9eaef70948340aeb6c89bd09734e0dca0f3b82720305729f63ea"}, + {file = "netifaces-0.11.0-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c03fb2d4ef4e393f2e6ffc6376410a22a3544f164b336b3a355226653e5efd89"}, + {file = "netifaces-0.11.0-cp34-cp34m-win32.whl", hash = "sha256:73ff21559675150d31deea8f1f8d7e9a9a7e4688732a94d71327082f517fc6b4"}, + {file = "netifaces-0.11.0-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:815eafdf8b8f2e61370afc6add6194bd5a7252ae44c667e96c4c1ecf418811e4"}, + {file = "netifaces-0.11.0-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:50721858c935a76b83dd0dd1ab472cad0a3ef540a1408057624604002fcfb45b"}, + {file = "netifaces-0.11.0-cp35-cp35m-win32.whl", hash = "sha256:c9a3a47cd3aaeb71e93e681d9816c56406ed755b9442e981b07e3618fb71d2ac"}, + {file = "netifaces-0.11.0-cp36-cp36m-macosx_10_15_x86_64.whl", hash = "sha256:aab1dbfdc55086c789f0eb37affccf47b895b98d490738b81f3b2360100426be"}, + {file = "netifaces-0.11.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c37a1ca83825bc6f54dddf5277e9c65dec2f1b4d0ba44b8fd42bc30c91aa6ea1"}, + {file = "netifaces-0.11.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:28f4bf3a1361ab3ed93c5ef360c8b7d4a4ae060176a3529e72e5e4ffc4afd8b0"}, + {file = "netifaces-0.11.0-cp36-cp36m-win32.whl", hash = "sha256:2650beee182fed66617e18474b943e72e52f10a24dc8cac1db36c41ee9c041b7"}, + {file = "netifaces-0.11.0-cp36-cp36m-win_amd64.whl", hash = "sha256:cb925e1ca024d6f9b4f9b01d83215fd00fe69d095d0255ff3f64bffda74025c8"}, + {file = "netifaces-0.11.0-cp37-cp37m-macosx_10_15_x86_64.whl", hash = "sha256:84e4d2e6973eccc52778735befc01638498781ce0e39aa2044ccfd2385c03246"}, + {file = "netifaces-0.11.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:18917fbbdcb2d4f897153c5ddbb56b31fa6dd7c3fa9608b7e3c3a663df8206b5"}, + {file = "netifaces-0.11.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:48324183af7f1bc44f5f197f3dad54a809ad1ef0c78baee2c88f16a5de02c4c9"}, + {file = "netifaces-0.11.0-cp37-cp37m-win32.whl", hash = "sha256:8f7da24eab0d4184715d96208b38d373fd15c37b0dafb74756c638bd619ba150"}, + {file = "netifaces-0.11.0-cp37-cp37m-win_amd64.whl", hash = "sha256:2479bb4bb50968089a7c045f24d120f37026d7e802ec134c4490eae994c729b5"}, + {file = "netifaces-0.11.0-cp38-cp38-macosx_10_15_x86_64.whl", hash = "sha256:3ecb3f37c31d5d51d2a4d935cfa81c9bc956687c6f5237021b36d6fdc2815b2c"}, + {file = "netifaces-0.11.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:96c0fe9696398253f93482c84814f0e7290eee0bfec11563bd07d80d701280c3"}, + {file = "netifaces-0.11.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c92ff9ac7c2282009fe0dcb67ee3cd17978cffbe0c8f4b471c00fe4325c9b4d4"}, + {file = "netifaces-0.11.0-cp38-cp38-win32.whl", hash = "sha256:d07b01c51b0b6ceb0f09fc48ec58debd99d2c8430b09e56651addeaf5de48048"}, + {file = "netifaces-0.11.0-cp38-cp38-win_amd64.whl", hash = "sha256:469fc61034f3daf095e02f9f1bbac07927b826c76b745207287bc594884cfd05"}, + {file = "netifaces-0.11.0-cp39-cp39-macosx_10_15_x86_64.whl", hash = "sha256:5be83986100ed1fdfa78f11ccff9e4757297735ac17391b95e17e74335c2047d"}, + {file = "netifaces-0.11.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:54ff6624eb95b8a07e79aa8817288659af174e954cca24cdb0daeeddfc03c4ff"}, + {file = "netifaces-0.11.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:841aa21110a20dc1621e3dd9f922c64ca64dd1eb213c47267a2c324d823f6c8f"}, + {file = "netifaces-0.11.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e76c7f351e0444721e85f975ae92718e21c1f361bda946d60a214061de1f00a1"}, + {file = "netifaces-0.11.0.tar.gz", hash = "sha256:043a79146eb2907edf439899f262b3dfe41717d34124298ed281139a8b93ca32"}, ] neutron-lib = [ - {file = "neutron-lib-2.11.0.tar.gz", hash = "sha256:af47a5c1f84f05a281038625064b7f0e6c6856d56c3ec3fb06184789acef4685"}, - {file = "neutron_lib-2.11.0-py3-none-any.whl", hash = "sha256:15427f8e2b5b119d8a9dafa18fe247b2fd18c56e838f246da7b01be4dc9a777c"}, + {file = "neutron-lib-2.12.0.tar.gz", hash = "sha256:a9466cdd62e6a3fe6f4da85fcc255e044d71695c0fa316387a7f867c24a97a09"}, + {file = "neutron_lib-2.12.0-py3-none-any.whl", hash = "sha256:d31dba3ee1086e57af210155a88aef3bafb2b758b5d6a1c27cbc2bf698b3ad03"}, ] os-ken = [ - {file = "os-ken-1.4.0.tar.gz", hash = "sha256:256614dbe468f1f5bf16dfb290598c856e9a40f61269556d90e43ca8b5b0a1c8"}, - {file = "os_ken-1.4.0-py3-none-any.whl", hash = "sha256:b65d8d2e6c57dacb59828766febe6772f6f166109ce1eb5bcbcf98afcfff3a54"}, + {file = "os-ken-2.0.0.tar.gz", hash = "sha256:75520bd9cd5eeee43edd0512efa4552d0d36dcd5d05a7e7b2a36611bc99df7ea"}, + {file = "os_ken-2.0.0-py3-none-any.whl", hash = "sha256:c020d9d7b093e69ecff2b73eb1a24c29f4de917f2ec417bcf0d35cab35bb6361"}, ] os-service-types = [ {file = "os-service-types-1.7.0.tar.gz", hash = "sha256:31800299a82239363995b91f1ebf9106ac7758542a1e4ef6dc737a5932878c6c"}, @@ -1824,63 +1821,63 @@ os-traits = [ {file = "oslo.concurrency-4.4.0.tar.gz", hash = "sha256:0d1d0a341ead03f4e5638c368de99baacd943011c5cceece43106885470edf69"}, ] "oslo.config" = [ - {file = "oslo.config-8.7.0-py3-none-any.whl", hash = "sha256:5b1b9439bfb76e0091172aee77b509144f22e08127ddee4d10a7eb5407740b07"}, - {file = "oslo.config-8.7.0.tar.gz", hash = "sha256:5b28db6e8716feddb83fc8d97584513d7f48b54ee774c74b0c5a8d61c8d4fa73"}, + {file = "oslo.config-8.7.1-py3-none-any.whl", hash = "sha256:3c5cc681ef106a4573d677510f907ab48f40004dc3aac2298d9a517559491efb"}, + {file = "oslo.config-8.7.1.tar.gz", hash = "sha256:a0c346d778cdc8870ab945e438bea251b5f45fae05d6d99dfe4953cca2277b60"}, ] "oslo.context" = [ - {file = "oslo.context-3.2.0-py3-none-any.whl", hash = "sha256:ed71f2431bfc71b2cdb220ae2206a3dd22c621b5cbc9241bb69998a47a591d8c"}, - {file = "oslo.context-3.2.0.tar.gz", hash = "sha256:0e7d96a95c276de2da0f458ef34153347327ac34fe33b264be2bb59eac51e620"}, + {file = "oslo.context-3.3.0-py3-none-any.whl", hash = "sha256:4a7c15399eacf289f87391d80b8d3d8cfc030ed4da70c1fef28e38ece45a4435"}, + {file = "oslo.context-3.3.0.tar.gz", hash = "sha256:d83f098e79ee0731c352fe2d59a82c16b213e2cf3259958c019defabf510fc08"}, ] "oslo.db" = [ - {file = "oslo.db-9.0.0-py3-none-any.whl", hash = "sha256:af38fb7684e300017d45be94ab9f7ba828aede11c3c697874d6a0ca98ccf3285"}, - {file = "oslo.db-9.0.0.tar.gz", hash = "sha256:d1b7b699868c889e0a16740c507cb8219b6f0baea77e11e06071e09e976ef397"}, + {file = "oslo.db-10.0.0-py3-none-any.whl", hash = "sha256:56bf61fd615178e4e6f847ba34fea64fa6de5d66a2e0906475ade4bc17db59d6"}, + {file = "oslo.db-10.0.0.tar.gz", hash = "sha256:3ce4104ecad0449d00de4697ea23b8c50deaaeb7794d6121e956a8a53e72413a"}, ] "oslo.i18n" = [ {file = "oslo.i18n-5.0.1-py3-none-any.whl", hash = "sha256:99a6453b9b7a9d1603ba6c32e6ab8c738af95f6573215682a33c8028340bdccd"}, {file = "oslo.i18n-5.0.1.tar.gz", hash = "sha256:3484b71e30f75c437523302d1151c291caf4098928269ceec65ce535456e035b"}, ] "oslo.log" = [ - {file = "oslo.log-4.5.0-py3-none-any.whl", hash = "sha256:8539cfa12f49c52d3ccfaf29c72935c80d784bce90a8733684db2b830be6a33c"}, - {file = "oslo.log-4.5.0.tar.gz", hash = "sha256:63619fc00483f37c7ae6a6d6775d1ebb2b57e241c731f0295d1473b2c01c7278"}, + {file = "oslo.log-4.6.0-py3-none-any.whl", hash = "sha256:2e55e1e75ecd72cb4b095c9d0f27c1ea9c62bfcd454c1bb9ff68645f68b2743b"}, + {file = "oslo.log-4.6.0.tar.gz", hash = "sha256:dad5d7ff1290f01132b356d36a1bb79f98a3929d5005cce73e849ed31b385ba7"}, ] "oslo.messaging" = [ {file = "oslo.messaging-12.8.0-py3-none-any.whl", hash = "sha256:d8f72892e03876402c83e81f00654dade3e0772c22bcf5cdb681eb9e2d9ed7e1"}, {file = "oslo.messaging-12.8.0.tar.gz", hash = "sha256:175bdf808722f7679508f95a23b59e78a7a71601a784aee53c12f24b0f304ecb"}, ] "oslo.middleware" = [ - {file = "oslo.middleware-4.2.0-py3-none-any.whl", hash = "sha256:54be9f1d03f63b0e2b45c17b804dea5e00f564826c5c4e0573e3494046660291"}, - {file = "oslo.middleware-4.2.0.tar.gz", hash = "sha256:f6bb2b2896737bf37c8f0ff034fd74245b7a1d2d5cb1252b672b44fbe3249d88"}, + {file = "oslo.middleware-4.3.0-py3-none-any.whl", hash = "sha256:565dbfc7f9e6effc15e199de8474bcdb8e3f7948a36f6700347305fc10a71eb1"}, + {file = "oslo.middleware-4.3.0.tar.gz", hash = "sha256:a12ecc580c5f553e70f9c752f18957e1414a3d35fe5137ad343cdf29a927b8a8"}, ] "oslo.policy" = [ - {file = "oslo.policy-3.8.0-py3-none-any.whl", hash = "sha256:15a6e3e6677ada933d48b05b29e0c73a4d63b7267f0ec183c05ba7d7e01310c6"}, - {file = "oslo.policy-3.8.0.tar.gz", hash = "sha256:31f4a4c94fddc1247e829349575b4358e21412ee0a4d4d9c1b37ba6be8c3f022"}, + {file = "oslo.policy-3.8.1-py3-none-any.whl", hash = "sha256:2c07ac3d341ec014f4c1ec86aeae93a5f1bdfa714772877922350ee3b035f5d4"}, + {file = "oslo.policy-3.8.1.tar.gz", hash = "sha256:46e359b7eed8c1c3496b5e9761850e6804f04328f02a9f6cc297cdfcf33b8d24"}, ] "oslo.serialization" = [ {file = "oslo.serialization-4.1.0-py3-none-any.whl", hash = "sha256:a0acf0ff7ca88b3ee6514713571f614b5c20870005ed0eb90408fa7f9f3edb60"}, {file = "oslo.serialization-4.1.0.tar.gz", hash = "sha256:cecc7794df806c85cb70dbd6c2b3af19bc68047ad29e3c6442be90a0a4de5379"}, ] "oslo.service" = [ - {file = "oslo.service-2.5.0-py3-none-any.whl", hash = "sha256:a17d19890e4df00965d5d9ff1b7eb16efb2f0bc087f252e309b0176c03af8033"}, - {file = "oslo.service-2.5.0.tar.gz", hash = "sha256:147da1140bc112f0aba810ebf05f16775a181a7d9e8e87e19e8a59a49ecbcc28"}, + {file = "oslo.service-2.6.0-py3-none-any.whl", hash = "sha256:f90a5e66a524fb2853d8ff84716a4c51c3afa3d71c6db896cc3a80ed36079b7d"}, + {file = "oslo.service-2.6.0.tar.gz", hash = "sha256:7d58aa94c407f935570e47362107af8e9d5585c855a17ae34d3b9aa9750939f6"}, ] "oslo.utils" = [ - {file = "oslo.utils-4.9.0-py3-none-any.whl", hash = "sha256:c10740e4462c32956afa1ba5156191cb678b2b63c60485d1a73542d1622677d6"}, - {file = "oslo.utils-4.9.0.tar.gz", hash = "sha256:4d29cae87f0ce48ec0e1c5577787c5cd10723c614f2d5a642f42c5efdf787e9c"}, + {file = "oslo.utils-4.9.2-py3-none-any.whl", hash = "sha256:ff38bc69bbed11103ceb5d06ac47454fe439ee9351ed2640d47c1b2cc71b2ea5"}, + {file = "oslo.utils-4.9.2.tar.gz", hash = "sha256:20db285734ff6c3b50d5a6afcb2790ade0c7ba02fbc876feed43733f2c41a5c9"}, ] "oslo.versionedobjects" = [ {file = "oslo.versionedobjects-2.4.0-py3-none-any.whl", hash = "sha256:a3598db096a09c1d0a50998c3496bce3c8a963355611874d8ae4eba9bc7a5379"}, {file = "oslo.versionedobjects-2.4.0.tar.gz", hash = "sha256:f0149e557d962365f53e61b7ce0aa4d7037d2d83a0db4fecba1e964fd4949926"}, ] osprofiler = [ - {file = "osprofiler-3.4.0-py3-none-any.whl", hash = "sha256:4ccde8ab98fd2861008033ef7fae3f4d1bc63f78a5f203ffd59107dea8a35cf9"}, - {file = "osprofiler-3.4.0.tar.gz", hash = "sha256:f7fe387f4dd681bbf92b9fbe857cc90e89cfe96d44522a2727540902310a9ed6"}, + {file = "osprofiler-3.4.1-py3-none-any.whl", hash = "sha256:275328a86d06c7066b0e01356d32bffc0165d490c72e9f478e32059ca7134d12"}, + {file = "osprofiler-3.4.1.tar.gz", hash = "sha256:4e324c4c45bf40dc62f865a0be9315190e124b840bbdd6499e42571f2fe1df36"}, ] ovs = [ {file = "ovs-2.13.3.tar.gz", hash = "sha256:8b46cec865a36bfa7863df29f4f761589c1e075df7d4aa2faedc52fe1e3d80b6"}, ] packaging = [ - {file = "packaging-20.9-py2.py3-none-any.whl", hash = "sha256:67714da7f7bc052e064859c05c595155bd1ee9f69f76557e21f051443c20947a"}, - {file = "packaging-20.9.tar.gz", hash = "sha256:5b327ac1320dc863dca72f4514ecc086f31186744b84a230374cc1fd776feae5"}, + {file = "packaging-21.0-py3-none-any.whl", hash = "sha256:c86254f9220d55e31cc94d69bade760f0847da8000def4dfe1c6b872fd14ff14"}, + {file = "packaging-21.0.tar.gz", hash = "sha256:7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"}, ] paste = [ {file = "Paste-3.5.0-py2.py3-none-any.whl", hash = "sha256:8e08200a570f7e29dfafd4eea0e1b38a6193cfda6446bb515db74250b632c53b"}, @@ -1906,9 +1903,38 @@ pluggy = [ {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, ] prettytable = [ - {file = "prettytable-0.7.2.tar.bz2", hash = "sha256:853c116513625c738dc3ce1aee148b5b5757a86727e67eff6502c7ca59d43c36"}, - {file = "prettytable-0.7.2.tar.gz", hash = "sha256:2d5460dc9db74a32bcc8f9f67de68b2c4f4d2f01fa3bd518764c69156d9cacd9"}, - {file = "prettytable-0.7.2.zip", hash = "sha256:a53da3b43d7a5c229b5e3ca2892ef982c46b7923b51e98f0db49956531211c4f"}, + {file = "prettytable-2.1.0-py3-none-any.whl", hash = "sha256:bb5abc72bdfae6f3cdadb04fb7726f6915af0ddb7c897a41d4ad7736d9bfd8fd"}, + {file = "prettytable-2.1.0.tar.gz", hash = "sha256:5882ed9092b391bb8f6e91f59bcdbd748924ff556bb7c634089d5519be87baa0"}, +] +psutil = [ + {file = "psutil-5.8.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:0066a82f7b1b37d334e68697faba68e5ad5e858279fd6351c8ca6024e8d6ba64"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:0ae6f386d8d297177fd288be6e8d1afc05966878704dad9847719650e44fc49c"}, + {file = "psutil-5.8.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:12d844996d6c2b1d3881cfa6fa201fd635971869a9da945cf6756105af73d2df"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:02b8292609b1f7fcb34173b25e48d0da8667bc85f81d7476584d889c6e0f2131"}, + {file = "psutil-5.8.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:6ffe81843131ee0ffa02c317186ed1e759a145267d54fdef1bc4ea5f5931ab60"}, + {file = "psutil-5.8.0-cp27-none-win32.whl", hash = "sha256:ea313bb02e5e25224e518e4352af4bf5e062755160f77e4b1767dd5ccb65f876"}, + {file = "psutil-5.8.0-cp27-none-win_amd64.whl", hash = "sha256:5da29e394bdedd9144c7331192e20c1f79283fb03b06e6abd3a8ae45ffecee65"}, + {file = "psutil-5.8.0-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:74fb2557d1430fff18ff0d72613c5ca30c45cdbfcddd6a5773e9fc1fe9364be8"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:74f2d0be88db96ada78756cb3a3e1b107ce8ab79f65aa885f76d7664e56928f6"}, + {file = "psutil-5.8.0-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99de3e8739258b3c3e8669cb9757c9a861b2a25ad0955f8e53ac662d66de61ac"}, + {file = "psutil-5.8.0-cp36-cp36m-win32.whl", hash = "sha256:36b3b6c9e2a34b7d7fbae330a85bf72c30b1c827a4366a07443fc4b6270449e2"}, + {file = "psutil-5.8.0-cp36-cp36m-win_amd64.whl", hash = "sha256:52de075468cd394ac98c66f9ca33b2f54ae1d9bff1ef6b67a212ee8f639ec06d"}, + {file = "psutil-5.8.0-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:c6a5fd10ce6b6344e616cf01cc5b849fa8103fbb5ba507b6b2dee4c11e84c935"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:61f05864b42fedc0771d6d8e49c35f07efd209ade09a5afe6a5059e7bb7bf83d"}, + {file = "psutil-5.8.0-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:0dd4465a039d343925cdc29023bb6960ccf4e74a65ad53e768403746a9207023"}, + {file = "psutil-5.8.0-cp37-cp37m-win32.whl", hash = "sha256:1bff0d07e76114ec24ee32e7f7f8d0c4b0514b3fae93e3d2aaafd65d22502394"}, + {file = "psutil-5.8.0-cp37-cp37m-win_amd64.whl", hash = "sha256:fcc01e900c1d7bee2a37e5d6e4f9194760a93597c97fee89c4ae51701de03563"}, + {file = "psutil-5.8.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:6223d07a1ae93f86451d0198a0c361032c4c93ebd4bf6d25e2fb3edfad9571ef"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:d225cd8319aa1d3c85bf195c4e07d17d3cd68636b8fc97e6cf198f782f99af28"}, + {file = "psutil-5.8.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:28ff7c95293ae74bf1ca1a79e8805fcde005c18a122ca983abf676ea3466362b"}, + {file = "psutil-5.8.0-cp38-cp38-win32.whl", hash = "sha256:ce8b867423291cb65cfc6d9c4955ee9bfc1e21fe03bb50e177f2b957f1c2469d"}, + {file = "psutil-5.8.0-cp38-cp38-win_amd64.whl", hash = "sha256:90f31c34d25b1b3ed6c40cdd34ff122b1887a825297c017e4cbd6796dd8b672d"}, + {file = "psutil-5.8.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6323d5d845c2785efb20aded4726636546b26d3b577aded22492908f7c1bdda7"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:245b5509968ac0bd179287d91210cd3f37add77dad385ef238b275bad35fa1c4"}, + {file = "psutil-5.8.0-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:90d4091c2d30ddd0a03e0b97e6a33a48628469b99585e2ad6bf21f17423b112b"}, + {file = "psutil-5.8.0-cp39-cp39-win32.whl", hash = "sha256:ea372bcc129394485824ae3e3ddabe67dc0b118d262c568b4d2602a7070afdb0"}, + {file = "psutil-5.8.0-cp39-cp39-win_amd64.whl", hash = "sha256:f4634b033faf0d968bb9220dd1c793b897ab7f1189956e1aa9eae752527127d3"}, + {file = "psutil-5.8.0.tar.gz", hash = "sha256:0c9ccb99ab76025f2f0bbecf341d4656e9c1351db8cc8a03ccd62e318ab4b5c6"}, ] py = [ {file = "py-1.10.0-py2.py3-none-any.whl", hash = "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a"}, @@ -1957,9 +1983,17 @@ pytest = [ {file = "pytest-6.2.4-py3-none-any.whl", hash = "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890"}, {file = "pytest-6.2.4.tar.gz", hash = "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b"}, ] +pytest-forked = [ + {file = "pytest-forked-1.3.0.tar.gz", hash = "sha256:6aa9ac7e00ad1a539c41bec6d21011332de671e938c7637378ec9710204e37ca"}, + {file = "pytest_forked-1.3.0-py2.py3-none-any.whl", hash = "sha256:dc4147784048e70ef5d437951728825a131b81714b398d5d52f17c7c144d8815"}, +] +pytest-xdist = [ + {file = "pytest-xdist-2.3.0.tar.gz", hash = "sha256:e8ecde2f85d88fbcadb7d28cb33da0fa29bca5cf7d5967fa89fc0e97e5299ea5"}, + {file = "pytest_xdist-2.3.0-py3-none-any.whl", hash = "sha256:ed3d7da961070fce2a01818b51f6888327fb88df4379edeb6b9d990e789d9c8d"}, +] python-dateutil = [ - {file = "python-dateutil-2.8.1.tar.gz", hash = "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c"}, - {file = "python_dateutil-2.8.1-py2.py3-none-any.whl", hash = "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"}, + {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"}, + {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"}, ] python-editor = [ {file = "python-editor-1.0.4.tar.gz", hash = "sha256:51fda6bcc5ddbbb7063b2af7509e43bd84bfc32a4ff71349ec7847713882327b"}, @@ -1968,10 +2002,6 @@ python-editor = [ {file = "python_editor-1.0.4-py3-none-any.whl", hash = "sha256:1bf6e860a8ad52a14c3ee1252d5dc25b2030618ed80c022598f00176adc8367d"}, {file = "python_editor-1.0.4-py3.5.egg", hash = "sha256:c3da2053dbab6b29c94e43c486ff67206eafbe7eb52dbec7390b5e2fb05aac77"}, ] -python-mimeparse = [ - {file = "python-mimeparse-1.6.0.tar.gz", hash = "sha256:76e4b03d700a641fd7761d3cd4fdbbdcd787eade1ebfac43f877016328334f78"}, - {file = "python_mimeparse-1.6.0-py2.py3-none-any.whl", hash = "sha256:a295f03ff20341491bfe4717a39cd0a8cc9afad619ba44b77e86b0ab8a2b8282"}, -] pytz = [ {file = "pytz-2021.1-py2.py3-none-any.whl", hash = "sha256:eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798"}, {file = "pytz-2021.1.tar.gz", hash = "sha256:83a4a90894bf38e243cf052c8b58f381bfe9a7a483f6a9cab140bc7f702ac4da"}, @@ -2020,55 +2050,55 @@ pyyaml = [ {file = "PyYAML-5.4.1.tar.gz", hash = "sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"}, ] regex = [ - {file = "regex-2021.4.4-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:619d71c59a78b84d7f18891fe914446d07edd48dc8328c8e149cbe0929b4e000"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:47bf5bf60cf04d72bf6055ae5927a0bd9016096bf3d742fa50d9bf9f45aa0711"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:281d2fd05555079448537fe108d79eb031b403dac622621c78944c235f3fcf11"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:bd28bc2e3a772acbb07787c6308e00d9626ff89e3bfcdebe87fa5afbfdedf968"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:7c2a1af393fcc09e898beba5dd59196edaa3116191cc7257f9224beaed3e1aa0"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c38c71df845e2aabb7fb0b920d11a1b5ac8526005e533a8920aea97efb8ec6a4"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:96fcd1888ab4d03adfc9303a7b3c0bd78c5412b2bfbe76db5b56d9eae004907a"}, - {file = "regex-2021.4.4-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:ade17eb5d643b7fead300a1641e9f45401c98eee23763e9ed66a43f92f20b4a7"}, - {file = "regex-2021.4.4-cp36-cp36m-win32.whl", hash = "sha256:e8e5b509d5c2ff12f8418006d5a90e9436766133b564db0abaec92fd27fcee29"}, - {file = "regex-2021.4.4-cp36-cp36m-win_amd64.whl", hash = "sha256:11d773d75fa650cd36f68d7ca936e3c7afaae41b863b8c387a22aaa78d3c5c79"}, - {file = "regex-2021.4.4-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:d3029c340cfbb3ac0a71798100ccc13b97dddf373a4ae56b6a72cf70dfd53bc8"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:18c071c3eb09c30a264879f0d310d37fe5d3a3111662438889ae2eb6fc570c31"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:4c557a7b470908b1712fe27fb1ef20772b78079808c87d20a90d051660b1d69a"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:01afaf2ec48e196ba91b37451aa353cb7eda77efe518e481707e0515025f0cd5"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:3a9cd17e6e5c7eb328517969e0cb0c3d31fd329298dd0c04af99ebf42e904f82"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:90f11ff637fe8798933fb29f5ae1148c978cccb0452005bf4c69e13db951e765"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:919859aa909429fb5aa9cf8807f6045592c85ef56fdd30a9a3747e513db2536e"}, - {file = "regex-2021.4.4-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:339456e7d8c06dd36a22e451d58ef72cef293112b559010db3d054d5560ef439"}, - {file = "regex-2021.4.4-cp37-cp37m-win32.whl", hash = "sha256:67bdb9702427ceddc6ef3dc382455e90f785af4c13d495f9626861763ee13f9d"}, - {file = "regex-2021.4.4-cp37-cp37m-win_amd64.whl", hash = "sha256:32e65442138b7b76dd8173ffa2cf67356b7bc1768851dded39a7a13bf9223da3"}, - {file = "regex-2021.4.4-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1e1c20e29358165242928c2de1482fb2cf4ea54a6a6dea2bd7a0e0d8ee321500"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_i686.whl", hash = "sha256:314d66636c494ed9c148a42731b3834496cc9a2c4251b1661e40936814542b14"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:6d1b01031dedf2503631d0903cb563743f397ccaf6607a5e3b19a3d76fc10480"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:741a9647fcf2e45f3a1cf0e24f5e17febf3efe8d4ba1281dcc3aa0459ef424dc"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:4c46e22a0933dd783467cf32b3516299fb98cfebd895817d685130cc50cd1093"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:e512d8ef5ad7b898cdb2d8ee1cb09a8339e4f8be706d27eaa180c2f177248a10"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:980d7be47c84979d9136328d882f67ec5e50008681d94ecc8afa8a65ed1f4a6f"}, - {file = "regex-2021.4.4-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:ce15b6d103daff8e9fee13cf7f0add05245a05d866e73926c358e871221eae87"}, - {file = "regex-2021.4.4-cp38-cp38-win32.whl", hash = "sha256:a91aa8619b23b79bcbeb37abe286f2f408d2f2d6f29a17237afda55bb54e7aac"}, - {file = "regex-2021.4.4-cp38-cp38-win_amd64.whl", hash = "sha256:c0502c0fadef0d23b128605d69b58edb2c681c25d44574fc673b0e52dce71ee2"}, - {file = "regex-2021.4.4-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:598585c9f0af8374c28edd609eb291b5726d7cbce16be6a8b95aa074d252ee17"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_i686.whl", hash = "sha256:ee54ff27bf0afaf4c3b3a62bcd016c12c3fdb4ec4f413391a90bd38bc3624605"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7d9884d86dd4dd489e981d94a65cd30d6f07203d90e98f6f657f05170f6324c9"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:bf5824bfac591ddb2c1f0a5f4ab72da28994548c708d2191e3b87dd207eb3ad7"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:563085e55b0d4fb8f746f6a335893bda5c2cef43b2f0258fe1020ab1dd874df8"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9c3db21af35e3b3c05764461b262d6f05bbca08a71a7849fd79d47ba7bc33ed"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:3916d08be28a1149fb97f7728fca1f7c15d309a9f9682d89d79db75d5e52091c"}, - {file = "regex-2021.4.4-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:fd45ff9293d9274c5008a2054ecef86a9bfe819a67c7be1afb65e69b405b3042"}, - {file = "regex-2021.4.4-cp39-cp39-win32.whl", hash = "sha256:fa4537fb4a98fe8fde99626e4681cc644bdcf2a795038533f9f711513a862ae6"}, - {file = "regex-2021.4.4-cp39-cp39-win_amd64.whl", hash = "sha256:97f29f57d5b84e73fbaf99ab3e26134e6687348e95ef6b48cfd2c06807005a07"}, - {file = "regex-2021.4.4.tar.gz", hash = "sha256:52ba3d3f9b942c49d7e4bc105bb28551c44065f139a65062ab7912bef10c9afb"}, + {file = "regex-2021.7.6-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:e6a1e5ca97d411a461041d057348e578dc344ecd2add3555aedba3b408c9f874"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:6afe6a627888c9a6cfbb603d1d017ce204cebd589d66e0703309b8048c3b0854"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ccb3d2190476d00414aab36cca453e4596e8f70a206e2aa8db3d495a109153d2"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:ed693137a9187052fc46eedfafdcb74e09917166362af4cc4fddc3b31560e93d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:99d8ab206a5270c1002bfcf25c51bf329ca951e5a169f3b43214fdda1f0b5f0d"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:b85ac458354165405c8a84725de7bbd07b00d9f72c31a60ffbf96bb38d3e25fa"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux2014_x86_64.whl", hash = "sha256:3f5716923d3d0bfb27048242a6e0f14eecdb2e2a7fac47eda1d055288595f222"}, + {file = "regex-2021.7.6-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e5983c19d0beb6af88cb4d47afb92d96751fb3fa1784d8785b1cdf14c6519407"}, + {file = "regex-2021.7.6-cp36-cp36m-win32.whl", hash = "sha256:c92831dac113a6e0ab28bc98f33781383fe294df1a2c3dfd1e850114da35fd5b"}, + {file = "regex-2021.7.6-cp36-cp36m-win_amd64.whl", hash = "sha256:791aa1b300e5b6e5d597c37c346fb4d66422178566bbb426dd87eaae475053fb"}, + {file = "regex-2021.7.6-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:59506c6e8bd9306cd8a41511e32d16d5d1194110b8cfe5a11d102d8b63cf945d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:564a4c8a29435d1f2256ba247a0315325ea63335508ad8ed938a4f14c4116a5d"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:59c00bb8dd8775473cbfb967925ad2c3ecc8886b3b2d0c90a8e2707e06c743f0"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:9a854b916806c7e3b40e6616ac9e85d3cdb7649d9e6590653deb5b341a736cec"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:db2b7df831c3187a37f3bb80ec095f249fa276dbe09abd3d35297fc250385694"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_i686.whl", hash = "sha256:173bc44ff95bc1e96398c38f3629d86fa72e539c79900283afa895694229fe6a"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux2014_x86_64.whl", hash = "sha256:15dddb19823f5147e7517bb12635b3c82e6f2a3a6b696cc3e321522e8b9308ad"}, + {file = "regex-2021.7.6-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2ddeabc7652024803666ea09f32dd1ed40a0579b6fbb2a213eba590683025895"}, + {file = "regex-2021.7.6-cp37-cp37m-win32.whl", hash = "sha256:f080248b3e029d052bf74a897b9d74cfb7643537fbde97fe8225a6467fb559b5"}, + {file = "regex-2021.7.6-cp37-cp37m-win_amd64.whl", hash = "sha256:d8bbce0c96462dbceaa7ac4a7dfbbee92745b801b24bce10a98d2f2b1ea9432f"}, + {file = "regex-2021.7.6-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:edd1a68f79b89b0c57339bce297ad5d5ffcc6ae7e1afdb10f1947706ed066c9c"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_i686.whl", hash = "sha256:422dec1e7cbb2efbbe50e3f1de36b82906def93ed48da12d1714cabcd993d7f0"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:cbe23b323988a04c3e5b0c387fe3f8f363bf06c0680daf775875d979e376bd26"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:0eb2c6e0fcec5e0f1d3bcc1133556563222a2ffd2211945d7b1480c1b1a42a6f"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:1c78780bf46d620ff4fff40728f98b8afd8b8e35c3efd638c7df67be2d5cddbf"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_i686.whl", hash = "sha256:bc84fb254a875a9f66616ed4538542fb7965db6356f3df571d783f7c8d256edd"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux2014_x86_64.whl", hash = "sha256:598c0a79b4b851b922f504f9f39a863d83ebdfff787261a5ed061c21e67dd761"}, + {file = "regex-2021.7.6-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:875c355360d0f8d3d827e462b29ea7682bf52327d500a4f837e934e9e4656068"}, + {file = "regex-2021.7.6-cp38-cp38-win32.whl", hash = "sha256:e586f448df2bbc37dfadccdb7ccd125c62b4348cb90c10840d695592aa1b29e0"}, + {file = "regex-2021.7.6-cp38-cp38-win_amd64.whl", hash = "sha256:2fe5e71e11a54e3355fa272137d521a40aace5d937d08b494bed4529964c19c4"}, + {file = "regex-2021.7.6-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:6110bab7eab6566492618540c70edd4d2a18f40ca1d51d704f1d81c52d245026"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_i686.whl", hash = "sha256:4f64fc59fd5b10557f6cd0937e1597af022ad9b27d454e182485f1db3008f417"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:89e5528803566af4df368df2d6f503c84fbfb8249e6631c7b025fe23e6bd0cde"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:2366fe0479ca0e9afa534174faa2beae87847d208d457d200183f28c74eaea59"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:f9392a4555f3e4cb45310a65b403d86b589adc773898c25a39184b1ba4db8985"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_i686.whl", hash = "sha256:2bceeb491b38225b1fee4517107b8491ba54fba77cf22a12e996d96a3c55613d"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux2014_x86_64.whl", hash = "sha256:f98dc35ab9a749276f1a4a38ab3e0e2ba1662ce710f6530f5b0a6656f1c32b58"}, + {file = "regex-2021.7.6-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:319eb2a8d0888fa6f1d9177705f341bc9455a2c8aca130016e52c7fe8d6c37a3"}, + {file = "regex-2021.7.6-cp39-cp39-win32.whl", hash = "sha256:eaf58b9e30e0e546cdc3ac06cf9165a1ca5b3de8221e9df679416ca667972035"}, + {file = "regex-2021.7.6-cp39-cp39-win_amd64.whl", hash = "sha256:4c9c3155fe74269f61e27617529b7f09552fbb12e44b1189cebbdb24294e6e1c"}, + {file = "regex-2021.7.6.tar.gz", hash = "sha256:8394e266005f2d8c6f0bc6780001f7afa3ef81a7a2111fa35058ded6fce79e4d"}, ] "repoze.lru" = [ {file = "repoze.lru-0.7-py3-none-any.whl", hash = "sha256:f77bf0e1096ea445beadd35f3479c5cff2aa1efe604a133e67150bc8630a62ea"}, {file = "repoze.lru-0.7.tar.gz", hash = "sha256:0429a75e19380e4ed50c0694e26ac8819b4ea7851ee1fc7583c8572db80aff77"}, ] requests = [ - {file = "requests-2.25.1-py2.py3-none-any.whl", hash = "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e"}, - {file = "requests-2.25.1.tar.gz", hash = "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804"}, + {file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"}, + {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"}, ] rfc3986 = [ {file = "rfc3986-1.5.0-py2.py3-none-any.whl", hash = "sha256:a86d6e1f5b1dc238b218b012df0aa79409667bb209e58da56d0b94704e712a97"}, @@ -2115,36 +2145,36 @@ soupsieve = [ {file = "soupsieve-2.2.1.tar.gz", hash = "sha256:052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc"}, ] sqlalchemy = [ - {file = "SQLAlchemy-1.4.15-cp27-cp27m-macosx_10_14_x86_64.whl", hash = "sha256:22141a05d0f60df57ae334b589dbd081213c257a80d448ff499a3b6efd1998d3"}, - {file = "SQLAlchemy-1.4.15-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:c12b7dc8e37442eef74afc7f4f99eb4ec6d796215fc4499ca32c7ca48f353cb3"}, - {file = "SQLAlchemy-1.4.15-cp27-cp27m-win32.whl", hash = "sha256:5ec8d34c8a9f467178b581a48ccef9163cb553015925e4665d7af495c3c958d9"}, - {file = "SQLAlchemy-1.4.15-cp27-cp27m-win_amd64.whl", hash = "sha256:324fb6e1f41afd5bdf0a34cfd011999213dcd543b83efa9dcc868f9e64a9ff7f"}, - {file = "SQLAlchemy-1.4.15-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:8a4d26fa3f00344f9b34402f8a52b58941ba0d4b0ca80d5b05be39ec35b2eb8e"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-macosx_10_14_x86_64.whl", hash = "sha256:a2c2965698807e53f1f4da1cc9d68f1c1dda9139ef5a96d18921be4e253d687e"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:10068984bf334dd0b03ea83550b45667be968789bd0033215d30053649b0dd1b"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:beb1a6560d65c46d52c6ac402a806b8d24a6f2ee3f96fbbd4cfa371db24c3b3a"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6521e3b2f58a9ec2ad84b24efa88e61b8d355a6e481b459dcb64cadd14ba74d7"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-win32.whl", hash = "sha256:6072231bdf976722ce92a8d1335e5b2d7ed0d7ee28667c00537b58cf7d68c41d"}, - {file = "SQLAlchemy-1.4.15-cp36-cp36m-win_amd64.whl", hash = "sha256:4d3cc347db370cc0d14dd724a9f280f4b4a0447ad77a228dd20792c4736f0b0e"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-macosx_10_14_x86_64.whl", hash = "sha256:3845b3af8a412230cc91fd32103a74d558566fea96c1b8775abb7ec65c3ef5de"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8410319b084b708c4ee0bc0d82f4b01623883595b5d8333ec704788940cc7293"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:c1151b26f8bc53a69dc82f782560568186625d7b70bece4914ca459be1f539e1"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec88907048fbade9712de08e648203d95221cad5a3b8a459cc3724c1bffb9281"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-win32.whl", hash = "sha256:e3e627e0f57b6f101ecabe39b90261625deedc91ec659cd4226f522bd3dd0020"}, - {file = "SQLAlchemy-1.4.15-cp37-cp37m-win_amd64.whl", hash = "sha256:70036b7fc86b8dc0c04e186107ee6371e8f9a8fb35980d483cc4d114b298b19f"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-macosx_10_14_x86_64.whl", hash = "sha256:21e0d18dab96515670e96e53a7e7207ba5cee6cd56b312447f2772d61d37d9b8"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:260a79673c1234a20d7a16ee3ac6711c3f1b81363ebb208921d512fdb9f6a12e"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:7c2ff45be0eacf4ac290fe546064df257e8be899e3b191a39df3e41a2d9a0797"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:403e94a1862c6217e7bd71950191d58ad313ea976e7d128c9afb6b9934d2d6a2"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-win32.whl", hash = "sha256:05ea2c275603b3fb5ce761d0ccabe47a376ed8a48f70e1d4c80a71f185224d3f"}, - {file = "SQLAlchemy-1.4.15-cp38-cp38-win_amd64.whl", hash = "sha256:75becbc5ac452dac28d8d5aeb0406ddd3a1d808726a5fd0d5b696fad0b71d951"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-macosx_10_14_x86_64.whl", hash = "sha256:92dfb2ac7b44873901f87f3e0bb5c63469b76c5c3cabbf8124332e0dd1172410"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a31062468a184eb046eb09eadf296e3652d916793e32829082b3eda3367be5e8"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:6248934b6e1841a794d5d12e2d43e32c2a7c64a36a059c612d4d66b312b3604f"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c3fab43abe335a44aed3fbf98be619f021cbee2160718ecedc5fe4fa41296f7e"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-win32.whl", hash = "sha256:5642d64feeab65ae662c8e46eccc3db4a3100c9572dcfa29063751e2d1940e78"}, - {file = "SQLAlchemy-1.4.15-cp39-cp39-win_amd64.whl", hash = "sha256:17ce3009c69ac361d871bed3c9c30cf405d2739934d83322272bd455a697c874"}, - {file = "SQLAlchemy-1.4.15.tar.gz", hash = "sha256:0ff100c75cd175f35f4d24375a0b3d82461f5b1af5fc8d112ef0e5ceea8049e6"}, + {file = "SQLAlchemy-1.4.21-cp27-cp27m-macosx_10_14_x86_64.whl", hash = "sha256:e10be2b717979260db0f0fa6a531e6ddccf0d85cca11983b41d04049214fa0fc"}, + {file = "SQLAlchemy-1.4.21-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:6774f2001e6359b041b8af3b9bc7669afc6adce39438fae99bfacf4b03490d54"}, + {file = "SQLAlchemy-1.4.21-cp27-cp27m-win32.whl", hash = "sha256:ba84fb12826e4db193d5fbfdcf475f85c07fdfb76b84b3fb1504905f540db7ab"}, + {file = "SQLAlchemy-1.4.21-cp27-cp27m-win_amd64.whl", hash = "sha256:4c8dc1ca3330b716c48317b4d91911e00a54c0f2de486c9c25ec0c54ebf12b5f"}, + {file = "SQLAlchemy-1.4.21-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:20a5ecd03134c7ed2c05dfdf5bd96d84480afeebe3484e416f7d7ec8c92596ae"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-macosx_10_14_x86_64.whl", hash = "sha256:8a98e38cb07b63459070c3a63abd5059f254d2ddec7afe77824e160f6b9e26c3"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:da11e254ab264f515b59d16f5d1ff24f5f02fbf0b9de2d2981e704176a75c03a"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:8f77ad5628e82f76ace2ff9a5b10ee87688bda0867f3e269cab5ed8be7e4ccc5"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba8fd99b546aacac74c97bb0676dd5270a1cd84c44fb67adc71d00ccabcb34a8"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-win32.whl", hash = "sha256:bee8b2a399c6be1642d5cfcfb9d0d438fcacdd5188e0b16366fa15dbd49ec667"}, + {file = "SQLAlchemy-1.4.21-cp36-cp36m-win_amd64.whl", hash = "sha256:ef998f03ee92e6c98acdfac464c145e0a9949301b6e83688d7194e746314fcba"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-macosx_10_14_x86_64.whl", hash = "sha256:decb9caf3a5695a8a4ebe7153b8ef7dcc57f85dc16896e3a33d5cf3e629ac396"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:89dbe4a792f28fd21d3319d26ceea32a3132f1c5ae578ec513f77e4c2adb9b91"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:340fb8eda79e5b116f761c953879c98c423eca82481d5cdad762beb108ee763e"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:538544799d537684e83e697298fd5078252ee68f23b44d8271f77647f225bca3"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-win32.whl", hash = "sha256:53b17656bacdb3b194bc6cff1bd2e044879cf015ab5352c932173c2172a4b99d"}, + {file = "SQLAlchemy-1.4.21-cp37-cp37m-win_amd64.whl", hash = "sha256:cfa0c25e4c87517a679d97d0617ddaccb46337f558beac72e7d85c2f34365a35"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-macosx_10_14_x86_64.whl", hash = "sha256:dae7ab0c4d34d40895e92b71149bcd72a2f7c5971dc013d1c29393b6067448e3"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:92c9f6dbe3b3d7059beea12e5601b0b37dd7a51f9bb29fbc98ab314e2a8ffdb7"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:eb418ec022538b24d73260b694ddb5f3878d554614a4611decb433d8eee69acd"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:628120ce7ef7f31824929c244894ee22a98d706d8879fb5441e1c572e02ca2ae"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-win32.whl", hash = "sha256:70b978fb1bbb629e9ce41235511d89ef9d694e3933b5a52dd6d0a4040b6c7830"}, + {file = "SQLAlchemy-1.4.21-cp38-cp38-win_amd64.whl", hash = "sha256:5dbcb3fd1d64d0835e383ea091037ca6aa70a43bd1cabb0c71c27796f2c5173f"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-macosx_10_14_x86_64.whl", hash = "sha256:2ad74f0a7ae8c4fa374d3be26cdf8c0897669ba3fd8bad4607710bc2fb7f132d"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0b7af10ecd1c3829ddf824e39129e026476af6a261388db4d26bf11525fd8d05"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl", hash = "sha256:87cf4054632c20160592ca2917aec93bb83b12b3a39c865feab1ba44e0ed120d"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6bc28702213988c96e394685ad4103a4e347305cf90569693bef8e3d12f233ae"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-win32.whl", hash = "sha256:640fc3556a1022a781f3f07fd5dc9da842ef87f873139402d5d98d64d776360f"}, + {file = "SQLAlchemy-1.4.21-cp39-cp39-win_amd64.whl", hash = "sha256:5042a7d43a8e0a8ffc8d2acacbd5fad1edf8336c376714632a5c61eff56ac06e"}, + {file = "SQLAlchemy-1.4.21.tar.gz", hash = "sha256:07e9054f4df612beadd12ca8a5342246bffcad74a1fa8df1368d1f2bb07d8fc7"}, ] sqlalchemy-migrate = [ {file = "sqlalchemy-migrate-0.13.0.tar.gz", hash = "sha256:0bc02e292a040ade5e35a01d3ea744119e1309cdddb704fdb99bac13236614f8"}, @@ -2174,11 +2204,8 @@ testscenarios = [ {file = "testscenarios-0.5.0.tar.gz", hash = "sha256:c257cb6b90ea7e6f8fef3158121d430543412c9a87df30b5dde6ec8b9b57a2b6"}, ] testtools = [ - {file = "testtools-2.4.0-py2.py3-none-any.whl", hash = "sha256:36ff4998177c7d32ffe5fed3d541cb9ee62618a3b8e745c55510698997774ba4"}, - {file = "testtools-2.4.0.tar.gz", hash = "sha256:64c974a6cca4385d05f4bbfa2deca1c39ce88ede31c3448bee86a7259a9a61c8"}, -] -tinyrpc = [ - {file = "tinyrpc-1.0.4.tar.gz", hash = "sha256:4b41fab967fb1c978f573bf0d609a3b12cc3b6ed62bd3108f43f575563746396"}, + {file = "testtools-2.5.0-py3-none-any.whl", hash = "sha256:798525999f053e4df4e352c0c198baeb9f5079f34bad5bd57a44e97a54fa0330"}, + {file = "testtools-2.5.0.tar.gz", hash = "sha256:57c13433d94f9ffde3be6534177d10fb0c1507cc499319128958ca91a65cb23f"}, ] tokenize-rt = [ {file = "tokenize_rt-4.1.0-py2.py3-none-any.whl", hash = "sha256:b37251fa28c21e8cce2e42f7769a35fba2dd2ecafb297208f9a9a8add3ca7793"}, @@ -2188,54 +2215,14 @@ toml = [ {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"}, {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"}, ] -traceback2 = [ - {file = "traceback2-1.4.0-py2.py3-none-any.whl", hash = "sha256:8253cebec4b19094d67cc5ed5af99bf1dba1285292226e98a31929f87a5d6b23"}, - {file = "traceback2-1.4.0.tar.gz", hash = "sha256:05acc67a09980c2ecfedd3423f7ae0104839eccb55fc645773e1caa0951c3030"}, -] -typed-ast = [ - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:2068531575a125b87a41802130fa7e29f26c09a2833fea68d9a40cf33902eba6"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:c907f561b1e83e93fad565bac5ba9c22d96a54e7ea0267c708bffe863cbe4075"}, - {file = "typed_ast-1.4.3-cp35-cp35m-manylinux2014_aarch64.whl", hash = "sha256:1b3ead4a96c9101bef08f9f7d1217c096f31667617b58de957f690c92378b528"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win32.whl", hash = "sha256:dde816ca9dac1d9c01dd504ea5967821606f02e510438120091b84e852367428"}, - {file = "typed_ast-1.4.3-cp35-cp35m-win_amd64.whl", hash = "sha256:777a26c84bea6cd934422ac2e3b78863a37017618b6e5c08f92ef69853e765d3"}, - {file = "typed_ast-1.4.3-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:f8afcf15cc511ada719a88e013cec87c11aff7b91f019295eb4530f96fe5ef2f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:52b1eb8c83f178ab787f3a4283f68258525f8d70f778a2f6dd54d3b5e5fb4341"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:01ae5f73431d21eead5015997ab41afa53aa1fbe252f9da060be5dad2c730ace"}, - {file = "typed_ast-1.4.3-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:c190f0899e9f9f8b6b7863debfb739abcb21a5c054f911ca3596d12b8a4c4c7f"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win32.whl", hash = "sha256:398e44cd480f4d2b7ee8d98385ca104e35c81525dd98c519acff1b79bdaac363"}, - {file = "typed_ast-1.4.3-cp36-cp36m-win_amd64.whl", hash = "sha256:bff6ad71c81b3bba8fa35f0f1921fb24ff4476235a6e94a26ada2e54370e6da7"}, - {file = "typed_ast-1.4.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:0fb71b8c643187d7492c1f8352f2c15b4c4af3f6338f21681d3681b3dc31a266"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:760ad187b1041a154f0e4d0f6aae3e40fdb51d6de16e5c99aedadd9246450e9e"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:5feca99c17af94057417d744607b82dd0a664fd5e4ca98061480fd8b14b18d04"}, - {file = "typed_ast-1.4.3-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:95431a26309a21874005845c21118c83991c63ea800dd44843e42a916aec5899"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win32.whl", hash = "sha256:aee0c1256be6c07bd3e1263ff920c325b59849dc95392a05f258bb9b259cf39c"}, - {file = "typed_ast-1.4.3-cp37-cp37m-win_amd64.whl", hash = "sha256:9ad2c92ec681e02baf81fdfa056fe0d818645efa9af1f1cd5fd6f1bd2bdfd805"}, - {file = "typed_ast-1.4.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:b36b4f3920103a25e1d5d024d155c504080959582b928e91cb608a65c3a49e1a"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_i686.whl", hash = "sha256:067a74454df670dcaa4e59349a2e5c81e567d8d65458d480a5b3dfecec08c5ff"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:7538e495704e2ccda9b234b82423a4038f324f3a10c43bc088a1636180f11a41"}, - {file = "typed_ast-1.4.3-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:af3d4a73793725138d6b334d9d247ce7e5f084d96284ed23f22ee626a7b88e39"}, - {file = "typed_ast-1.4.3-cp38-cp38-win32.whl", hash = "sha256:f2362f3cb0f3172c42938946dbc5b7843c2a28aec307c49100c8b38764eb6927"}, - {file = "typed_ast-1.4.3-cp38-cp38-win_amd64.whl", hash = "sha256:dd4a21253f42b8d2b48410cb31fe501d32f8b9fbeb1f55063ad102fe9c425e40"}, - {file = "typed_ast-1.4.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f328adcfebed9f11301eaedfa48e15bdece9b519fb27e6a8c01aa52a17ec31b3"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:2c726c276d09fc5c414693a2de063f521052d9ea7c240ce553316f70656c84d4"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:cae53c389825d3b46fb37538441f75d6aecc4174f615d048321b716df2757fb0"}, - {file = "typed_ast-1.4.3-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:b9574c6f03f685070d859e75c7f9eeca02d6933273b5e69572e5ff9d5e3931c3"}, - {file = "typed_ast-1.4.3-cp39-cp39-win32.whl", hash = "sha256:209596a4ec71d990d71d5e0d312ac935d86930e6eecff6ccc7007fe54d703808"}, - {file = "typed_ast-1.4.3-cp39-cp39-win_amd64.whl", hash = "sha256:9c6d1a54552b5330bc657b7ef0eae25d00ba7ffe85d9ea8ae6540d2197a3788c"}, - {file = "typed_ast-1.4.3.tar.gz", hash = "sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65"}, -] typing-extensions = [ {file = "typing_extensions-3.10.0.0-py2-none-any.whl", hash = "sha256:0ac0f89795dd19de6b97debb0c6af1c70987fd80a2d62d1958f7e56fcc31b497"}, {file = "typing_extensions-3.10.0.0-py3-none-any.whl", hash = "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84"}, {file = "typing_extensions-3.10.0.0.tar.gz", hash = "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342"}, ] -unittest2 = [ - {file = "unittest2-1.1.0-py2.py3-none-any.whl", hash = "sha256:13f77d0875db6d9b435e1d4f41e74ad4cc2eb6e1d5c824996092b3430f088bb8"}, - {file = "unittest2-1.1.0.tar.gz", hash = "sha256:22882a0e418c284e1f718a822b3b022944d53d2d908e1690b319a9d3eb2c0579"}, -] urllib3 = [ - {file = "urllib3-1.26.4-py2.py3-none-any.whl", hash = "sha256:2f4da4594db7e1e110a944bb1b551fdf4e6c136ad42e4234131391e21eb5b0df"}, - {file = "urllib3-1.26.4.tar.gz", hash = "sha256:e7b021f7241115872f92f43c6508082facffbd1c048e3c6e2bb9c2a157e28937"}, + {file = "urllib3-1.26.6-py2.py3-none-any.whl", hash = "sha256:39fb8672126159acb139a7718dd10806104dec1e2f0f6c88aab05d17df10c8d4"}, + {file = "urllib3-1.26.6.tar.gz", hash = "sha256:f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f"}, ] vine = [ {file = "vine-5.0.0-py2.py3-none-any.whl", hash = "sha256:4c9dceab6f76ed92105027c49c823800dd33cacce13bdedc5b914e3514b7fb30"}, @@ -2245,6 +2232,10 @@ waitress = [ {file = "waitress-2.0.0-py3-none-any.whl", hash = "sha256:29af5a53e9fb4e158f525367678b50053808ca6c21ba585754c77d790008c746"}, {file = "waitress-2.0.0.tar.gz", hash = "sha256:69e1f242c7f80273490d3403c3976f3ac3b26e289856936d1f620ed48f321897"}, ] +wcwidth = [ + {file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"}, + {file = "wcwidth-0.2.5.tar.gz", hash = "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"}, +] webob = [ {file = "WebOb-1.8.7-py2.py3-none-any.whl", hash = "sha256:73aae30359291c14fa3b956f8b5ca31960e420c28c1bec002547fb04928cf89b"}, {file = "WebOb-1.8.7.tar.gz", hash = "sha256:b64ef5141be559cfade448f044fa45c2260351edcb6a8ef6b7e00c7dcef0c323"}, diff --git a/libs/skyline-policy-manager/pyproject.toml b/libs/skyline-policy-manager/pyproject.toml index a6e8e2a..ef2307d 100644 --- a/libs/skyline-policy-manager/pyproject.toml +++ b/libs/skyline-policy-manager/pyproject.toml @@ -14,12 +14,13 @@ click = "*" skyline-log = "*" [tool.poetry.dev-dependencies] -pytest = "*" -mypy = "*" -black = "^20.8b1" isort = "*" -flake8 = "*" +black = "^21.5b1" add-trailing-comma = "*" +flake8 = "*" +mypy = "*" +pytest = "*" +pytest-xdist = {extras = ["psutil"], version = "*"} skyline-log = {path = "../skyline-log", develop = true} "oslo.log" = "*" neutron-lib = "*" @@ -27,38 +28,6 @@ neutron-lib = "*" [tool.poetry.scripts] skyline-policy-manager = "skyline_policy_manager.cmd.manage:main" -[tool.black] -line-length = 98 -target-version = ['py38'] -include = '\.pyi?$' -exclude = ''' -( - /( - \.eggs - | \.git - | \.hg - | \.mypy_cache - | \.tox - | \.venv - | _build - | buck-out - | build - | dist - )/ - | exclude.py -) -''' -verbos = true - -[tool.isort] -multi_line_output = 3 -include_trailing_comma = true -force_grid_wrap = 0 -use_parentheses = true -line_length = 98 -reverse_relative = true -combine_as_imports = true - [build-system] requires = ["poetry-core>=1.0.0"] build-backend = "poetry.core.masonry.api" diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/__init__.py b/libs/skyline-policy-manager/skyline_policy_manager/__init__.py similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/__init__.py rename to libs/skyline-policy-manager/skyline_policy_manager/__init__.py diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/__main__.py b/libs/skyline-policy-manager/skyline_policy_manager/__main__.py similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/__main__.py rename to libs/skyline-policy-manager/skyline_policy_manager/__main__.py diff --git a/libs/skyline-policy-manager/skyline_policy_manager/cmd/__init__.py b/libs/skyline-policy-manager/skyline_policy_manager/cmd/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/cmd/manage.py b/libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py similarity index 99% rename from libs/skyline-policy-manager/src/skyline_policy_manager/cmd/manage.py rename to libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py index 8b9dd9a..37bfb8b 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/cmd/manage.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py @@ -36,7 +36,7 @@ SUPPORTED_SERVICE_EPS = { "heat": ["heat"], "ironic": ["ironic.api", "ironic_inspector.api"], "keystone": ["keystone"], - "neutron": ["neutron", "neutron-fwaas", "neutron-vpnaas"], + "neutron": ["neutron", "neutron-vpnaas"], "nova": ["nova"], "octavia": ["octavia"], "panko": ["panko"], diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/__init__.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/__init__.py similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/__init__.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/__init__.py diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/base.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/base.py similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/base.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/base.py diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/cinder.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/cinder.py similarity index 72% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/cinder.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/cinder.py index 7f887b1..e27899a 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/cinder.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/cinder.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -9,8 +11,7 @@ list_rules = ( base.Rule( name="admin_or_owner", check_str=( - "is_admin:True or (role:admin and is_admin_project:True) or " - "project_id:%(project_id)s" + "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s" ), description="Default rule for most non-Admin APIs.", ), @@ -22,15 +23,16 @@ list_rules = ( base.Rule( name="system_or_domain_or_project_admin", check_str=( - "(role:admin and system_scope:all) " - "or (role:admin and domain_id:%(domain_id)s) " - "or (role:admin and project_id:%(project_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(domain_id)s) or (role:admin and project_id:%(project_id)s)" ), description="Default rule for admins of cloud, domain or a project.", ), base.APIRule( name="volume:attachment_create", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create attachment.", scope_types=["project"], operations=[{"method": "POST", "path": "/attachments"}], @@ -38,6 +40,9 @@ list_rules = ( base.APIRule( name="volume:attachment_update", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update attachment.", scope_types=["project"], operations=[{"method": "PUT", "path": "/attachments/{attachment_id}"}], @@ -45,6 +50,9 @@ list_rules = ( base.APIRule( name="volume:attachment_delete", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete attachment.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/attachments/{attachment_id}"}], @@ -52,15 +60,21 @@ list_rules = ( base.APIRule( name="volume:attachment_complete", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Mark a volume attachment process as completed (in-use)", scope_types=["project"], operations=[ - {"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"}, + {"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"} ], ), base.APIRule( name="volume:multiattach_bootable_volume", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Allow multiattach of bootable volumes.", scope_types=["project"], operations=[{"method": "POST", "path": "/attachments"}], @@ -68,6 +82,9 @@ list_rules = ( base.APIRule( name="message:get_all", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List messages.", scope_types=["project"], operations=[{"method": "GET", "path": "/messages"}], @@ -75,6 +92,9 @@ list_rules = ( base.APIRule( name="message:get", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show message.", scope_types=["project"], operations=[{"method": "GET", "path": "/messages/{message_id}"}], @@ -82,6 +102,7 @@ list_rules = ( base.APIRule( name="message:delete", check_str=("rule:admin_or_owner"), + basic_check_str=("role:admin"), description="Delete message.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/messages/{message_id}"}], @@ -89,6 +110,7 @@ list_rules = ( base.APIRule( name="clusters:get_all", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List clusters.", scope_types=["project"], operations=[ @@ -99,6 +121,7 @@ list_rules = ( base.APIRule( name="clusters:get", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="Show cluster.", scope_types=["project"], operations=[{"method": "GET", "path": "/clusters/{cluster_id}"}], @@ -106,6 +129,7 @@ list_rules = ( base.APIRule( name="clusters:update", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Update cluster.", scope_types=["project"], operations=[{"method": "PUT", "path": "/clusters/{cluster_id}"}], @@ -113,6 +137,7 @@ list_rules = ( base.APIRule( name="workers:cleanup", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Clean up workers.", scope_types=["project"], operations=[{"method": "POST", "path": "/workers/cleanup"}], @@ -120,6 +145,9 @@ list_rules = ( base.APIRule( name="volume:get_snapshot_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show snapshot's metadata or one specified metadata with a given key.", scope_types=["project"], operations=[ @@ -130,6 +158,9 @@ list_rules = ( base.APIRule( name="volume:update_snapshot_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update snapshot's metadata or one specified metadata with a given key.", scope_types=["project"], operations=[ @@ -140,6 +171,9 @@ list_rules = ( base.APIRule( name="volume:delete_snapshot_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete snapshot's specified metadata with a given key.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], @@ -147,6 +181,9 @@ list_rules = ( base.APIRule( name="volume:get_all_snapshots", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List snapshots.", scope_types=["project"], operations=[ @@ -157,6 +194,9 @@ list_rules = ( base.APIRule( name="volume_extension:extended_snapshot_attributes", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List or show snapshots with extended attributes.", scope_types=["project"], operations=[ @@ -167,6 +207,9 @@ list_rules = ( base.APIRule( name="volume:create_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create snapshot.", scope_types=["project"], operations=[{"method": "POST", "path": "/snapshots"}], @@ -174,6 +217,9 @@ list_rules = ( base.APIRule( name="volume:get_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show snapshot.", scope_types=["project"], operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}"}], @@ -181,6 +227,9 @@ list_rules = ( base.APIRule( name="volume:update_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update snapshot.", scope_types=["project"], operations=[{"method": "PUT", "path": "/snapshots/{snapshot_id}"}], @@ -188,6 +237,9 @@ list_rules = ( base.APIRule( name="volume:delete_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete snapshot.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}"}], @@ -195,36 +247,37 @@ list_rules = ( base.APIRule( name="volume_extension:snapshot_admin_actions:reset_status", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Reset status of a snapshot.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"}, + {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"} ], ), base.APIRule( name="snapshot_extension:snapshot_actions:update_snapshot_status", check_str=(""), + basic_check_str=("@"), description="Update database fields of snapshot.", scope_types=["project"], operations=[ - { - "method": "POST", - "path": "/snapshots/{snapshot_id}/action (update_snapshot_status)", - }, + {"method": "POST", "path": "/snapshots/{snapshot_id}/action (update_snapshot_status)"} ], ), base.APIRule( name="volume_extension:snapshot_admin_actions:force_delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Force delete a snapshot.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"}, + {"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"} ], ), base.APIRule( name="snapshot_extension:list_manageable", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List (in detail) of snapshots which are available to manage.", scope_types=["project"], operations=[ @@ -235,6 +288,7 @@ list_rules = ( base.APIRule( name="snapshot_extension:snapshot_manage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Manage an existing snapshot.", scope_types=["project"], operations=[{"method": "POST", "path": "/manageable_snapshots"}], @@ -242,6 +296,7 @@ list_rules = ( base.APIRule( name="snapshot_extension:snapshot_unmanage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Stop managing a snapshot.", scope_types=["project"], operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-unmanage)"}], @@ -249,6 +304,9 @@ list_rules = ( base.APIRule( name="backup:get_all", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List backups.", scope_types=["project"], operations=[ @@ -259,6 +317,7 @@ list_rules = ( base.APIRule( name="backup:backup_project_attribute", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List backups or show backup with project attributes.", scope_types=["project"], operations=[ @@ -269,6 +328,9 @@ list_rules = ( base.APIRule( name="backup:create", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups"}], @@ -276,6 +338,9 @@ list_rules = ( base.APIRule( name="backup:get", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show backup.", scope_types=["project"], operations=[{"method": "GET", "path": "/backups/{backup_id}"}], @@ -283,6 +348,9 @@ list_rules = ( base.APIRule( name="backup:update", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update backup.", scope_types=["project"], operations=[{"method": "PUT", "path": "/backups/{backup_id}"}], @@ -290,6 +358,9 @@ list_rules = ( base.APIRule( name="backup:delete", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete backup.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/backups/{backup_id}"}], @@ -297,6 +368,9 @@ list_rules = ( base.APIRule( name="backup:restore", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Restore backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups/{backup_id}/restore"}], @@ -304,6 +378,7 @@ list_rules = ( base.APIRule( name="backup:backup-import", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Import backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups/{backup_id}/import_record"}], @@ -311,6 +386,7 @@ list_rules = ( base.APIRule( name="backup:export-import", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Export backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups/{backup_id}/export_record"}], @@ -318,6 +394,7 @@ list_rules = ( base.APIRule( name="volume_extension:backup_admin_actions:reset_status", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Reset status of a backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups/{backup_id}/action (os-reset_status)"}], @@ -325,6 +402,7 @@ list_rules = ( base.APIRule( name="volume_extension:backup_admin_actions:force_delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Force delete a backup.", scope_types=["project"], operations=[{"method": "POST", "path": "/backups/{backup_id}/action (os-force_delete)"}], @@ -332,6 +410,9 @@ list_rules = ( base.APIRule( name="group:get_all", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List groups.", scope_types=["project"], operations=[ @@ -342,6 +423,9 @@ list_rules = ( base.APIRule( name="group:create", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create group.", scope_types=["project"], operations=[{"method": "POST", "path": "/groups"}], @@ -349,6 +433,9 @@ list_rules = ( base.APIRule( name="group:get", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show group.", scope_types=["project"], operations=[{"method": "GET", "path": "/groups/{group_id}"}], @@ -356,6 +443,9 @@ list_rules = ( base.APIRule( name="group:update", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update group.", scope_types=["project"], operations=[{"method": "PUT", "path": "/groups/{group_id}"}], @@ -363,6 +453,7 @@ list_rules = ( base.APIRule( name="group:group_project_attribute", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List groups or show group with project attributes.", scope_types=["project"], operations=[ @@ -373,6 +464,7 @@ list_rules = ( base.APIRule( name="group:group_types_manage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Create, update or delete a group type.", scope_types=["project"], operations=[ @@ -384,6 +476,7 @@ list_rules = ( base.APIRule( name="group:access_group_types_specs", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="Show group type with type specs attributes.", scope_types=["project"], operations=[{"method": "GET", "path": "/group_types/{group_type_id}"}], @@ -391,6 +484,7 @@ list_rules = ( base.APIRule( name="group:group_types_specs", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Create, show, update and delete group type spec.", scope_types=["project"], operations=[ @@ -404,6 +498,9 @@ list_rules = ( base.APIRule( name="group:get_all_group_snapshots", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List group snapshots.", scope_types=["project"], operations=[ @@ -414,6 +511,9 @@ list_rules = ( base.APIRule( name="group:create_group_snapshot", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create group snapshot.", scope_types=["project"], operations=[{"method": "POST", "path": "/group_snapshots"}], @@ -421,6 +521,9 @@ list_rules = ( base.APIRule( name="group:get_group_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show group snapshot.", scope_types=["project"], operations=[{"method": "GET", "path": "/group_snapshots/{group_snapshot_id}"}], @@ -428,6 +531,9 @@ list_rules = ( base.APIRule( name="group:delete_group_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete group snapshot.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/group_snapshots/{group_snapshot_id}"}], @@ -435,6 +541,9 @@ list_rules = ( base.APIRule( name="group:update_group_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update group snapshot.", scope_types=["project"], operations=[{"method": "PUT", "path": "/group_snapshots/{group_snapshot_id}"}], @@ -442,6 +551,7 @@ list_rules = ( base.APIRule( name="group:group_snapshot_project_attribute", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List group snapshots or show group snapshot with project attributes.", scope_types=["project"], operations=[ @@ -452,15 +562,19 @@ list_rules = ( base.APIRule( name="group:reset_group_snapshot_status", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Reset status of group snapshot.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"}, + {"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"} ], ), base.APIRule( name="group:delete", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete group.", scope_types=["project"], operations=[{"method": "POST", "path": "/groups/{group_id}/action (delete)"}], @@ -468,6 +582,7 @@ list_rules = ( base.APIRule( name="group:reset_status", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Reset status of group.", scope_types=["project"], operations=[{"method": "POST", "path": "/groups/{group_id}/action (reset_status)"}], @@ -475,6 +590,9 @@ list_rules = ( base.APIRule( name="group:enable_replication", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Enable replication.", scope_types=["project"], operations=[{"method": "POST", "path": "/groups/{group_id}/action (enable_replication)"}], @@ -482,33 +600,43 @@ list_rules = ( base.APIRule( name="group:disable_replication", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Disable replication.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"}, + {"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"} ], ), base.APIRule( name="group:failover_replication", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Fail over replication.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"}, + {"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"} ], ), base.APIRule( name="group:list_replication_targets", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="List failover replication.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"}, + {"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"} ], ), base.APIRule( name="volume_extension:qos_specs_manage:get_all", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List qos specs or list all associations.", scope_types=["project"], operations=[ @@ -519,6 +647,7 @@ list_rules = ( base.APIRule( name="volume_extension:qos_specs_manage:get", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="Show qos specs.", scope_types=["project"], operations=[{"method": "GET", "path": "/qos-specs/{qos_id}"}], @@ -526,6 +655,7 @@ list_rules = ( base.APIRule( name="volume_extension:qos_specs_manage:create", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Create qos specs.", scope_types=["project"], operations=[{"method": "POST", "path": "/qos-specs"}], @@ -533,6 +663,7 @@ list_rules = ( base.APIRule( name="volume_extension:qos_specs_manage:update", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Update qos specs (including updating association).", scope_types=["project"], operations=[ @@ -545,6 +676,7 @@ list_rules = ( base.APIRule( name="volume_extension:qos_specs_manage:delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="delete qos specs or unset one specified qos key.", scope_types=["project"], operations=[ @@ -555,6 +687,7 @@ list_rules = ( base.APIRule( name="volume_extension:quota_classes", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Show or update project quota class.", scope_types=["project"], operations=[ @@ -565,6 +698,9 @@ list_rules = ( base.APIRule( name="volume_extension:quotas:show", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show project quota (including usage and default).", scope_types=["project"], operations=[ @@ -576,6 +712,7 @@ list_rules = ( base.APIRule( name="volume_extension:quotas:update", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Update project quota.", scope_types=["project"], operations=[{"method": "PUT", "path": "/os-quota-sets/{project_id}"}], @@ -583,6 +720,7 @@ list_rules = ( base.APIRule( name="volume_extension:quotas:delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Delete project quota.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/os-quota-sets/{project_id}"}], @@ -590,6 +728,7 @@ list_rules = ( base.APIRule( name="volume_extension:capabilities", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="Show backend capabilities.", scope_types=["project"], operations=[{"method": "GET", "path": "/capabilities/{host_name}"}], @@ -597,6 +736,7 @@ list_rules = ( base.APIRule( name="volume_extension:services:index", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List all services.", scope_types=["project"], operations=[{"method": "GET", "path": "/os-services"}], @@ -604,14 +744,15 @@ list_rules = ( base.APIRule( name="volume_extension:services:update", check_str=("rule:admin_api"), - description="Update service, including failover_host, thaw, freeze, " - "disable, enable, set-log and get-log actions.", + basic_check_str=("role:admin"), + description="Update service, including failover_host, thaw, freeze, disable, enable, set-log and get-log actions.", scope_types=["project"], operations=[{"method": "PUT", "path": "/os-services/{action}"}], ), base.APIRule( name="volume:freeze_host", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Freeze a backend host.", scope_types=["project"], operations=[{"method": "PUT", "path": "/os-services/freeze"}], @@ -619,6 +760,7 @@ list_rules = ( base.APIRule( name="volume:thaw_host", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Thaw a backend host.", scope_types=["project"], operations=[{"method": "PUT", "path": "/os-services/thaw"}], @@ -626,6 +768,7 @@ list_rules = ( base.APIRule( name="volume:failover_host", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Failover a backend host.", scope_types=["project"], operations=[{"method": "PUT", "path": "/os-services/failover_host"}], @@ -633,6 +776,7 @@ list_rules = ( base.APIRule( name="scheduler_extension:scheduler_stats:get_pools", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List all backend pools.", scope_types=["project"], operations=[{"method": "GET", "path": "/scheduler-stats/get_pools"}], @@ -640,6 +784,7 @@ list_rules = ( base.APIRule( name="volume_extension:hosts", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="List, update or show hosts for a project.", scope_types=["project"], operations=[ @@ -651,6 +796,9 @@ list_rules = ( base.APIRule( name="limits_extension:used_limits", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show limits with used limit attributes.", scope_types=["project"], operations=[{"method": "GET", "path": "/limits"}], @@ -658,6 +806,7 @@ list_rules = ( base.APIRule( name="volume_extension:list_manageable", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List (in detail) of volumes which are available to manage.", scope_types=["project"], operations=[ @@ -668,6 +817,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_manage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Manage existing volumes.", scope_types=["project"], operations=[{"method": "POST", "path": "/manageable_volumes"}], @@ -675,6 +825,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_unmanage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Stop managing a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-unmanage)"}], @@ -682,6 +833,7 @@ list_rules = ( base.APIRule( name="volume_extension:types_manage", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Create, update and delete volume type.", scope_types=["project"], operations=[ @@ -693,6 +845,9 @@ list_rules = ( base.APIRule( name="volume_extension:type_get", check_str=(""), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get one specific volume type.", scope_types=["project"], operations=[{"method": "GET", "path": "/types/{type_id}"}], @@ -700,6 +855,9 @@ list_rules = ( base.APIRule( name="volume_extension:type_get_all", check_str=(""), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List volume types.", scope_types=["project"], operations=[{"method": "GET", "path": "/types/"}], @@ -707,12 +865,8 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_encryption", check_str=("rule:admin_api"), - description="Base policy for all volume type encryption type " - "operations. This can be used to set the policies for " - "a volume type's encryption type create, show, update, " - "and delete actions in one place, or any of those may be " - "set individually using the following policy targets for " - "finer grained control.", + basic_check_str=("role:admin"), + description="Base policy for all volume type encryption type operations. This can be used to set the policies for a volume type's encryption type create, show, update, and delete actions in one place, or any of those may be set individually using the following policy targets for finer grained control.", scope_types=["project"], operations=[ {"method": "POST", "path": "/types/{type_id}/encryption"}, @@ -725,6 +879,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_encryption:create", check_str=("rule:volume_extension:volume_type_encryption"), + basic_check_str=("role:admin"), description="Create volume type encryption.", scope_types=["project"], operations=[{"method": "POST", "path": "/types/{type_id}/encryption"}], @@ -732,6 +887,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_encryption:get", check_str=("rule:volume_extension:volume_type_encryption"), + basic_check_str=("role:admin or role:reader"), description="Show a volume type's encryption type, show an encryption specs item.", scope_types=["project"], operations=[ @@ -742,6 +898,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_encryption:update", check_str=("rule:volume_extension:volume_type_encryption"), + basic_check_str=("role:admin"), description="Update volume type encryption.", scope_types=["project"], operations=[{"method": "PUT", "path": "/types/{type_id}/encryption/{encryption_id}"}], @@ -749,6 +906,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_encryption:delete", check_str=("rule:volume_extension:volume_type_encryption"), + basic_check_str=("role:admin"), description="Delete volume type encryption.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/types/{type_id}/encryption/{encryption_id}"}], @@ -756,6 +914,9 @@ list_rules = ( base.APIRule( name="volume_extension:access_types_extra_specs", check_str=("rule:admin_api"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List or show volume type with access type extra specs attribute.", scope_types=["project"], operations=[ @@ -766,6 +927,7 @@ list_rules = ( base.APIRule( name="volume_extension:access_types_qos_specs_id", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List or show volume type with access type qos specs id attribute.", scope_types=["project"], operations=[ @@ -776,6 +938,9 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_access", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Volume type access related APIs.", scope_types=["project"], operations=[ @@ -788,6 +953,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_access:addProjectAccess", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Add volume type access for project.", scope_types=["project"], operations=[{"method": "POST", "path": "/types/{type_id}/action (addProjectAccess)"}], @@ -795,6 +961,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_type_access:removeProjectAccess", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Remove volume type access for project.", scope_types=["project"], operations=[{"method": "POST", "path": "/types/{type_id}/action (removeProjectAccess)"}], @@ -802,6 +969,9 @@ list_rules = ( base.APIRule( name="volume:extend", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Extend a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-extend)"}], @@ -809,6 +979,9 @@ list_rules = ( base.APIRule( name="volume:extend_attached_volume", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Extend a attached volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-extend)"}], @@ -816,6 +989,9 @@ list_rules = ( base.APIRule( name="volume:revert_to_snapshot", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Revert a volume to a snapshot.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (revert)"}], @@ -823,6 +999,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_admin_actions:reset_status", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Reset status of a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reset_status)"}], @@ -830,6 +1007,9 @@ list_rules = ( base.APIRule( name="volume:retype", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Retype a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-retype)"}], @@ -837,15 +1017,19 @@ list_rules = ( base.APIRule( name="volume:update_readonly_flag", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a volume's readonly flag.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"} ], ), base.APIRule( name="volume_extension:volume_admin_actions:force_delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Force delete a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-force_delete)"}], @@ -853,24 +1037,29 @@ list_rules = ( base.APIRule( name="volume_extension:volume_actions:upload_public", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Upload a volume to image with public visibility.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"} ], ), base.APIRule( name="volume_extension:volume_actions:upload_image", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Upload a volume to image.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"} ], ), base.APIRule( name="volume_extension:volume_admin_actions:force_detach", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Force detach a volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-force_detach)"}], @@ -878,54 +1067,68 @@ list_rules = ( base.APIRule( name="volume_extension:volume_admin_actions:migrate_volume", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="migrate a volume to a specified host.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"} ], ), base.APIRule( name="volume_extension:volume_admin_actions:migrate_volume_completion", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Complete a volume migration.", scope_types=["project"], operations=[ { "method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume_completion)", - }, + } ], ), base.APIRule( name="volume_extension:volume_actions:initialize_connection", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Initialize volume attachment.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"} ], ), base.APIRule( name="volume_extension:volume_actions:terminate_connection", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Terminate volume attachment.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"} ], ), base.APIRule( name="volume_extension:volume_actions:roll_detaching", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Roll back volume status to 'in-use'.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"} ], ), base.APIRule( name="volume_extension:volume_actions:reserve", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Mark volume as reserved.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reserve)"}], @@ -933,6 +1136,9 @@ list_rules = ( base.APIRule( name="volume_extension:volume_actions:unreserve", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Unmark volume as reserved.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-unreserve)"}], @@ -940,15 +1146,21 @@ list_rules = ( base.APIRule( name="volume_extension:volume_actions:begin_detaching", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Begin detach volumes.", scope_types=["project"], operations=[ - {"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"}, + {"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"} ], ), base.APIRule( name="volume_extension:volume_actions:attach", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Add attachment metadata.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-attach)"}], @@ -956,6 +1168,9 @@ list_rules = ( base.APIRule( name="volume_extension:volume_actions:detach", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Clear attachment metadata.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-detach)"}], @@ -963,6 +1178,9 @@ list_rules = ( base.APIRule( name="volume:get_all_transfers", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List volume transfer.", scope_types=["project"], operations=[ @@ -975,6 +1193,9 @@ list_rules = ( base.APIRule( name="volume:create_transfer", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a volume transfer.", scope_types=["project"], operations=[ @@ -985,6 +1206,9 @@ list_rules = ( base.APIRule( name="volume:get_transfer", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show one specified volume transfer.", scope_types=["project"], operations=[ @@ -995,6 +1219,7 @@ list_rules = ( base.APIRule( name="volume:accept_transfer", check_str=(""), + basic_check_str=("@"), description="Accept a volume transfer.", scope_types=["project"], operations=[ @@ -1005,6 +1230,9 @@ list_rules = ( base.APIRule( name="volume:delete_transfer", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete volume transfer.", scope_types=["project"], operations=[ @@ -1015,6 +1243,9 @@ list_rules = ( base.APIRule( name="volume:get_volume_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show volume's metadata or one specified metadata with a given key.", scope_types=["project"], operations=[ @@ -1025,6 +1256,9 @@ list_rules = ( base.APIRule( name="volume:create_volume_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create volume metadata.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes/{volume_id}/metadata"}], @@ -1032,6 +1266,9 @@ list_rules = ( base.APIRule( name="volume:update_volume_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update volume's metadata or one specified metadata with a given key.", scope_types=["project"], operations=[ @@ -1042,6 +1279,9 @@ list_rules = ( base.APIRule( name="volume:delete_volume_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete volume's specified metadata with a given key.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/volumes/{volume_id}/metadata/{key}"}], @@ -1049,8 +1289,10 @@ list_rules = ( base.APIRule( name="volume_extension:volume_image_metadata", check_str=("rule:admin_or_owner"), - description="Volume's image metadata related operation, " - "create, delete, show and list.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Volume's image metadata related operation, create, delete, show and list.", scope_types=["project"], operations=[ {"method": "GET", "path": "/volumes/detail"}, @@ -1062,8 +1304,8 @@ list_rules = ( base.APIRule( name="volume:update_volume_admin_metadata", check_str=("rule:admin_api"), - description="Update volume admin metadata. " - "It's used in `attach` and `os-update_readonly_flag` APIs", + basic_check_str=("role:admin"), + description="Update volume admin metadata. It's used in `attach` and `os-update_readonly_flag` APIs", scope_types=["project"], operations=[ {"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"}, @@ -1073,6 +1315,7 @@ list_rules = ( base.APIRule( name="volume_extension:types_extra_specs:index", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List type extra specs.", scope_types=["project"], operations=[{"method": "GET", "path": "/types/{type_id}/extra_specs"}], @@ -1080,6 +1323,7 @@ list_rules = ( base.APIRule( name="volume_extension:types_extra_specs:create", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Create type extra specs.", scope_types=["project"], operations=[{"method": "POST", "path": "/types/{type_id}/extra_specs"}], @@ -1087,6 +1331,7 @@ list_rules = ( base.APIRule( name="volume_extension:types_extra_specs:show", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="Show one specified type extra specs.", scope_types=["project"], operations=[{"method": "GET", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], @@ -1094,6 +1339,7 @@ list_rules = ( base.APIRule( name="volume_extension:types_extra_specs:update", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Update type extra specs.", scope_types=["project"], operations=[{"method": "PUT", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], @@ -1101,15 +1347,19 @@ list_rules = ( base.APIRule( name="volume_extension:types_extra_specs:delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin"), description="Delete type extra specs.", scope_types=["project"], operations=[ - {"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}, + {"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"} ], ), base.APIRule( name="volume:create", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes"}], @@ -1117,6 +1367,9 @@ list_rules = ( base.APIRule( name="volume:create_from_image", check_str=(""), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create volume from image.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes"}], @@ -1124,6 +1377,9 @@ list_rules = ( base.APIRule( name="volume:get", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show volume.", scope_types=["project"], operations=[{"method": "GET", "path": "/volumes/{volume_id}"}], @@ -1131,6 +1387,9 @@ list_rules = ( base.APIRule( name="volume:get_all", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List volumes or get summary of volumes.", scope_types=["project"], operations=[ @@ -1142,6 +1401,9 @@ list_rules = ( base.APIRule( name="volume:update", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update volume or update a volume's bootable status.", scope_types=["project"], operations=[ @@ -1152,6 +1414,9 @@ list_rules = ( base.APIRule( name="volume:delete", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete volume.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/volumes/{volume_id}"}], @@ -1159,6 +1424,7 @@ list_rules = ( base.APIRule( name="volume:force_delete", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Force Delete a volume.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/volumes/{volume_id}"}], @@ -1166,6 +1432,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_host_attribute", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader"), description="List or show volume with host attribute.", scope_types=["project"], operations=[ @@ -1176,6 +1443,9 @@ list_rules = ( base.APIRule( name="volume_extension:volume_tenant_attribute", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List or show volume with tenant attribute.", scope_types=["project"], operations=[ @@ -1186,6 +1456,7 @@ list_rules = ( base.APIRule( name="volume_extension:volume_mig_status_attribute", check_str=("rule:admin_api"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s"), description="List or show volume with migration status attribute.", scope_types=["project"], operations=[ @@ -1196,6 +1467,9 @@ list_rules = ( base.APIRule( name="volume_extension:volume_encryption_metadata", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show volume's encryption metadata.", scope_types=["project"], operations=[ @@ -1206,6 +1480,9 @@ list_rules = ( base.APIRule( name="volume:multiattach", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create multiattach capable volume.", scope_types=["project"], operations=[{"method": "POST", "path": "/volumes"}], @@ -1213,6 +1490,7 @@ list_rules = ( base.APIRule( name="volume_extension:default_set_or_update", check_str=("rule:system_or_domain_or_project_admin"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Set or update default volume type.", scope_types=["system"], operations=[{"method": "PUT", "path": "/default-types"}], @@ -1220,6 +1498,7 @@ list_rules = ( base.APIRule( name="volume_extension:default_get", check_str=("rule:system_or_domain_or_project_admin"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Get default types.", scope_types=["system"], operations=[{"method": "GET", "path": "/default-types/{project-id}"}], @@ -1227,15 +1506,15 @@ list_rules = ( base.APIRule( name="volume_extension:default_get_all", check_str=("role:admin and system_scope:all"), - description="Get all default types. " - "WARNING: Changing this might open up too much " - "information regarding cloud deployment.", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="Get all default types. WARNING: Changing this might open up too much information regarding cloud deployment.", scope_types=["system"], operations=[{"method": "GET", "path": "/default-types/"}], ), base.APIRule( name="volume_extension:default_unset", check_str=("rule:system_or_domain_or_project_admin"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Unset default type.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/default-types/{project-id}"}], diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/glance.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/glance.py similarity index 75% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/glance.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/glance.py index e31d816..d485313 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/glance.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/glance.py @@ -1,12 +1,12 @@ +# flake8: noqa + from . import base list_rules = ( base.Rule( name="default", check_str=(""), - description="Defines the default rule used for policies that " - "historically had an empty policy in the supplied " - "policy.json file.", + description="Defines the default rule used for policies that historically had an empty policy in the supplied policy.json file.", ), base.Rule( name="context_is_admin", @@ -161,6 +161,7 @@ list_rules = ( base.APIRule( name="add_image", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Create new image", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/images"}], @@ -168,17 +169,15 @@ list_rules = ( base.APIRule( name="delete_image", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Deletes the image", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/v2/images/{image_id}"}], ), base.APIRule( name="get_image", - check_str=( - "role:admin or (role:reader and (project_id:%(project_id)s or " - 'project_id:%(member_id)s or "community":%(visibility)s or ' - '"public":%(visibility)s)) ' - ), + check_str=("role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"), + basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), description="Get specified image", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images/{image_id}"}], @@ -186,6 +185,7 @@ list_rules = ( base.APIRule( name="get_images", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), description="Get all available images", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images"}], @@ -193,6 +193,7 @@ list_rules = ( base.APIRule( name="modify_image", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Updates given image", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], @@ -200,6 +201,7 @@ list_rules = ( base.APIRule( name="publicize_image", check_str=("role:admin"), + basic_check_str=("role:admin"), description="Publicize given image", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], @@ -207,17 +209,15 @@ list_rules = ( base.APIRule( name="communitize_image", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("!"), description="Communitize given image", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], ), base.APIRule( name="download_image", - check_str=( - "role:admin or (role:member and (project_id:%(project_id)s or " - 'project_id:%(member_id)s or "community":%(visibility)s or ' - '"public":%(visibility)s)) ' - ), + check_str=("role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or \"community\":%(visibility)s or \"public\":%(visibility)s))"), + basic_check_str=("role:admin or role:admin or role:member"), description="Downloads given image", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images/{image_id}/file"}], @@ -225,6 +225,7 @@ list_rules = ( base.APIRule( name="upload_image", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Uploads data to specified image", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/v2/images/{image_id}/file"}], @@ -232,6 +233,7 @@ list_rules = ( base.APIRule( name="delete_image_location", check_str=("role:admin"), + basic_check_str=("role:admin"), description="Deletes the location of given image", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], @@ -239,6 +241,7 @@ list_rules = ( base.APIRule( name="get_image_location", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), description="Reads the location of the image", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images/{image_id}"}], @@ -246,6 +249,7 @@ list_rules = ( base.APIRule( name="set_image_location", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin"), description="Sets location URI to given image", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], @@ -253,6 +257,7 @@ list_rules = ( base.APIRule( name="add_member", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Create image member", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/images/{image_id}/members"}], @@ -260,6 +265,7 @@ list_rules = ( base.APIRule( name="delete_member", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Delete image member", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/v2/images/{image_id}/members/{member_id}"}], @@ -267,6 +273,7 @@ list_rules = ( base.APIRule( name="get_member", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), description="Show image member details", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images/{image_id}/members/{member_id}"}], @@ -274,6 +281,7 @@ list_rules = ( base.APIRule( name="get_members", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin or role:member or role:reader"), description="List image members", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/images/{image_id}/members"}], @@ -281,6 +289,7 @@ list_rules = ( base.APIRule( name="modify_member", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Update image member", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/v2/images/{image_id}/members/{member_id}"}], @@ -288,6 +297,7 @@ list_rules = ( base.APIRule( name="deactivate", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Deactivate image", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/images/{image_id}/actions/deactivate"}], @@ -295,6 +305,7 @@ list_rules = ( base.APIRule( name="reactivate", check_str=("role:admin or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin or role:member"), description="Reactivate image", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/images/{image_id}/actions/reactivate"}], @@ -302,6 +313,7 @@ list_rules = ( base.APIRule( name="copy_image", check_str=("role:admin"), + basic_check_str=("@"), description="Copy existing image to other stores", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/images/{image_id}/import"}], @@ -309,54 +321,31 @@ list_rules = ( base.APIRule( name="get_task", check_str=("rule:default"), - description="Get an image task.\n#\n#This granular policy controls " - "access to tasks, both from the tasks API as well\n" - "#as internal locations in Glance that use tasks " - "(like import). Practically this\n#cannot be more " - "restrictive than the policy that controls import or " - "things will\n#break, and changing it from the default " - "is almost certainly not what you want.\n#Access to the " - "external tasks API should be restricted as desired by " - "the\n#tasks_api_access policy. This may change in the " - "future.\n#", + basic_check_str=("!"), + description="Get an image task.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}], ), base.APIRule( name="get_tasks", check_str=("rule:default"), - description="List tasks for all images.\n#\n#This granular policy " - "controls access to tasks, both from the tasks API as " - "well\n#as internal locations in Glance that use tasks (" - "like import). Practically this\n#cannot be more " - "restrictive than the policy that controls import or " - "things will\n#break, and changing it from the default " - "is almost certainly not what you want.\n#Access to the " - "external tasks API should be restricted as desired by " - "the\n#tasks_api_access policy. This may change in the " - "future.\n#", + basic_check_str=("!"), + description="List tasks for all images.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/tasks"}], ), base.APIRule( name="add_task", check_str=("rule:default"), - description="List tasks for all images.\n#\n#This granular policy " - "controls access to tasks, both from the tasks API as " - "well\n#as internal locations in Glance that use tasks (" - "like import). Practically this\n#cannot be more " - "restrictive than the policy that controls import or " - "things will\n#break, and changing it from the default " - "is almost certainly not what you want.\n#Access to the " - "external tasks API should be restricted as desired by " - "the\n#tasks_api_access policy. This may change in the " - "future.\n#", + basic_check_str=("!"), + description="List tasks for all images.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v2/tasks"}], ), base.APIRule( name="modify_task", check_str=("rule:default"), + basic_check_str=("!"), description="This policy is not used.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/v2/tasks/{task_id}"}], @@ -364,17 +353,10 @@ list_rules = ( base.APIRule( name="tasks_api_access", check_str=("role:admin"), - description="\n#This is a generic blanket policy for protecting all " - "task APIs. It is not\n#granular and will not allow you " - "to separate writable and readable task\n#operations " - "into different roles.\n#", + basic_check_str=("!"), + description="\n#This is a generic blanket policy for protecting all task APIs. It is not\n#granular and will not allow you to separate writable and readable task\n#operations into different roles.\n#", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v2/tasks/{task_id}"}, - {"method": "GET", "path": "/v2/tasks"}, - {"method": "POST", "path": "/v2/tasks"}, - {"method": "DELETE", "path": "/v2/tasks/{task_id}"}, - ], + operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}, {"method": "GET", "path": "/v2/tasks"}, {"method": "POST", "path": "/v2/tasks"}, {"method": "DELETE", "path": "/v2/tasks/{task_id}"}], ), ) diff --git a/libs/skyline-policy-manager/skyline_policy_manager/policies/heat.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/heat.py new file mode 100644 index 0000000..7c04fd0 --- /dev/null +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/heat.py @@ -0,0 +1,664 @@ +# flake8: noqa + +from . import base + +list_rules = ( + base.Rule( + name="context_is_admin", + check_str=("(role:admin and is_admin_project:True) OR (role:admin and system_scope:all)"), + description="Decides what is required for the 'is_admin:True' check to succeed.", + ), + base.Rule( + name="project_admin", + check_str=("role:admin"), + description="Default rule for project admin.", + ), + base.Rule( + name="deny_stack_user", + check_str=("not role:heat_stack_user"), + description="Default rule for deny stack user.", + ), + base.Rule( + name="deny_everybody", + check_str=("!"), + description="Default rule for deny everybody.", + ), + base.Rule( + name="allow_everybody", + check_str=(""), + description="Default rule for allow everybody.", + ), + base.Rule( + name="cloudformation:ListStacks", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:CreateStack", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:DescribeStacks", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:DeleteStack", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:UpdateStack", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:CancelUpdateStack", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:DescribeStackEvents", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:ValidateTemplate", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:GetTemplate", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:EstimateTemplateCost", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:DescribeStackResource", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:DescribeStackResources", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="cloudformation:ListStackResources", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Nova::Flavor", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Cinder::EncryptedVolumeType", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Cinder::VolumeType", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Cinder::Quota", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::Quota", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Nova::Quota", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Octavia::Quota", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Manila::ShareType", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::ProviderNet", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::QoSPolicy", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::QoSBandwidthLimitRule", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::QoSDscpMarkingRule", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::QoSMinimumBandwidthRule", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Neutron::Segment", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Nova::HostAggregate", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Cinder::QoSSpecs", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Cinder::QoSAssociation", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Keystone::*", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Blazar::Host", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Octavia::Flavor", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="resource_types:OS::Octavia::FlavorProfile", + check_str=("rule:project_admin"), + description="No description", + ), + base.Rule( + name="service:index", + check_str=("role:reader and system_scope:all"), + description="No description", + ), + base.APIRule( + name="actions:action", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Performs non-lifecycle operations on the stack (Snapshot, Resume, Cancel update, or check stack resources). This is the default for all actions but can be overridden by more specific policies for individual actions.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:snapshot", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Create stack snapshot", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:suspend", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Suspend a stack.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:resume", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Resume a suspended stack.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:check", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Check stack resources.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:cancel_update", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Cancel stack operation and roll back.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="actions:cancel_without_rollback", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Cancel stack operation without rolling back.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + ), + base.APIRule( + name="build_info:build_info", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("@"), + description="Show build information.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/build_info"}], + ), + base.APIRule( + name="events:index", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List events.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events"}], + ), + base.APIRule( + name="events:show", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show event.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}"}], + ), + base.APIRule( + name="resource:index", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List resources.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources"}], + ), + base.APIRule( + name="resource:metadata", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s or role:heat_stack_user"), + description="Show resource metadata.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/metadata"}], + ), + base.APIRule( + name="resource:signal", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:heat_stack_user"), + description="Signal resource.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/signal"}], + ), + base.APIRule( + name="resource:mark_unhealthy", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Mark resource as unhealthy.", + scope_types=["system", "project"], + operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name_or_physical_id}"}], + ), + base.APIRule( + name="resource:show", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show resource.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}"}], + ), + base.APIRule( + name="software_configs:global_index", + check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), + description="List configs globally.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], + ), + base.APIRule( + name="software_configs:index", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List configs.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], + ), + base.APIRule( + name="software_configs:create", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Create config.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_configs"}], + ), + base.APIRule( + name="software_configs:show", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show config details.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], + ), + base.APIRule( + name="software_configs:delete", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Delete config.", + scope_types=["system", "project"], + operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], + ), + base.APIRule( + name="software_deployments:index", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List deployments.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments"}], + ), + base.APIRule( + name="software_deployments:create", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Create deployment.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_deployments"}], + ), + base.APIRule( + name="software_deployments:show", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show deployment details.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + ), + base.APIRule( + name="software_deployments:update", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Update deployment.", + scope_types=["system", "project"], + operations=[{"method": "PUT", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + ), + base.APIRule( + name="software_deployments:delete", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Delete deployment.", + scope_types=["system", "project"], + operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + ), + base.APIRule( + name="software_deployments:metadata", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s or role:heat_stack_user"), + description="Show server configuration metadata.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments/metadata/{server_id}"}], + ), + base.APIRule( + name="stacks:abandon", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Abandon stack.", + scope_types=["system", "project"], + operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon"}], + ), + base.APIRule( + name="stacks:create", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Create stack.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks"}], + ), + base.APIRule( + name="stacks:delete", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Delete stack.", + scope_types=["system", "project"], + operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + ), + base.APIRule( + name="stacks:detail", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List stacks in detail.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + ), + base.APIRule( + name="stacks:export", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Export stack.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export"}], + ), + base.APIRule( + name="stacks:generate_template", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Generate stack template.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template"}], + ), + base.APIRule( + name="stacks:global_index", + check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), + description="List stacks globally.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + ), + base.APIRule( + name="stacks:index", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List stacks.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + ), + base.APIRule( + name="stacks:list_resource_types", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("@"), + description="List resource types.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types"}], + ), + base.APIRule( + name="stacks:list_template_versions", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("@"), + description="List template versions.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/template_versions"}], + ), + base.APIRule( + name="stacks:list_template_functions", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("@"), + description="List template functions.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/template_versions/{template_version}/functions"}], + ), + base.APIRule( + name="stacks:lookup", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s or role:heat_stack_user"), + description="Find stack.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], + ), + base.APIRule( + name="stacks:preview", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Preview stack.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/preview"}], + ), + base.APIRule( + name="stacks:resource_schema", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("@"), + description="Show resource type schema.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types/{type_name}"}], + ), + base.APIRule( + name="stacks:show", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show stack.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], + ), + base.APIRule( + name="stacks:template", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Get stack template.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template"}], + ), + base.APIRule( + name="stacks:environment", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Get stack environment.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/environment"}], + ), + base.APIRule( + name="stacks:files", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Get stack files.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/files"}], + ), + base.APIRule( + name="stacks:update", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Update stack.", + scope_types=["system", "project"], + operations=[{"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + ), + base.APIRule( + name="stacks:update_patch", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Update stack (PATCH).", + scope_types=["system", "project"], + operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + ), + base.APIRule( + name="stacks:update_no_change", + check_str=("rule:stacks:update_patch"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Update stack (PATCH) with no changes.", + scope_types=["system", "project"], + operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + ), + base.APIRule( + name="stacks:preview_update", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Preview update stack.", + scope_types=["system", "project"], + operations=[{"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}], + ), + base.APIRule( + name="stacks:preview_update_patch", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Preview update stack (PATCH).", + scope_types=["system", "project"], + operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}], + ), + base.APIRule( + name="stacks:validate_template", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Validate template.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/validate"}], + ), + base.APIRule( + name="stacks:snapshot", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Snapshot Stack.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots"}], + ), + base.APIRule( + name="stacks:show_snapshot", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show snapshot.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}"}], + ), + base.APIRule( + name="stacks:delete_snapshot", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Delete snapshot.", + scope_types=["system", "project"], + operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}"}], + ), + base.APIRule( + name="stacks:list_snapshots", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List snapshots.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots"}], + ), + base.APIRule( + name="stacks:restore_snapshot", + check_str=("(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), + description="Restore snapshot.", + scope_types=["system", "project"], + operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}/restore"}], + ), + base.APIRule( + name="stacks:list_outputs", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="List outputs.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs"}], + ), + base.APIRule( + name="stacks:show_output", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), + description="Show outputs.", + scope_types=["system", "project"], + operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs/{output_key}"}], + ), +) + +__all__ = ("list_rules",) diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/ironic.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/ironic.py similarity index 54% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/ironic.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/ironic.py index 7678953..66a2951 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/ironic.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/ironic.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -23,10 +25,7 @@ list_rules = ( ), base.Rule( name="is_member", - check_str=( - "(project_domain_id:default or project_domain_id:None) and " - "(project_name:demo or project_name:baremetal)" - ), + check_str=("(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"), description="May be used to restrict access to specific projects", ), base.Rule( @@ -57,6 +56,7 @@ list_rules = ( base.APIRule( name="baremetal:node:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create Node records", scope_types=["system"], operations=[{"method": "POST", "path": "/nodes"}], @@ -64,31 +64,23 @@ list_rules = ( base.APIRule( name="baremetal:node:list", check_str=("role:reader"), - description="Retrieve multiple Node records, " - "filtered by an explicit owner or the client project_id", + basic_check_str=("role:admin or role:reader"), + description="Retrieve multiple Node records, filtered by an explicit owner or the client project_id", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/nodes"}, - {"method": "GET", "path": "/nodes/detail"}, - ], + operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], ), base.APIRule( name="baremetal:node:list_all", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Node records", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/nodes"}, - {"method": "GET", "path": "/nodes/detail"}, - ], + operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], ), base.APIRule( name="baremetal:node:get", - check_str=( - "(role:reader and system_scope:all) or " - "(role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve a single Node record", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], @@ -96,73 +88,55 @@ list_rules = ( base.APIRule( name="baremetal:node:get:filter_threshold", check_str=("role:reader and system_scope:all"), - description="Filter to allow operators to govern the threshold where " - "information should be filtered. Non-authorized users " - "will be subjected to additional API policy checks for " - "API content response bodies.", + basic_check_str=("role:admin or role:reader"), + description="Filter to allow operators to govern the threshold where information should be filtered. Non-authorized users will be subjected to additional API policy checks for API content response bodies.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:get:last_error", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(node.owner)s) " - ), - description="Governs if the node last_error field is masked from " - "APIclients with insufficent privileges.", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), + basic_check_str=("role:admin or role:reader"), + description="Governs if the node last_error field is masked from APIclients with insufficent privileges.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:get:reservation", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(node.owner)s) " - ), - description="Governs if the node reservation field is masked from " - "APIclients with insufficent privileges.", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), + basic_check_str=("role:admin or role:reader"), + description="Governs if the node reservation field is masked from APIclients with insufficent privileges.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:get:driver_internal_info", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(node.owner)s) " - ), - description="Governs if the node driver_internal_info field is " - "masked from API clients with insufficent privileges.", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), + basic_check_str=("role:admin or role:reader"), + description="Governs if the node driver_internal_info field is masked from API clients with insufficent privileges.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:get:driver_info", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(node.owner)s) " - ), - description="Governs if the driver_info field is masked from " - "APIclients with insufficent privileges.", + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), + basic_check_str=("role:admin or role:reader"), + description="Governs if the driver_info field is masked from APIclients with insufficent privileges.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:driver_info", - check_str=( - "(role:member and system_scope:all) or (role:member and " - "project_id:%(node.owner)s) " - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node driver_info field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:properties", - check_str=( - "(role:member and system_scope:all) or (role:member and " - "project_id:%(node.owner)s) " - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node properties field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], @@ -170,25 +144,23 @@ list_rules = ( base.APIRule( name="baremetal:node:update:chassis_uuid", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Governs if node chassis_uuid field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:instance_uuid", - check_str=( - "(role:member and system_scope:all) or (role:member and " - "project_id:%(node.owner)s) " - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node instance_uuid field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:lessee", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node lessee field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], @@ -196,25 +168,23 @@ list_rules = ( base.APIRule( name="baremetal:node:update:owner", check_str=("role:member and system_scope:all"), + basic_check_str=("role:admin"), description="Governs if node owner field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:driver_interfaces", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), - description="Governs if node driver and driver interfaces field " - "can be updated via the API clients.", + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), + description="Governs if node driver and driver interfaces field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:network_data", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node driver_info field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], @@ -222,59 +192,47 @@ list_rules = ( base.APIRule( name="baremetal:node:update:conductor_group", check_str=("role:member and system_scope:all"), - description="Governs if node conductor_group field can be updated " - "via the API clients.", + basic_check_str=("role:admin"), + description="Governs if node conductor_group field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:name", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Governs if node name field can be updated via the API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update:retired", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), - description="Governs if node retired and retired reason can be " - "updated by API clients.", + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), + description="Governs if node retired and retired reason can be updated by API clients.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin"), description="Generalized update of node records", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update_extra", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin"), description="Update Node extra field", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:update_instance_info", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Update Node instance_info field", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], @@ -282,6 +240,7 @@ list_rules = ( base.APIRule( name="baremetal:node:update_owner_provisioned", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update Node owner even when Node is provisioned", scope_types=["system"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], @@ -289,357 +248,263 @@ list_rules = ( base.APIRule( name="baremetal:node:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete Node records", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:node:validate", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Request active validation of Nodes", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}/validate"}], ), base.APIRule( name="baremetal:node:set_maintenance", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Set maintenance flag, taking a Node out of service", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/maintenance"}], ), base.APIRule( name="baremetal:node:clear_maintenance", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Clear maintenance flag, placing the Node into service again", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/maintenance"}], ), base.APIRule( name="baremetal:node:get_boot_device", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Node boot device metadata", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"}, - {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"}, - ], + operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"}, {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"}], ), base.APIRule( name="baremetal:node:set_boot_device", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Change Node boot device", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/boot_device"}], ), base.APIRule( name="baremetal:node:get_indicator_state", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Node indicators and their states", scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}", - }, - {"method": "GET", "path": "/nodes/{node_ident}/management/indicators"}, - ], + operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}, {"method": "GET", "path": "/nodes/{node_ident}/management/indicators"}], ), base.APIRule( name="baremetal:node:set_indicator_state", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Change Node indicator state", scope_types=["system", "project"], - operations=[ - { - "method": "PUT", - "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}", - }, - ], + operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}], ), base.APIRule( name="baremetal:node:inject_nmi", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Inject NMI for a node", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/inject_nmi"}], ), base.APIRule( name="baremetal:node:get_states", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="View Node power and provision state", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}/states"}], ), base.APIRule( name="baremetal:node:set_power_state", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:member and system_scope:all) or (role:member and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin"), description="Change Node power status", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/power"}], ), base.APIRule( name="baremetal:node:set_provision_state", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Change Node provision status", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/provision"}], ), base.APIRule( name="baremetal:node:set_raid_state", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Change Node RAID status", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/raid"}], ), base.APIRule( name="baremetal:node:get_console", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Get Node console connection information", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}/states/console"}], ), base.APIRule( name="baremetal:node:set_console_state", - check_str=( - "(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Change Node console status", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/console"}], ), base.APIRule( name="baremetal:node:vif:list", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin"), description="List VIFs attached to node", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}/vifs"}], ), base.APIRule( name="baremetal:node:vif:attach", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Attach a VIF to a node", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/nodes/{node_ident}/vifs"}], ), base.APIRule( name="baremetal:node:vif:detach", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Detach a VIF from a node", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/vifs/{node_vif_ident}"}], ), base.APIRule( name="baremetal:node:traits:list", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="List node traits", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/nodes/{node_ident}/traits"}], ), base.APIRule( name="baremetal:node:traits:set", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Add a trait to, or replace all traits of, a node", scope_types=["system", "project"], - operations=[ - {"method": "PUT", "path": "/nodes/{node_ident}/traits"}, - {"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"}, - ], + operations=[{"method": "PUT", "path": "/nodes/{node_ident}/traits"}, {"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"}], ), base.APIRule( name="baremetal:node:traits:delete", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Remove one or all traits from a node", scope_types=["system", "project"], - operations=[ - {"method": "DELETE", "path": "/nodes/{node_ident}/traits"}, - {"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"}, - ], + operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/traits"}, {"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"}], ), base.APIRule( name="baremetal:node:bios:get", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Node BIOS information", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/nodes/{node_ident}/bios"}, - {"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"}, - ], + operations=[{"method": "GET", "path": "/nodes/{node_ident}/bios"}, {"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"}], ), base.APIRule( name="baremetal:node:disable_cleaning", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Disable Node disk cleaning", scope_types=["system"], operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], ), base.APIRule( name="baremetal:port:get", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Port records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/ports/{port_id}"}, - {"method": "GET", "path": "/nodes/{node_ident}/ports"}, - {"method": "GET", "path": "/nodes/{node_ident}/ports/detail"}, - {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"}, - {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"}, - ], + operations=[{"method": "GET", "path": "/ports/{port_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/ports"}, {"method": "GET", "path": "/nodes/{node_ident}/ports/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"}], ), base.APIRule( name="baremetal:port:list", check_str=("role:reader"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Port records, filtered by owner", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/ports"}, - {"method": "GET", "path": "/ports/detail"}, - ], + operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], ), base.APIRule( name="baremetal:port:list_all", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Port records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/ports"}, - {"method": "GET", "path": "/ports/detail"}, - ], + operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], ), base.APIRule( name="baremetal:port:create", - check_str=( - "(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Create Port records", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/ports"}], ), base.APIRule( name="baremetal:port:delete", - check_str=( - "(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Delete Port records", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/ports/{port_id}"}], ), base.APIRule( name="baremetal:port:update", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Update Port records", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/ports/{port_id}"}], ), base.APIRule( name="baremetal:portgroup:get", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Portgroup records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/portgroups"}, - {"method": "GET", "path": "/portgroups/detail"}, - {"method": "GET", "path": "/portgroups/{portgroup_ident}"}, - {"method": "GET", "path": "/nodes/{node_ident}/portgroups"}, - {"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"}, - ], + operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"}], ), base.APIRule( name="baremetal:portgroup:create", - check_str=( - "(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Create Portgroup records", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/portgroups"}], ), base.APIRule( name="baremetal:portgroup:delete", - check_str=( - "(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Delete Portgroup records", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/portgroups/{portgroup_ident}"}], ), base.APIRule( name="baremetal:portgroup:update", - check_str=( - "(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s)"), + basic_check_str=("role:admin"), description="Update Portgroup records", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/portgroups/{portgroup_ident}"}], @@ -647,37 +512,31 @@ list_rules = ( base.APIRule( name="baremetal:portgroup:list", check_str=("role:reader"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Port records, filtered by owner", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/portgroups"}, - {"method": "GET", "path": "/portgroups/detail"}, - ], + operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], ), base.APIRule( name="baremetal:portgroup:list_all", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Port records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/portgroups"}, - {"method": "GET", "path": "/portgroups/detail"}, - ], + operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], ), base.APIRule( name="baremetal:chassis:get", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Chassis records", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/chassis"}, - {"method": "GET", "path": "/chassis/detail"}, - {"method": "GET", "path": "/chassis/{chassis_id}"}, - ], + operations=[{"method": "GET", "path": "/chassis"}, {"method": "GET", "path": "/chassis/detail"}, {"method": "GET", "path": "/chassis/{chassis_id}"}], ), base.APIRule( name="baremetal:chassis:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create Chassis records", scope_types=["system"], operations=[{"method": "POST", "path": "/chassis"}], @@ -685,6 +544,7 @@ list_rules = ( base.APIRule( name="baremetal:chassis:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete Chassis records", scope_types=["system"], operations=[{"method": "DELETE", "path": "/chassis/{chassis_id}"}], @@ -692,6 +552,7 @@ list_rules = ( base.APIRule( name="baremetal:chassis:update", check_str=("role:member and system_scope:all"), + basic_check_str=("role:admin"), description="Update Chassis records", scope_types=["system"], operations=[{"method": "PATCH", "path": "/chassis/{chassis_id}"}], @@ -699,16 +560,15 @@ list_rules = ( base.APIRule( name="baremetal:driver:get", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="View list of available drivers", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/drivers"}, - {"method": "GET", "path": "/drivers/{driver_name}"}, - ], + operations=[{"method": "GET", "path": "/drivers"}, {"method": "GET", "path": "/drivers/{driver_name}"}], ), base.APIRule( name="baremetal:driver:get_properties", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="View driver-specific properties", scope_types=["system"], operations=[{"method": "GET", "path": "/drivers/{driver_name}/properties"}], @@ -716,64 +576,31 @@ list_rules = ( base.APIRule( name="baremetal:driver:get_raid_logical_disk_properties", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="View driver-specific RAID metadata", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"}, - ], + operations=[{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"}], ), base.APIRule( name="baremetal:node:vendor_passthru", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Access vendor-specific Node functions", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"}, - {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, - {"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, - {"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, - { - "method": "PATCH", - "path": "nodes/{node_ident}/vendor_passthru?method={method_name}", - }, - { - "method": "DELETE", - "path": "nodes/{node_ident}/vendor_passthru?method={method_name}", - }, - ], + operations=[{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"}, {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}], ), base.APIRule( name="baremetal:driver:vendor_passthru", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Access vendor-specific Driver functions", scope_types=["system"], - operations=[ - {"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"}, - { - "method": "GET", - "path": "drivers/{driver_name}/vendor_passthru?method={method_name}", - }, - { - "method": "PUT", - "path": "drivers/{driver_name}/vendor_passthru?method={method_name}", - }, - { - "method": "POST", - "path": "drivers/{driver_name}/vendor_passthru?method={method_name}", - }, - { - "method": "PATCH", - "path": "drivers/{driver_name}/vendor_passthru?method={method_name}", - }, - { - "method": "DELETE", - "path": "drivers/{driver_name}/vendor_passthru?method={method_name}", - }, - ], + operations=[{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"}, {"method": "GET", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}], ), base.APIRule( name="baremetal:node:ipa_heartbeat", check_str=(""), + basic_check_str=("@"), description="Receive heartbeats from IPA ramdisk", scope_types=["project"], operations=[{"method": "POST", "path": "/heartbeat/{node_ident}"}], @@ -781,6 +608,7 @@ list_rules = ( base.APIRule( name="baremetal:driver:ipa_lookup", check_str=(""), + basic_check_str=("@"), description="Access IPA ramdisk functions", scope_types=["project"], operations=[{"method": "GET", "path": "/lookup"}], @@ -788,125 +616,79 @@ list_rules = ( base.APIRule( name="baremetal:volume:list_all", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve a list of all Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/volume/connectors"}, - {"method": "GET", "path": "/volume/targets"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}, - ], + operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], ), base.APIRule( name="baremetal:volume:list", check_str=("role:reader"), + basic_check_str=("role:admin or role:reader"), description="Retrieve a list of Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/volume/connectors"}, - {"method": "GET", "path": "/volume/targets"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}, - ], + operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], ), base.APIRule( name="baremetal:volume:get", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and (project_id:%(node.owner)s " - "or project_id:%(node.lessee)s))" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/volume"}, - {"method": "GET", "path": "/volume/connectors"}, - {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, - {"method": "GET", "path": "/volume/targets"}, - {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, - {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}, - ], + operations=[{"method": "GET", "path": "/volume"}, {"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/volume"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], ), base.APIRule( name="baremetal:volume:create", - check_str=( - "(role:member and system_scope:all) " - "or (role:admin and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Create Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "POST", "path": "/volume/connectors"}, - {"method": "POST", "path": "/volume/targets"}, - ], + operations=[{"method": "POST", "path": "/volume/connectors"}, {"method": "POST", "path": "/volume/targets"}], ), base.APIRule( name="baremetal:volume:delete", - check_str=( - "(role:member and system_scope:all) " - "or (role:admin and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Delete Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"}, - {"method": "DELETE", "path": "/volume/targets/{volume_target_id}"}, - ], + operations=[{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "DELETE", "path": "/volume/targets/{volume_target_id}"}], ), base.APIRule( name="baremetal:volume:update", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(node.owner)s) " - "or (role:admin and project_id:%(node.lessee)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s)"), + basic_check_str=("role:admin"), description="Update Volume connector and target records", scope_types=["system", "project"], - operations=[ - {"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"}, - {"method": "PATCH", "path": "/volume/targets/{volume_target_id}"}, - ], + operations=[{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "PATCH", "path": "/volume/targets/{volume_target_id}"}], ), base.APIRule( name="baremetal:volume:view_target_properties", check_str=("(role:reader and system_scope:all) or (role:admin)"), + basic_check_str=("role:admin or role:reader"), description="Ability to view volume target properties", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, - {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, - ], + operations=[{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}], ), base.APIRule( name="baremetal:conductor:get", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Conductor records", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/conductors"}, - {"method": "GET", "path": "/conductors/{hostname}"}, - ], + operations=[{"method": "GET", "path": "/conductors"}, {"method": "GET", "path": "/conductors/{hostname}"}], ), base.APIRule( name="baremetal:allocation:get", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(allocation.owner)s)" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Allocation records", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/allocations/{allocation_id}"}, - {"method": "GET", "path": "/nodes/{node_ident}/allocation"}, - ], + operations=[{"method": "GET", "path": "/allocations/{allocation_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/allocation"}], ), base.APIRule( name="baremetal:allocation:list", check_str=("role:reader"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Allocation records, filtered by owner", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/allocations"}], @@ -914,6 +696,7 @@ list_rules = ( base.APIRule( name="baremetal:allocation:list_all", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve multiple Allocation records", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/allocations"}], @@ -921,6 +704,7 @@ list_rules = ( base.APIRule( name="baremetal:allocation:create", check_str=("(role:member and system_scope:all) or (role:member)"), + basic_check_str=("role:admin"), description="Create Allocation records", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/allocations"}], @@ -928,48 +712,39 @@ list_rules = ( base.APIRule( name="baremetal:allocation:create_restricted", check_str=("role:member and system_scope:all"), + basic_check_str=("role:admin"), description="Create Allocation records with a specific owner.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/allocations"}], ), base.APIRule( name="baremetal:allocation:delete", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(allocation.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"), + basic_check_str=("role:admin"), description="Delete Allocation records", scope_types=["system", "project"], - operations=[ - {"method": "DELETE", "path": "/allocations/{allocation_id}"}, - {"method": "DELETE", "path": "/nodes/{node_ident}/allocation"}, - ], + operations=[{"method": "DELETE", "path": "/allocations/{allocation_id}"}, {"method": "DELETE", "path": "/nodes/{node_ident}/allocation"}], ), base.APIRule( name="baremetal:allocation:update", - check_str=( - "(role:member and system_scope:all) " - "or (role:member and project_id:%(allocation.owner)s)" - ), + check_str=("(role:member and system_scope:all) or (role:member and project_id:%(allocation.owner)s)"), + basic_check_str=("role:admin"), description="Change name and extra fields of an allocation", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/allocations/{allocation_id}"}], ), base.APIRule( name="baremetal:allocation:create_pre_rbac", - check_str=( - "(rule:is_member and role:baremetal_admin) " - "or (is_admin_project:True and role:admin)" - ), - description="Logical restrictor to prevent legacy allocation rule " - "missuse - Requires blank allocations to originate from " - "the legacy baremetal_admin.", + check_str=("(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"), + basic_check_str=("role:admin"), + description="Logical restrictor to prevent legacy allocation rule missuse - Requires blank allocations to originate from the legacy baremetal_admin.", scope_types=["project"], operations=[{"method": "PATCH", "path": "/allocations/{allocation_id}"}], ), base.APIRule( name="baremetal:events:post", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Post events", scope_types=["system"], operations=[{"method": "POST", "path": "/events"}], @@ -977,16 +752,15 @@ list_rules = ( base.APIRule( name="baremetal:deploy_template:get", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Retrieve Deploy Template records", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/deploy_templates"}, - {"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"}, - ], + operations=[{"method": "GET", "path": "/deploy_templates"}, {"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"}], ), base.APIRule( name="baremetal:deploy_template:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create Deploy Template records", scope_types=["system"], operations=[{"method": "POST", "path": "/deploy_templates"}], @@ -994,6 +768,7 @@ list_rules = ( base.APIRule( name="baremetal:deploy_template:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete Deploy Template records", scope_types=["system"], operations=[{"method": "DELETE", "path": "/deploy_templates/{deploy_template_ident}"}], @@ -1001,96 +776,11 @@ list_rules = ( base.APIRule( name="baremetal:deploy_template:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update Deploy Template records", scope_types=["system"], operations=[{"method": "PATCH", "path": "/deploy_templates/{deploy_template_ident}"}], ), - base.APIRule( - name="introspection", - check_str=("rule:public_api"), - description="Access the API root for available versions information", - scope_types=["project"], - operations=[{"method": "GET", "path": "/"}], - ), - base.APIRule( - name="introspection:version", - check_str=("rule:public_api"), - description="Access the versioned API root for version information", - scope_types=["project"], - operations=[{"method": "GET", "path": "/{version}"}], - ), - base.APIRule( - name="introspection:continue", - check_str=("rule:public_api"), - description="Ramdisk callback to continue introspection", - scope_types=["project"], - operations=[{"method": "POST", "path": "/continue"}], - ), - base.APIRule( - name="introspection:status", - check_str=("role:reader and system_scope:all"), - description="Get introspection status", - scope_types=["project"], - operations=[ - {"method": "GET", "path": "/introspection"}, - {"method": "GET", "path": "/introspection/{node_id}"}, - ], - ), - base.APIRule( - name="introspection:start", - check_str=("role:admin and system_scope:all"), - description="Start introspection", - scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}"}], - ), - base.APIRule( - name="introspection:abort", - check_str=("role:admin and system_scope:all"), - description="Abort introspection", - scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}/abort"}], - ), - base.APIRule( - name="introspection:data", - check_str=("role:admin and system_scope:all"), - description="Get introspection data", - scope_types=["project"], - operations=[{"method": "GET", "path": "/introspection/{node_id}/data"}], - ), - base.APIRule( - name="introspection:reapply", - check_str=("role:admin and system_scope:all"), - description="Reapply introspection on stored data", - scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}/data/unprocessed"}], - ), - base.APIRule( - name="introspection:rule:get", - check_str=("role:admin and system_scope:all"), - description="Get introspection rule(s)", - scope_types=["project"], - operations=[ - {"method": "GET", "path": "/rules"}, - {"method": "GET", "path": "/rules/{rule_id}"}, - ], - ), - base.APIRule( - name="introspection:rule:delete", - check_str=("role:admin and system_scope:all"), - description="Delete introspection rule(s)", - scope_types=["project"], - operations=[ - {"method": "DELETE", "path": "/rules"}, - {"method": "DELETE", "path": "/rules/{rule_id}"}, - ], - ), - base.APIRule( - name="introspection:rule:create", - check_str=("role:admin and system_scope:all"), - description="Create introspection rule", - scope_types=["project"], - operations=[{"method": "POST", "path": "/rules"}], - ), ) __all__ = ("list_rules",) diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/keystone.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/keystone.py similarity index 77% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/keystone.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/keystone.py index 656e09e..af2b926 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/keystone.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/keystone.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -44,6 +46,7 @@ list_rules = ( base.APIRule( name="identity:get_access_rule", check_str=("(role:reader and system_scope:all) or user_id:%(target.user.id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Show access rule details.", scope_types=["system", "project"], operations=[ @@ -54,6 +57,7 @@ list_rules = ( base.APIRule( name="identity:list_access_rules", check_str=("(role:reader and system_scope:all) or user_id:%(target.user.id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List access rules for a user.", scope_types=["system", "project"], operations=[ @@ -64,15 +68,17 @@ list_rules = ( base.APIRule( name="identity:delete_access_rule", check_str=("(role:admin and system_scope:all) or user_id:%(target.user.id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Delete an access_rule.", scope_types=["system", "project"], operations=[ - {"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"}, + {"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"} ], ), base.APIRule( name="identity:authorize_request_token", check_str=("rule:admin_required"), + basic_check_str=("!"), description="Authorize OAUTH1 request token.", scope_types=["project"], operations=[{"method": "PUT", "path": "/v3/OS-OAUTH1/authorize/{request_token_id}"}], @@ -80,31 +86,33 @@ list_rules = ( base.APIRule( name="identity:get_access_token", check_str=("rule:admin_required"), + basic_check_str=("!"), description="Get OAUTH1 access token for user by access token ID.", scope_types=["project"], operations=[ { "method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}", - }, + } ], ), base.APIRule( name="identity:get_access_token_role", check_str=("rule:admin_required"), + basic_check_str=("!"), description="Get role for user OAUTH1 access token.", scope_types=["project"], operations=[ { "method": "GET", - "path": "/v3/users/{user_id}/OS-OAUTH1/" - "access_tokens/{access_token_id}/roles/{role_id}", - }, + "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}", + } ], ), base.APIRule( name="identity:list_access_tokens", check_str=("rule:admin_required"), + basic_check_str=("!"), description="List OAUTH1 access tokens for user.", scope_types=["project"], operations=[{"method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens"}], @@ -112,48 +120,50 @@ list_rules = ( base.APIRule( name="identity:list_access_token_roles", check_str=("rule:admin_required"), + basic_check_str=("!"), description="List OAUTH1 access token roles.", scope_types=["project"], operations=[ { "method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles", - }, + } ], ), base.APIRule( name="identity:delete_access_token", check_str=("rule:admin_required"), + basic_check_str=("!"), description="Delete OAUTH1 access token.", scope_types=["project"], operations=[ { "method": "DELETE", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}", - }, + } ], ), base.APIRule( name="identity:get_application_credential", check_str=("(role:reader and system_scope:all) or rule:owner"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Show application credential details.", scope_types=["system", "project"], operations=[ { "method": "GET", - "path": "/v3/users/{user_id}/application_credentials/" - "{application_credential_id}", + "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}", }, { "method": "HEAD", - "path": "/v3/users/{user_id}/application_credentials/" - "{application_credential_id}", + "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}", }, ], ), base.APIRule( name="identity:list_application_credentials", check_str=("(role:reader and system_scope:all) or rule:owner"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List application credentials for a user.", scope_types=["system", "project"], operations=[ @@ -164,6 +174,7 @@ list_rules = ( base.APIRule( name="identity:create_application_credential", check_str=("user_id:%(user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Create an application credential.", scope_types=["project"], operations=[{"method": "POST", "path": "/v3/users/{user_id}/application_credentials"}], @@ -171,19 +182,20 @@ list_rules = ( base.APIRule( name="identity:delete_application_credential", check_str=("(role:admin and system_scope:all) or rule:owner"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Delete an application credential.", scope_types=["system", "project"], operations=[ { "method": "DELETE", - "path": "/v3/users/{user_id}/application_credentials/" - "{application_credential_id}", - }, + "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}", + } ], ), base.APIRule( name="identity:get_auth_catalog", check_str=(""), + basic_check_str=("@"), description="Get service catalog.", scope_types=["project"], operations=[ @@ -194,6 +206,7 @@ list_rules = ( base.APIRule( name="identity:get_auth_projects", check_str=(""), + basic_check_str=("@"), description="List all projects a user has access to via role assignments.", scope_types=["project"], operations=[ @@ -204,6 +217,7 @@ list_rules = ( base.APIRule( name="identity:get_auth_domains", check_str=(""), + basic_check_str=("@"), description="List all domains a user has access to via role assignments.", scope_types=["project"], operations=[ @@ -214,6 +228,7 @@ list_rules = ( base.APIRule( name="identity:get_auth_system", check_str=(""), + basic_check_str=("@"), description="List systems a user has access to via role assignments.", scope_types=["project"], operations=[ @@ -224,6 +239,7 @@ list_rules = ( base.APIRule( name="identity:get_consumer", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Show OAUTH1 consumer details.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], @@ -231,6 +247,7 @@ list_rules = ( base.APIRule( name="identity:list_consumers", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="List OAUTH1 consumers.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/OS-OAUTH1/consumers"}], @@ -238,6 +255,7 @@ list_rules = ( base.APIRule( name="identity:create_consumer", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Create OAUTH1 consumer.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/OS-OAUTH1/consumers"}], @@ -245,6 +263,7 @@ list_rules = ( base.APIRule( name="identity:update_consumer", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Update OAUTH1 consumer.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], @@ -252,6 +271,7 @@ list_rules = ( base.APIRule( name="identity:delete_consumer", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Delete OAUTH1 consumer.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], @@ -259,6 +279,7 @@ list_rules = ( base.APIRule( name="identity:get_credential", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Show credentials details.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v3/credentials/{credential_id}"}], @@ -266,6 +287,7 @@ list_rules = ( base.APIRule( name="identity:list_credentials", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List credentials.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v3/credentials"}], @@ -273,6 +295,7 @@ list_rules = ( base.APIRule( name="identity:create_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Create credential.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v3/credentials"}], @@ -280,6 +303,7 @@ list_rules = ( base.APIRule( name="identity:update_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Update credential.", scope_types=["system", "project"], operations=[{"method": "PATCH", "path": "/v3/credentials/{credential_id}"}], @@ -287,6 +311,7 @@ list_rules = ( base.APIRule( name="identity:delete_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Delete credential.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/v3/credentials/{credential_id}"}], @@ -294,9 +319,10 @@ list_rules = ( base.APIRule( name="identity:get_domain", check_str=( - "(role:reader and system_scope:all) " - "or token.domain.id:%(target.domain.id)s " - "or token.project.domain.id:%(target.domain.id)s" + "(role:reader and system_scope:all) or token.domain.id:%(target.domain.id)s or token.project.domain.id:%(target.domain.id)s" + ), + basic_check_str=( + "role:admin or role:reader or user_id:%(user_id)s or project_id:%(project_id)s" ), description="Show domain details.", scope_types=["system", "domain", "project"], @@ -305,6 +331,7 @@ list_rules = ( base.APIRule( name="identity:list_domains", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List domains.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/domains"}], @@ -312,6 +339,7 @@ list_rules = ( base.APIRule( name="identity:create_domain", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create domain.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/domains"}], @@ -319,6 +347,7 @@ list_rules = ( base.APIRule( name="identity:update_domain", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update domain.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/domains/{domain_id}"}], @@ -326,6 +355,7 @@ list_rules = ( base.APIRule( name="identity:delete_domain", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete domain.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/domains/{domain_id}"}], @@ -333,6 +363,7 @@ list_rules = ( base.APIRule( name="identity:create_domain_config", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create domain configuration.", scope_types=["system"], operations=[{"method": "PUT", "path": "/v3/domains/{domain_id}/config"}], @@ -340,10 +371,8 @@ list_rules = ( base.APIRule( name="identity:get_domain_config", check_str=("role:reader and system_scope:all"), - description="Get the entire domain configuration " - "for a domain, an option group within a domain, " - "or a specific configuration option within a group " - "for a domain.", + basic_check_str=("role:admin or role:reader"), + description="Get the entire domain configuration for a domain, an option group within a domain, or a specific configuration option within a group for a domain.", scope_types=["system"], operations=[ {"method": "GET", "path": "/v3/domains/{domain_id}/config"}, @@ -357,8 +386,8 @@ list_rules = ( base.APIRule( name="identity:get_security_compliance_domain_config", check_str=(""), - description="Get security compliance domain configuration " - "for either a domain or a specific option in a domain.", + basic_check_str=("@"), + description="Get security compliance domain configuration for either a domain or a specific option in a domain.", scope_types=["system", "domain", "project"], operations=[ {"method": "GET", "path": "/v3/domains/{domain_id}/config/security_compliance"}, @@ -376,8 +405,8 @@ list_rules = ( base.APIRule( name="identity:update_domain_config", check_str=("role:admin and system_scope:all"), - description="Update domain configuration for either a domain, " - "specific group or a specific option in a group.", + basic_check_str=("role:admin"), + description="Update domain configuration for either a domain, specific group or a specific option in a group.", scope_types=["system"], operations=[ {"method": "PATCH", "path": "/v3/domains/{domain_id}/config"}, @@ -388,8 +417,8 @@ list_rules = ( base.APIRule( name="identity:delete_domain_config", check_str=("role:admin and system_scope:all"), - description="Delete domain configuration for either a domain, " - "specific group or a specific option in a group.", + basic_check_str=("role:admin"), + description="Delete domain configuration for either a domain, specific group or a specific option in a group.", scope_types=["system"], operations=[ {"method": "DELETE", "path": "/v3/domains/{domain_id}/config"}, @@ -400,8 +429,8 @@ list_rules = ( base.APIRule( name="identity:get_domain_config_default", check_str=("role:reader and system_scope:all"), - description="Get domain configuration default for either a domain, " - "specific group or a specific option in a group.", + basic_check_str=("role:admin or role:reader"), + description="Get domain configuration default for either a domain, specific group or a specific option in a group.", scope_types=["system"], operations=[ {"method": "GET", "path": "/v3/domains/config/default"}, @@ -415,15 +444,17 @@ list_rules = ( base.APIRule( name="identity:ec2_get_credential", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Show ec2 credential details.", scope_types=["system", "project"], operations=[ - {"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"}, + {"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"} ], ), base.APIRule( name="identity:ec2_list_credentials", check_str=("(role:reader and system_scope:all) or rule:owner"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List ec2 credentials.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2"}], @@ -431,6 +462,7 @@ list_rules = ( base.APIRule( name="identity:ec2_create_credential", check_str=("(role:admin and system_scope:all) or rule:owner"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Create ec2 credential.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/v3/users/{user_id}/credentials/OS-EC2"}], @@ -438,18 +470,17 @@ list_rules = ( base.APIRule( name="identity:ec2_delete_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Delete ec2 credential.", scope_types=["system", "project"], operations=[ - { - "method": "DELETE", - "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}", - }, + {"method": "DELETE", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"} ], ), base.APIRule( name="identity:get_endpoint", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show endpoint details.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/endpoints/{endpoint_id}"}], @@ -457,6 +488,7 @@ list_rules = ( base.APIRule( name="identity:list_endpoints", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List endpoints.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/endpoints"}], @@ -464,6 +496,7 @@ list_rules = ( base.APIRule( name="identity:create_endpoint", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create endpoint.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/endpoints"}], @@ -471,6 +504,7 @@ list_rules = ( base.APIRule( name="identity:update_endpoint", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update endpoint.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/endpoints/{endpoint_id}"}], @@ -478,6 +512,7 @@ list_rules = ( base.APIRule( name="identity:delete_endpoint", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete endpoint.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/endpoints/{endpoint_id}"}], @@ -485,6 +520,7 @@ list_rules = ( base.APIRule( name="identity:create_endpoint_group", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create endpoint group.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/OS-EP-FILTER/endpoint_groups"}], @@ -492,6 +528,7 @@ list_rules = ( base.APIRule( name="identity:list_endpoint_groups", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="List endpoint groups.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups"}], @@ -499,6 +536,7 @@ list_rules = ( base.APIRule( name="identity:get_endpoint_group", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="Get endpoint group.", scope_types=["system"], operations=[ @@ -509,119 +547,109 @@ list_rules = ( base.APIRule( name="identity:update_endpoint_group", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update endpoint group.", scope_types=["system"], operations=[ - {"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}, + {"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"} ], ), base.APIRule( name="identity:delete_endpoint_group", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete endpoint group.", scope_types=["system"], operations=[ - {"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}, + {"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"} ], ), base.APIRule( name="identity:list_projects_associated_with_endpoint_group", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="List all projects associated with a specific endpoint group.", scope_types=["system"], operations=[ { "method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects", - }, + } ], ), base.APIRule( name="identity:list_endpoints_associated_with_endpoint_group", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="List all endpoints associated with an endpoint group.", scope_types=["system"], operations=[ { "method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints", - }, + } ], ), base.APIRule( name="identity:get_endpoint_group_in_project", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="Check if an endpoint group is associated with a project.", scope_types=["system"], operations=[ { "method": "GET", - "path": "/v3/OS-EP-FILTER/endpoint_groups/" - "{endpoint_group_id}/projects/{project_id}", + "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", }, { "method": "HEAD", - "path": "/v3/OS-EP-FILTER/endpoint_groups/" - "{endpoint_group_id}/projects/{project_id}", + "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", }, ], ), base.APIRule( name="identity:list_endpoint_groups_for_project", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin"), description="List endpoint groups associated with a specific project.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"}, + {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"} ], ), base.APIRule( name="identity:add_endpoint_group_to_project", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Allow a project to access an endpoint group.", scope_types=["system"], operations=[ { "method": "PUT", - "path": "/v3/OS-EP-FILTER/endpoint_groups/" - "{endpoint_group_id}/projects/{project_id}", - }, + "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", + } ], ), base.APIRule( name="identity:remove_endpoint_group_from_project", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Remove endpoint group from project.", scope_types=["system"], operations=[ { "method": "DELETE", - "path": "/v3/OS-EP-FILTER/endpoint_groups/" - "{endpoint_group_id}/projects/{project_id}", - }, + "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}", + } ], ), base.APIRule( name="identity:check_grant", check_str=( - "(role:reader and system_scope:all) " - "or ((role:reader and domain_id:%(target.user.domain_id)s " - "and domain_id:%(target.project.domain_id)s) " - "or (role:reader and domain_id:%(target.user.domain_id)s " - "and domain_id:%(target.domain.id)s) " - "or (role:reader and domain_id:%(target.group.domain_id)s " - "and domain_id:%(target.project.domain_id)s) " - "or (role:reader and domain_id:%(target.group.domain_id)s " - "and domain_id:%(target.domain.id)s)) " - "and (domain_id:%(target.role.domain_id)s " - "or None:%(target.role.domain_id)s)" + "(role:reader and system_scope:all) or ((role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)" ), - description="Check a role grant between a target and an actor. " - "A target can be either a domain or a project. " - "An actor can be either a user or a group. " - "These terms also apply to the OS-INHERIT APIs, " - "where grants on the target are inherited to all projects " - "in the subtree, if applicable.", + basic_check_str=("role:admin or role:reader or project_id:%(project_id)s"), + description="Check a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable.", scope_types=["system", "domain"], operations=[ { @@ -640,14 +668,8 @@ list_rules = ( "method": "GET", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}", }, - { - "method": "HEAD", - "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}", - }, - { - "method": "GET", - "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}", - }, + {"method": "HEAD", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, + {"method": "GET", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, { "method": "HEAD", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}", @@ -658,65 +680,45 @@ list_rules = ( }, { "method": "HEAD", - "path": "/v3/OS-INHERIT/projects/{project_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "GET", - "path": "/v3/OS-INHERIT/projects/{project_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "HEAD", - "path": "/v3/OS-INHERIT/projects/{project_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, { "method": "GET", - "path": "/v3/OS-INHERIT/projects/{project_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, { "method": "HEAD", - "path": "/v3/OS-INHERIT/domains/{domain_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "GET", - "path": "/v3/OS-INHERIT/domains/{domain_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "HEAD", - "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, { "method": "GET", - "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, ], ), base.APIRule( name="identity:list_grants", check_str=( - "(role:reader and system_scope:all) or (role:reader " - "and domain_id:%(target.user.domain_id)s " - "and domain_id:%(target.project.domain_id)s) " - "or (role:reader and domain_id:%(target.user.domain_id)s and " - "domain_id:%(target.domain.id)s) or (role:reader and " - "domain_id:%(target.group.domain_id)s and domain_id:%(" - "target.project.domain_id)s) or (role:reader and domain_id:%(" - "target.group.domain_id)s and domain_id:%(target.domain.id)s) " + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)" ), - description="List roles granted to an actor on a target. " - "A target can be either a domain or a project. " - "An actor can be either a user or a group. " - "For the OS-INHERIT APIs, it is possible to " - "list inherited role grants for actors on domains, " - "where grants are inherited to all projects in the " - "specified domain.", + basic_check_str=("role:admin or role:reader or project_id:%(project_id)s"), + description="List roles granted to an actor on a target. A target can be either a domain or a project. An actor can be either a user or a group. For the OS-INHERIT APIs, it is possible to list inherited role grants for actors on domains, where grants are inherited to all projects in the specified domain.", scope_types=["system", "domain"], operations=[ {"method": "GET", "path": "/v3/projects/{project_id}/users/{user_id}/roles"}, @@ -729,35 +731,21 @@ list_rules = ( {"method": "HEAD", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles"}, { "method": "GET", - "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/" - "{group_id}/roles/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects", }, { "method": "GET", - "path": "/v3/OS-INHERIT/domains/{domain_id}/users/" - "{user_id}/roles/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects", }, ], ), base.APIRule( name="identity:create_grant", check_str=( - "(role:admin and system_scope:all) or ((role:admin and " - "domain_id:%(target.user.domain_id)s and domain_id:%(" - "target.project.domain_id)s) or (role:admin and domain_id:%(" - "target.user.domain_id)s and domain_id:%(target.domain.id)s) or " - "(role:admin and domain_id:%(target.group.domain_id)s and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "domain_id:%(target.group.domain_id)s and domain_id:%(" - "target.domain.id)s)) and (domain_id:%(target.role.domain_id)s " - "or None:%(target.role.domain_id)s) " + "(role:admin and system_scope:all) or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)" ), - description="Create a role grant between a target and an actor. A " - "target can be either a domain or a project. An actor " - "can be either a user or a group. These terms also apply " - "to the OS-INHERIT APIs, where grants on the target are " - "inherited to all projects in the subtree, " - "if applicable.", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="Create a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable.", scope_types=["system", "domain"], operations=[ { @@ -768,57 +756,36 @@ list_rules = ( "method": "PUT", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}", }, - { - "method": "PUT", - "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}", - }, + {"method": "PUT", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, { "method": "PUT", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}", }, { "method": "PUT", - "path": "/v3/OS-INHERIT/projects/{project_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "PUT", - "path": "/v3/OS-INHERIT/projects/{project_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, { "method": "PUT", - "path": "/v3/OS-INHERIT/domains/{domain_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "PUT", - "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, ], ), base.APIRule( name="identity:revoke_grant", check_str=( - "(role:admin and system_scope:all) or ((role:admin and " - "domain_id:%(target.user.domain_id)s and domain_id:%(" - "target.project.domain_id)s) or (role:admin and domain_id:%(" - "target.user.domain_id)s and domain_id:%(target.domain.id)s) or " - "(role:admin and domain_id:%(target.group.domain_id)s and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "domain_id:%(target.group.domain_id)s and domain_id:%(" - "target.domain.id)s)) and (domain_id:%(target.role.domain_id)s " - "or None:%(target.role.domain_id)s) " + "(role:admin and system_scope:all) or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)" ), - description="Revoke a role grant between a target and an actor. A " - "target can be either a domain or a project. An actor " - "can be either a user or a group. These terms also apply " - "to the OS-INHERIT APIs, where grants on the target are " - "inherited to all projects in the subtree, " - "if applicable. In that case, revoking the role grant in " - "the target would remove the logical effect of " - "inheriting it to the target's projects subtree.", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="Revoke a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable. In that case, revoking the role grant in the target would remove the logical effect of inheriting it to the target's projects subtree.", scope_types=["system", "domain"], operations=[ { @@ -839,29 +806,26 @@ list_rules = ( }, { "method": "DELETE", - "path": "/v3/OS-INHERIT/projects/{project_id}/users/{" - "user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "DELETE", - "path": "/v3/OS-INHERIT/projects/{project_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, { "method": "DELETE", - "path": "/v3/OS-INHERIT/domains/{domain_id}/users/" - "{user_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects", }, { "method": "DELETE", - "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/" - "{group_id}/roles/{role_id}/inherited_to_projects", + "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects", }, ], ), base.APIRule( name="identity:list_system_grants_for_user", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List all grants a specific user has on the system.", scope_types=["system"], operations=[ @@ -872,6 +836,7 @@ list_rules = ( base.APIRule( name="identity:check_system_grant_for_user", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Check if a user has a role on the system.", scope_types=["system"], operations=[ @@ -882,6 +847,7 @@ list_rules = ( base.APIRule( name="identity:create_system_grant_for_user", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Grant a user a role on the system.", scope_types=["system"], operations=[{"method": "PUT", "path": "/v3/system/users/{user_id}/roles/{role_id}"}], @@ -889,6 +855,7 @@ list_rules = ( base.APIRule( name="identity:revoke_system_grant_for_user", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Remove a role from a user on the system.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/system/users/{user_id}/roles/{role_id}"}], @@ -896,6 +863,7 @@ list_rules = ( base.APIRule( name="identity:list_system_grants_for_group", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List all grants a specific group has on the system.", scope_types=["system"], operations=[ @@ -906,6 +874,7 @@ list_rules = ( base.APIRule( name="identity:check_system_grant_for_group", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Check if a group has a role on the system.", scope_types=["system"], operations=[ @@ -916,6 +885,7 @@ list_rules = ( base.APIRule( name="identity:create_system_grant_for_group", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Grant a group a role on the system.", scope_types=["system"], operations=[{"method": "PUT", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}], @@ -923,6 +893,7 @@ list_rules = ( base.APIRule( name="identity:revoke_system_grant_for_group", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Remove a role from a group on the system.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}], @@ -930,9 +901,9 @@ list_rules = ( base.APIRule( name="identity:get_group", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.group.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="Show group details.", scope_types=["system", "domain"], operations=[ @@ -943,9 +914,9 @@ list_rules = ( base.APIRule( name="identity:list_groups", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.group.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="List groups.", scope_types=["system", "domain"], operations=[ @@ -956,10 +927,9 @@ list_rules = ( base.APIRule( name="identity:list_groups_for_user", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.user.domain_id)s) " - "or user_id:%(user_id)s" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List groups to which a user belongs.", scope_types=["system", "domain", "project"], operations=[ @@ -970,9 +940,9 @@ list_rules = ( base.APIRule( name="identity:create_group", check_str=( - "(role:admin and system_scope:all) or (role:admin " - "and domain_id:%(target.group.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin"), description="Create group.", scope_types=["system", "domain"], operations=[{"method": "POST", "path": "/v3/groups"}], @@ -980,9 +950,9 @@ list_rules = ( base.APIRule( name="identity:update_group", check_str=( - "(role:admin and system_scope:all) " - "or (role:admin and domain_id:%(target.group.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin"), description="Update group.", scope_types=["system", "domain"], operations=[{"method": "PATCH", "path": "/v3/groups/{group_id}"}], @@ -990,9 +960,9 @@ list_rules = ( base.APIRule( name="identity:delete_group", check_str=( - "(role:admin and system_scope:all) " - "or (role:admin and domain_id:%(target.group.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin"), description="Delete group.", scope_types=["system", "domain"], operations=[{"method": "DELETE", "path": "/v3/groups/{group_id}"}], @@ -1000,9 +970,9 @@ list_rules = ( base.APIRule( name="identity:list_users_in_group", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.group.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="List members of a specific group.", scope_types=["system", "domain"], operations=[ @@ -1013,10 +983,9 @@ list_rules = ( base.APIRule( name="identity:remove_user_from_group", check_str=( - "(role:admin and system_scope:all) " - "or (role:admin and domain_id:%(target.group.domain_id)s " - "and domain_id:%(target.user.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin"), description="Remove user from group.", scope_types=["system", "domain"], operations=[{"method": "DELETE", "path": "/v3/groups/{group_id}/users/{user_id}"}], @@ -1024,10 +993,9 @@ list_rules = ( base.APIRule( name="identity:check_user_in_group", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.group.domain_id)s " - "and domain_id:%(target.user.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="Check whether a user is a member of a group.", scope_types=["system", "domain"], operations=[ @@ -1038,10 +1006,9 @@ list_rules = ( base.APIRule( name="identity:add_user_to_group", check_str=( - "(role:admin and system_scope:all) or (role:admin " - "and domain_id:%(target.group.domain_id)s " - "and domain_id:%(target.user.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin"), description="Add user to group.", scope_types=["system", "domain"], operations=[{"method": "PUT", "path": "/v3/groups/{group_id}/users/{user_id}"}], @@ -1049,6 +1016,7 @@ list_rules = ( base.APIRule( name="identity:create_identity_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create identity provider.", scope_types=["system"], operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], @@ -1056,6 +1024,7 @@ list_rules = ( base.APIRule( name="identity:list_identity_providers", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List identity providers.", scope_types=["system"], operations=[ @@ -1066,6 +1035,7 @@ list_rules = ( base.APIRule( name="identity:get_identity_provider", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get identity provider.", scope_types=["system"], operations=[ @@ -1076,6 +1046,7 @@ list_rules = ( base.APIRule( name="identity:update_identity_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update identity provider.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], @@ -1083,33 +1054,28 @@ list_rules = ( base.APIRule( name="identity:delete_identity_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete identity provider.", scope_types=["system"], operations=[ - {"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}, + {"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"} ], ), base.APIRule( name="identity:get_implied_role", check_str=("role:reader and system_scope:all"), - description="Get information about an association between two roles. " - "When a relationship exists between a prior role and " - "an implied role and the prior role is assigned to a " - "user, the user also assumes the implied role.", + basic_check_str=("role:admin or role:reader"), + description="Get information about an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}, + {"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} ], ), base.APIRule( name="identity:list_implied_roles", check_str=("role:reader and system_scope:all"), - description="List associations between two roles. When a " - "relationship exists between a prior role and an implied " - "role and the prior role is assigned to a user, the user " - "also assumes the implied role. This will return all the " - "implied roles that would be assumed by the user who " - "gets the specified prior role.", + basic_check_str=("role:admin or role:reader"), + description="List associations between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. This will return all the implied roles that would be assumed by the user who gets the specified prior role.", scope_types=["system"], operations=[ {"method": "GET", "path": "/v3/roles/{prior_role_id}/implies"}, @@ -1119,35 +1085,28 @@ list_rules = ( base.APIRule( name="identity:create_implied_role", check_str=("role:admin and system_scope:all"), - description="Create an association between two roles. When a " - "relationship exists between a prior role and an implied " - "role and the prior role is assigned to a user, the user " - "also assumes the implied role.", + basic_check_str=("role:admin"), + description="Create an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], operations=[ - {"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}, + {"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} ], ), base.APIRule( name="identity:delete_implied_role", check_str=("role:admin and system_scope:all"), - description="Delete the association between two roles. When a " - "relationship exists between a prior role and an implied " - "role and the prior role is assigned to a user, the user " - "also assumes the implied role. Removing the association " - "will cause that effect to be eliminated.", + basic_check_str=("role:admin"), + description="Delete the association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. Removing the association will cause that effect to be eliminated.", scope_types=["system"], operations=[ - {"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}, + {"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} ], ), base.APIRule( name="identity:list_role_inference_rules", check_str=("role:reader and system_scope:all"), - description="List all associations between two roles in the system. " - "When a relationship exists between a prior role and an " - "implied role and the prior role is assigned to a user, " - "the user also assumes the implied role.", + basic_check_str=("role:admin or role:reader"), + description="List all associations between two roles in the system. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], operations=[ {"method": "GET", "path": "/v3/role_inferences"}, @@ -1157,18 +1116,17 @@ list_rules = ( base.APIRule( name="identity:check_implied_role", check_str=("role:reader and system_scope:all"), - description="Check an association between two roles. When a " - "relationship exists between a prior role and an implied " - "role and the prior role is assigned to a user, the user " - "also assumes the implied role.", + basic_check_str=("role:admin or role:reader"), + description="Check an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], operations=[ - {"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}, + {"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"} ], ), base.APIRule( name="identity:get_limit_model", check_str=(""), + basic_check_str=("@"), description="Get limit enforcement model.", scope_types=["system", "domain", "project"], operations=[ @@ -1179,12 +1137,9 @@ list_rules = ( base.APIRule( name="identity:get_limit", check_str=( - "(role:reader and system_scope:all) or (domain_id:%(" - "target.limit.domain.id)s or domain_id:%(" - "target.limit.project.domain_id)s) or (project_id:%(" - "target.limit.project_id)s and not None:%(" - "target.limit.project_id)s) " + "(role:reader and system_scope:all) or (domain_id:%(target.limit.domain.id)s or domain_id:%(target.limit.project.domain_id)s) or (project_id:%(target.limit.project_id)s and not None:%(target.limit.project_id)s)" ), + basic_check_str=("@"), description="Show limit details.", scope_types=["system", "domain", "project"], operations=[ @@ -1195,6 +1150,7 @@ list_rules = ( base.APIRule( name="identity:list_limits", check_str=(""), + basic_check_str=("@"), description="List limits.", scope_types=["system", "domain", "project"], operations=[ @@ -1205,6 +1161,7 @@ list_rules = ( base.APIRule( name="identity:create_limits", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create limits.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/limits"}], @@ -1212,6 +1169,7 @@ list_rules = ( base.APIRule( name="identity:update_limit", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update limit.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/limits/{limit_id}"}], @@ -1219,6 +1177,7 @@ list_rules = ( base.APIRule( name="identity:delete_limit", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete limit.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/limits/{limit_id}"}], @@ -1226,6 +1185,7 @@ list_rules = ( base.APIRule( name="identity:create_mapping", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a new federated mapping containing one or more sets of rules.", scope_types=["system"], operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], @@ -1233,6 +1193,7 @@ list_rules = ( base.APIRule( name="identity:get_mapping", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a federated mapping.", scope_types=["system"], operations=[ @@ -1243,6 +1204,7 @@ list_rules = ( base.APIRule( name="identity:list_mappings", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List federated mappings.", scope_types=["system"], operations=[ @@ -1253,6 +1215,7 @@ list_rules = ( base.APIRule( name="identity:delete_mapping", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a federated mapping.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], @@ -1260,6 +1223,7 @@ list_rules = ( base.APIRule( name="identity:update_mapping", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a federated mapping.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], @@ -1267,6 +1231,7 @@ list_rules = ( base.APIRule( name="identity:get_policy", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Show policy details.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/policies/{policy_id}"}], @@ -1274,6 +1239,7 @@ list_rules = ( base.APIRule( name="identity:list_policies", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="List policies.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/policies"}], @@ -1281,6 +1247,7 @@ list_rules = ( base.APIRule( name="identity:create_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Create policy.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/policies"}], @@ -1288,6 +1255,7 @@ list_rules = ( base.APIRule( name="identity:update_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Update policy.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/policies/{policy_id}"}], @@ -1295,6 +1263,7 @@ list_rules = ( base.APIRule( name="identity:delete_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Delete policy.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/policies/{policy_id}"}], @@ -1302,18 +1271,20 @@ list_rules = ( base.APIRule( name="identity:create_policy_association_for_endpoint", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Associate a policy to a specific endpoint.", scope_types=["system"], operations=[ { "method": "PUT", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}", - }, + } ], ), base.APIRule( name="identity:check_policy_association_for_endpoint", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Check policy association for endpoint.", scope_types=["system"], operations=[ @@ -1330,30 +1301,33 @@ list_rules = ( base.APIRule( name="identity:delete_policy_association_for_endpoint", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Delete policy association for endpoint.", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}", - }, + } ], ), base.APIRule( name="identity:create_policy_association_for_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Associate a policy to a specific service.", scope_types=["system"], operations=[ { "method": "PUT", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}", - }, + } ], ), base.APIRule( name="identity:check_policy_association_for_service", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Check policy association for service.", scope_types=["system"], operations=[ @@ -1370,62 +1344,63 @@ list_rules = ( base.APIRule( name="identity:delete_policy_association_for_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Delete policy association for service.", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}", - }, + } ], ), base.APIRule( name="identity:create_policy_association_for_region_and_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Associate a policy to a specific region and service combination.", scope_types=["system"], operations=[ { "method": "PUT", - "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/" - "services/{service_id}/regions/{region_id}", - }, + "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", + } ], ), base.APIRule( name="identity:check_policy_association_for_region_and_service", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Check policy association for region and service.", scope_types=["system"], operations=[ { "method": "GET", - "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/" - "services/{service_id}/regions/{region_id}", + "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", }, { "method": "HEAD", - "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/" - "services/{service_id}/regions/{region_id}", + "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", }, ], ), base.APIRule( name="identity:delete_policy_association_for_region_and_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("!"), description="Delete policy association for region and service.", scope_types=["system"], operations=[ { "method": "DELETE", - "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/" - "services/{service_id}/regions/{region_id}", - }, + "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}", + } ], ), base.APIRule( name="identity:get_policy_for_endpoint", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="Get policy for endpoint.", scope_types=["system"], operations=[ @@ -1436,19 +1411,19 @@ list_rules = ( base.APIRule( name="identity:list_endpoints_for_policy", check_str=("role:reader and system_scope:all"), + basic_check_str=("!"), description="List endpoints for policy.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"}, + {"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"} ], ), base.APIRule( name="identity:get_project", check_str=( - "(role:reader and system_scope:all) or (role:reader " - "and domain_id:%(target.project.domain_id)s) " - "or project_id:%(target.project.id)s" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s" ), + basic_check_str=("role:admin or role:reader or project_id:%(project_id)s"), description="Show project details.", scope_types=["system", "domain", "project"], operations=[{"method": "GET", "path": "/v3/projects/{project_id}"}], @@ -1456,9 +1431,9 @@ list_rules = ( base.APIRule( name="identity:list_projects", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="List projects.", scope_types=["system", "domain"], operations=[{"method": "GET", "path": "/v3/projects"}], @@ -1466,10 +1441,9 @@ list_rules = ( base.APIRule( name="identity:list_user_projects", check_str=( - "(role:reader and system_scope:all) or (role:reader " - "and domain_id:%(target.user.domain_id)s) " - "or user_id:%(target.user.id)s" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(target.user.id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List projects for user.", scope_types=["system", "domain", "project"], operations=[{"method": "GET", "path": "/v3/users/{user_id}/projects"}], @@ -1477,9 +1451,9 @@ list_rules = ( base.APIRule( name="identity:create_project", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)" ), + basic_check_str=("role:admin"), description="Create project.", scope_types=["system", "domain"], operations=[{"method": "POST", "path": "/v3/projects"}], @@ -1487,9 +1461,9 @@ list_rules = ( base.APIRule( name="identity:update_project", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s)" + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)" ), + basic_check_str=("role:admin"), description="Update project.", scope_types=["system", "domain"], operations=[{"method": "PATCH", "path": "/v3/projects/{project_id}"}], @@ -1497,9 +1471,9 @@ list_rules = ( base.APIRule( name="identity:delete_project", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s) " + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)" ), + basic_check_str=("role:admin"), description="Delete project.", scope_types=["system", "domain"], operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}"}], @@ -1507,10 +1481,9 @@ list_rules = ( base.APIRule( name="identity:list_project_tags", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "domain_id:%(target.project.domain_id)s) or project_id:%(" - "target.project.id)s " + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s" ), + basic_check_str=("role:admin or role:reader or project_id:%(project_id)s"), description="List tags for a project.", scope_types=["system", "domain", "project"], operations=[ @@ -1521,10 +1494,9 @@ list_rules = ( base.APIRule( name="identity:get_project_tag", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "domain_id:%(target.project.domain_id)s) or project_id:%(" - "target.project.id)s " + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s" ), + basic_check_str=("role:admin or role:reader or project_id:%(project_id)s"), description="Check if project contains a tag.", scope_types=["system", "domain", "project"], operations=[ @@ -1535,10 +1507,9 @@ list_rules = ( base.APIRule( name="identity:update_project_tags", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "project_id:%(target.project.id)s) " + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)" ), + basic_check_str=("role:admin"), description="Replace all tags on a project with the new set of tags.", scope_types=["system", "domain", "project"], operations=[{"method": "PUT", "path": "/v3/projects/{project_id}/tags"}], @@ -1546,10 +1517,9 @@ list_rules = ( base.APIRule( name="identity:create_project_tag", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "project_id:%(target.project.id)s) " + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)" ), + basic_check_str=("role:admin"), description="Add a single tag to a project.", scope_types=["system", "domain", "project"], operations=[{"method": "PUT", "path": "/v3/projects/{project_id}/tags/{value}"}], @@ -1557,10 +1527,9 @@ list_rules = ( base.APIRule( name="identity:delete_project_tags", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "project_id:%(target.project.id)s) " + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)" ), + basic_check_str=("role:admin"), description="Remove all tags from a project.", scope_types=["system", "domain", "project"], operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}/tags"}], @@ -1568,10 +1537,9 @@ list_rules = ( base.APIRule( name="identity:delete_project_tag", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "domain_id:%(target.project.domain_id)s) or (role:admin and " - "project_id:%(target.project.id)s) " + "(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)" ), + basic_check_str=("role:admin"), description="Delete a specified tag from project.", scope_types=["system", "domain", "project"], operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}/tags/{value}"}], @@ -1579,27 +1547,30 @@ list_rules = ( base.APIRule( name="identity:list_projects_for_endpoint", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List projects allowed to access an endpoint.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"}, + {"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"} ], ), base.APIRule( name="identity:add_endpoint_to_project", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Allow project to access an endpoint.", scope_types=["system"], operations=[ { "method": "PUT", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}", - }, + } ], ), base.APIRule( name="identity:check_endpoint_in_project", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Check if a project is allowed to access an endpoint.", scope_types=["system"], operations=[ @@ -1616,92 +1587,92 @@ list_rules = ( base.APIRule( name="identity:list_endpoints_for_project", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List the endpoints a project is allowed to access.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"}, + {"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"} ], ), base.APIRule( name="identity:remove_endpoint_from_project", check_str=("role:admin and system_scope:all"), - description="Remove access to an endpoint from a project that has " - "previously been given explicit access.", + basic_check_str=("role:admin"), + description="Remove access to an endpoint from a project that has previously been given explicit access.", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}", - }, + } ], ), base.APIRule( name="identity:create_protocol", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create federated protocol.", scope_types=["system"], operations=[ { "method": "PUT", - "path": "/v3/OS-FEDERATION/identity_providers/" - "{idp_id}/protocols/{protocol_id}", - }, + "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", + } ], ), base.APIRule( name="identity:update_protocol", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update federated protocol.", scope_types=["system"], operations=[ { "method": "PATCH", - "path": "/v3/OS-FEDERATION/identity_providers/" - "{idp_id}/protocols/{protocol_id}", - }, + "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", + } ], ), base.APIRule( name="identity:get_protocol", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get federated protocol.", scope_types=["system"], operations=[ { "method": "GET", - "path": "/v3/OS-FEDERATION/identity_providers/" - "{idp_id}/protocols/{protocol_id}", - }, + "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", + } ], ), base.APIRule( name="identity:list_protocols", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List federated protocols.", scope_types=["system"], operations=[ - { - "method": "GET", - "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols", - }, + {"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"} ], ), base.APIRule( name="identity:delete_protocol", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete federated protocol.", scope_types=["system"], operations=[ { "method": "DELETE", - "path": "/v3/OS-FEDERATION/identity_providers" - "/{idp_id}/protocols/{protocol_id}", - }, + "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}", + } ], ), base.APIRule( name="identity:get_region", check_str=(""), + basic_check_str=("@"), description="Show region details.", scope_types=["system", "domain", "project"], operations=[ @@ -1712,6 +1683,7 @@ list_rules = ( base.APIRule( name="identity:list_regions", check_str=(""), + basic_check_str=("@"), description="List regions.", scope_types=["system", "domain", "project"], operations=[ @@ -1722,6 +1694,7 @@ list_rules = ( base.APIRule( name="identity:create_region", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create region.", scope_types=["system"], operations=[ @@ -1732,6 +1705,7 @@ list_rules = ( base.APIRule( name="identity:update_region", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update region.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/regions/{region_id}"}], @@ -1739,6 +1713,7 @@ list_rules = ( base.APIRule( name="identity:delete_region", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete region.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/regions/{region_id}"}], @@ -1746,6 +1721,7 @@ list_rules = ( base.APIRule( name="identity:get_registered_limit", check_str=(""), + basic_check_str=("@"), description="Show registered limit details.", scope_types=["system", "domain", "project"], operations=[ @@ -1756,6 +1732,7 @@ list_rules = ( base.APIRule( name="identity:list_registered_limits", check_str=(""), + basic_check_str=("@"), description="List registered limits.", scope_types=["system", "domain", "project"], operations=[ @@ -1766,6 +1743,7 @@ list_rules = ( base.APIRule( name="identity:create_registered_limits", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create registered limits.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/registered_limits"}], @@ -1773,6 +1751,7 @@ list_rules = ( base.APIRule( name="identity:update_registered_limit", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update registered limit.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/registered_limits/{registered_limit_id}"}], @@ -1780,6 +1759,7 @@ list_rules = ( base.APIRule( name="identity:delete_registered_limit", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete registered limit.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/registered_limits/{registered_limit_id}"}], @@ -1787,6 +1767,7 @@ list_rules = ( base.APIRule( name="identity:list_revoke_events", check_str=("rule:service_or_admin"), + basic_check_str=("role:admin"), description="List revocation events.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/OS-REVOKE/events"}], @@ -1794,6 +1775,7 @@ list_rules = ( base.APIRule( name="identity:get_role", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show role details.", scope_types=["system"], operations=[ @@ -1804,6 +1786,7 @@ list_rules = ( base.APIRule( name="identity:list_roles", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List roles.", scope_types=["system"], operations=[ @@ -1814,6 +1797,7 @@ list_rules = ( base.APIRule( name="identity:create_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create role.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/roles"}], @@ -1821,6 +1805,7 @@ list_rules = ( base.APIRule( name="identity:update_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update role.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/roles/{role_id}"}], @@ -1828,6 +1813,7 @@ list_rules = ( base.APIRule( name="identity:delete_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete role.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/roles/{role_id}"}], @@ -1835,6 +1821,7 @@ list_rules = ( base.APIRule( name="identity:get_domain_role", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show domain role.", scope_types=["system"], operations=[ @@ -1845,6 +1832,7 @@ list_rules = ( base.APIRule( name="identity:list_domain_roles", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List domain roles.", scope_types=["system"], operations=[ @@ -1855,6 +1843,7 @@ list_rules = ( base.APIRule( name="identity:create_domain_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create domain role.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/roles"}], @@ -1862,6 +1851,7 @@ list_rules = ( base.APIRule( name="identity:update_domain_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update domain role.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/roles/{role_id}"}], @@ -1869,6 +1859,7 @@ list_rules = ( base.APIRule( name="identity:delete_domain_role", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete domain role.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/roles/{role_id}"}], @@ -1876,8 +1867,10 @@ list_rules = ( base.APIRule( name="identity:list_role_assignments", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.domain_id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)" + ), + basic_check_str=( + "role:admin or role:reader or project_id:%(project_id)s or user_id:%(user_id)s" ), description="List role assignments.", scope_types=["system", "domain"], @@ -1889,10 +1882,9 @@ list_rules = ( base.APIRule( name="identity:list_role_assignments_for_tree", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and domain_id:%(target.project.domain_id)s) " - "or (role:admin and project_id:%(target.project.id)s)" + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)" ), + basic_check_str=("role:admin or role:reader"), description="List all role assignments for a given tree of hierarchical projects.", scope_types=["system", "domain", "project"], operations=[ @@ -1903,6 +1895,7 @@ list_rules = ( base.APIRule( name="identity:get_service", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show service details.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/services/{service_id}"}], @@ -1910,6 +1903,7 @@ list_rules = ( base.APIRule( name="identity:list_services", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List services.", scope_types=["system"], operations=[{"method": "GET", "path": "/v3/services"}], @@ -1917,6 +1911,7 @@ list_rules = ( base.APIRule( name="identity:create_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create service.", scope_types=["system"], operations=[{"method": "POST", "path": "/v3/services"}], @@ -1924,6 +1919,7 @@ list_rules = ( base.APIRule( name="identity:update_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update service.", scope_types=["system"], operations=[{"method": "PATCH", "path": "/v3/services/{service_id}"}], @@ -1931,6 +1927,7 @@ list_rules = ( base.APIRule( name="identity:delete_service", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete service.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/v3/services/{service_id}"}], @@ -1938,18 +1935,17 @@ list_rules = ( base.APIRule( name="identity:create_service_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create federated service provider.", scope_types=["system"], operations=[ - { - "method": "PUT", - "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}", - }, + {"method": "PUT", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"} ], ), base.APIRule( name="identity:list_service_providers", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List federated service providers.", scope_types=["system"], operations=[ @@ -1960,6 +1956,7 @@ list_rules = ( base.APIRule( name="identity:get_service_provider", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get federated service provider.", scope_types=["system"], operations=[ @@ -1976,30 +1973,33 @@ list_rules = ( base.APIRule( name="identity:update_service_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update federated service provider.", scope_types=["system"], operations=[ { "method": "PATCH", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}", - }, + } ], ), base.APIRule( name="identity:delete_service_provider", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete federated service provider.", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}", - }, + } ], ), base.APIRule( name="identity:revocation_list", check_str=("rule:service_or_admin"), + basic_check_str=("!"), description="List revoked PKI tokens.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v3/auth/tokens/OS-PKI/revoked"}], @@ -2007,6 +2007,7 @@ list_rules = ( base.APIRule( name="identity:check_token", check_str=("(role:reader and system_scope:all) or rule:token_subject"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Check a token.", scope_types=["system", "domain", "project"], operations=[{"method": "HEAD", "path": "/v3/auth/tokens"}], @@ -2014,8 +2015,9 @@ list_rules = ( base.APIRule( name="identity:validate_token", check_str=( - "(role:reader and system_scope:all) or rule:service_role or rule:token_subject " + "(role:reader and system_scope:all) or rule:service_role or rule:token_subject" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Validate a token.", scope_types=["system", "domain", "project"], operations=[{"method": "GET", "path": "/v3/auth/tokens"}], @@ -2023,6 +2025,7 @@ list_rules = ( base.APIRule( name="identity:revoke_token", check_str=("(role:admin and system_scope:all) or rule:token_subject"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Revoke a token.", scope_types=["system", "domain", "project"], operations=[{"method": "DELETE", "path": "/v3/auth/tokens"}], @@ -2030,6 +2033,7 @@ list_rules = ( base.APIRule( name="identity:create_trust", check_str=("user_id:%(trust.trustor_user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Create trust.", scope_types=["project"], operations=[{"method": "POST", "path": "/v3/OS-TRUST/trusts"}], @@ -2037,6 +2041,7 @@ list_rules = ( base.APIRule( name="identity:list_trusts", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List trusts.", scope_types=["system"], operations=[ @@ -2047,8 +2052,9 @@ list_rules = ( base.APIRule( name="identity:list_trusts_for_trustor", check_str=( - "role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s " + "role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List trusts for trustor.", scope_types=["system", "project"], operations=[ @@ -2059,8 +2065,9 @@ list_rules = ( base.APIRule( name="identity:list_trusts_for_trustee", check_str=( - "role:reader and system_scope:all or user_id:%(target.trust.trustee_user_id)s " + "role:reader and system_scope:all or user_id:%(target.trust.trustee_user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List trusts for trustee.", scope_types=["system", "project"], operations=[ @@ -2071,10 +2078,9 @@ list_rules = ( base.APIRule( name="identity:list_roles_for_trust", check_str=( - "role:reader and system_scope:all or user_id:%(" - "target.trust.trustor_user_id)s or user_id:%(" - "target.trust.trustee_user_id)s " + "role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List roles delegated by a trust.", scope_types=["system", "project"], operations=[ @@ -2085,10 +2091,9 @@ list_rules = ( base.APIRule( name="identity:get_role_for_trust", check_str=( - "role:reader and system_scope:all or user_id:%(" - "target.trust.trustor_user_id)s or user_id:%(" - "target.trust.trustee_user_id)s " + "role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Check if trust delegates a particular role.", scope_types=["system", "project"], operations=[ @@ -2099,6 +2104,7 @@ list_rules = ( base.APIRule( name="identity:delete_trust", check_str=("role:admin and system_scope:all or user_id:%(target.trust.trustor_user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Revoke trust.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/v3/OS-TRUST/trusts/{trust_id}"}], @@ -2106,10 +2112,9 @@ list_rules = ( base.APIRule( name="identity:get_trust", check_str=( - "role:reader and system_scope:all or user_id:%(" - "target.trust.trustor_user_id)s or user_id:%(" - "target.trust.trustee_user_id)s " + "role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Get trust.", scope_types=["system", "project"], operations=[ @@ -2120,10 +2125,9 @@ list_rules = ( base.APIRule( name="identity:get_user", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "token.domain.id:%(target.user.domain_id)s) or user_id:%(" - "target.user.id)s " + "(role:reader and system_scope:all) or (role:reader and token.domain.id:%(target.user.domain_id)s) or user_id:%(target.user.id)s" ), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Show user details.", scope_types=["system", "domain", "project"], operations=[ @@ -2134,9 +2138,9 @@ list_rules = ( base.APIRule( name="identity:list_users", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "domain_id:%(target.domain_id)s) " + "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)" ), + basic_check_str=("role:admin or role:reader"), description="List users.", scope_types=["system", "domain"], operations=[ @@ -2147,6 +2151,7 @@ list_rules = ( base.APIRule( name="identity:list_projects_for_user", check_str=(""), + basic_check_str=("@"), description="List all projects a user has access to via role assignments.", scope_types=["project"], operations=[{"method": "GET", "path": " /v3/auth/projects"}], @@ -2154,6 +2159,7 @@ list_rules = ( base.APIRule( name="identity:list_domains_for_user", check_str=(""), + basic_check_str=("@"), description="List all domains a user has access to via role assignments.", scope_types=["project"], operations=[{"method": "GET", "path": "/v3/auth/domains"}], @@ -2161,9 +2167,9 @@ list_rules = ( base.APIRule( name="identity:create_user", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "token.domain.id:%(target.user.domain_id)s) " + "(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin"), description="Create a user.", scope_types=["system", "domain"], operations=[{"method": "POST", "path": "/v3/users"}], @@ -2171,9 +2177,9 @@ list_rules = ( base.APIRule( name="identity:update_user", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "token.domain.id:%(target.user.domain_id)s) " + "(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin"), description="Update a user, including administrative password resets.", scope_types=["system", "domain"], operations=[{"method": "PATCH", "path": "/v3/users/{user_id}"}], @@ -2181,9 +2187,9 @@ list_rules = ( base.APIRule( name="identity:delete_user", check_str=( - "(role:admin and system_scope:all) or (role:admin and " - "token.domain.id:%(target.user.domain_id)s) " + "(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)" ), + basic_check_str=("role:admin"), description="Delete a user.", scope_types=["system", "domain"], operations=[{"method": "DELETE", "path": "/v3/users/{user_id}"}], diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/neutron.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/neutron.py similarity index 72% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/neutron.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/neutron.py index ebf5714..efddd73 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/neutron.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/neutron.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -86,10 +88,7 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), - description="Get a flavor associated with a given service profiles. " - "There is no corresponding GET operations in API " - "currently. This rule is currently referred only in the " - "DELETE of flavor_service_profile.", + description="Get a flavor associated with a given service profiles. There is no corresponding GET operations in API currently. This rule is currently referred only in the DELETE of flavor_service_profile.", ), base.Rule( name="external", @@ -129,8 +128,10 @@ list_rules = ( base.APIRule( name="get_address_group", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:shared_address_groups " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:shared_address_groups" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get an address group", scope_types=["system", "project"], @@ -144,6 +145,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an address scope", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/address-scopes"}], @@ -151,6 +155,7 @@ list_rules = ( base.APIRule( name="create_address_scope:shared", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a shared address scope", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/address-scopes"}], @@ -158,8 +163,10 @@ list_rules = ( base.APIRule( name="get_address_scope", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:shared_address_scopes " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:shared_address_scopes" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get an address scope", scope_types=["system", "project"], @@ -171,7 +178,10 @@ list_rules = ( base.APIRule( name="update_address_scope", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update an address scope", scope_types=["system", "project"], @@ -180,6 +190,7 @@ list_rules = ( base.APIRule( name="update_address_scope:shared", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``shared`` attribute of an address scope", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/address-scopes/{id}"}], @@ -189,6 +200,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete an address scope", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/address-scopes/{id}"}], @@ -196,6 +210,7 @@ list_rules = ( base.APIRule( name="get_agent", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get an agent", scope_types=["system"], operations=[ @@ -206,6 +221,7 @@ list_rules = ( base.APIRule( name="update_agent", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update an agent", scope_types=["system"], operations=[{"method": "PUT", "path": "/agents/{id}"}], @@ -213,6 +229,7 @@ list_rules = ( base.APIRule( name="delete_agent", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete an agent", scope_types=["system"], operations=[{"method": "DELETE", "path": "/agents/{id}"}], @@ -220,6 +237,7 @@ list_rules = ( base.APIRule( name="create_dhcp-network", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Add a network to a DHCP agent", scope_types=["system"], operations=[{"method": "POST", "path": "/agents/{agent_id}/dhcp-networks"}], @@ -227,6 +245,7 @@ list_rules = ( base.APIRule( name="get_dhcp-networks", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List networks on a DHCP agent", scope_types=["system"], operations=[{"method": "GET", "path": "/agents/{agent_id}/dhcp-networks"}], @@ -234,15 +253,17 @@ list_rules = ( base.APIRule( name="delete_dhcp-network", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Remove a network from a DHCP agent", scope_types=["system"], operations=[ - {"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}, + {"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"} ], ), base.APIRule( name="create_l3-router", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Add a router to an L3 agent", scope_types=["system"], operations=[{"method": "POST", "path": "/agents/{agent_id}/l3-routers"}], @@ -250,6 +271,7 @@ list_rules = ( base.APIRule( name="get_l3-routers", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List routers on an L3 agent", scope_types=["system"], operations=[{"method": "GET", "path": "/agents/{agent_id}/l3-routers"}], @@ -257,6 +279,7 @@ list_rules = ( base.APIRule( name="delete_l3-router", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Remove a router from an L3 agent", scope_types=["system"], operations=[{"method": "DELETE", "path": "/agents/{agent_id}/l3-routers/{router_id}"}], @@ -264,6 +287,7 @@ list_rules = ( base.APIRule( name="get_dhcp-agents", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List DHCP agents hosting a network", scope_types=["system"], operations=[{"method": "GET", "path": "/networks/{network_id}/dhcp-agents"}], @@ -271,6 +295,7 @@ list_rules = ( base.APIRule( name="get_l3-agents", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List L3 agents hosting a router", scope_types=["system"], operations=[{"method": "GET", "path": "/routers/{router_id}/l3-agents"}], @@ -280,6 +305,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a project's auto-allocated topology", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/auto-allocated-topology/{project_id}"}], @@ -289,6 +317,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a project's auto-allocated topology", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/auto-allocated-topology/{project_id}"}], @@ -296,6 +327,7 @@ list_rules = ( base.APIRule( name="get_availability_zone", check_str=("role:reader and system_scope:all"), + basic_check_str=("@"), description="List availability zones", scope_types=["system"], operations=[{"method": "GET", "path": "/availability_zones"}], @@ -303,6 +335,7 @@ list_rules = ( base.APIRule( name="create_flavor", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a flavor", scope_types=["system"], operations=[{"method": "POST", "path": "/flavors"}], @@ -312,6 +345,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a flavor", scope_types=["system", "project"], operations=[ @@ -322,6 +358,7 @@ list_rules = ( base.APIRule( name="update_flavor", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a flavor", scope_types=["system"], operations=[{"method": "PUT", "path": "/flavors/{id}"}], @@ -329,6 +366,7 @@ list_rules = ( base.APIRule( name="delete_flavor", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a flavor", scope_types=["system"], operations=[{"method": "DELETE", "path": "/flavors/{id}"}], @@ -336,6 +374,7 @@ list_rules = ( base.APIRule( name="create_service_profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a service profile", scope_types=["system"], operations=[{"method": "POST", "path": "/service_profiles"}], @@ -343,6 +382,7 @@ list_rules = ( base.APIRule( name="get_service_profile", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a service profile", scope_types=["system"], operations=[ @@ -353,6 +393,7 @@ list_rules = ( base.APIRule( name="update_service_profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a service profile", scope_types=["system"], operations=[{"method": "PUT", "path": "/service_profiles/{id}"}], @@ -360,6 +401,7 @@ list_rules = ( base.APIRule( name="delete_service_profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a service profile", scope_types=["system"], operations=[{"method": "DELETE", "path": "/service_profiles/{id}"}], @@ -367,6 +409,7 @@ list_rules = ( base.APIRule( name="create_flavor_service_profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Associate a flavor with a service profile", scope_types=["system"], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/service_profiles"}], @@ -374,10 +417,11 @@ list_rules = ( base.APIRule( name="delete_flavor_service_profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Disassociate a flavor with a service profile", scope_types=["system"], operations=[ - {"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}, + {"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"} ], ), base.APIRule( @@ -385,6 +429,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a floating IP", scope_types=["project"], operations=[{"method": "POST", "path": "/floatingips"}], @@ -392,6 +439,9 @@ list_rules = ( base.APIRule( name="create_floatingip:floating_ip_address", check_str=("role:admin and system_scope:all"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a floating IP with a specific IP address", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/floatingips"}], @@ -401,6 +451,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a floating IP", scope_types=["system", "project"], operations=[ @@ -413,6 +466,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a floating IP", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/floatingips/{id}"}], @@ -420,7 +476,10 @@ list_rules = ( base.APIRule( name="delete_floatingip", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a floating IP", scope_types=["system", "project"], @@ -429,8 +488,10 @@ list_rules = ( base.APIRule( name="get_floatingip_pool", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get floating IP pools", scope_types=["system", "project"], @@ -439,8 +500,10 @@ list_rules = ( base.APIRule( name="create_floatingip_port_forwarding", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Create a floating IP port forwarding", scope_types=["system", "project"], @@ -449,8 +512,10 @@ list_rules = ( base.APIRule( name="get_floatingip_port_forwarding", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a floating IP port forwarding", scope_types=["system", "project"], @@ -465,8 +530,10 @@ list_rules = ( base.APIRule( name="update_floatingip_port_forwarding", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a floating IP port forwarding", scope_types=["system", "project"], @@ -474,14 +541,16 @@ list_rules = ( { "method": "PUT", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}", - }, + } ], ), base.APIRule( name="delete_floatingip_port_forwarding", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a floating IP port forwarding", scope_types=["system", "project"], @@ -489,14 +558,16 @@ list_rules = ( { "method": "DELETE", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}", - }, + } ], ), base.APIRule( name="create_router_conntrack_helper", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Create a router conntrack helper", scope_types=["system", "project"], @@ -505,8 +576,10 @@ list_rules = ( base.APIRule( name="get_router_conntrack_helper", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a router conntrack helper", scope_types=["system", "project"], @@ -521,8 +594,10 @@ list_rules = ( base.APIRule( name="update_router_conntrack_helper", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a router conntrack helper", scope_types=["system", "project"], @@ -530,14 +605,16 @@ list_rules = ( { "method": "PUT", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}", - }, + } ], ), base.APIRule( name="delete_router_conntrack_helper", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:ext_parent_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:ext_parent_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a router conntrack helper", scope_types=["system", "project"], @@ -545,12 +622,13 @@ list_rules = ( { "method": "DELETE", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}", - }, + } ], ), base.APIRule( name="get_loggable_resource", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get loggable resources", scope_types=["system"], operations=[{"method": "GET", "path": "/log/loggable-resources"}], @@ -558,6 +636,7 @@ list_rules = ( base.APIRule( name="create_log", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a network log", scope_types=["system"], operations=[{"method": "POST", "path": "/log/logs"}], @@ -565,6 +644,7 @@ list_rules = ( base.APIRule( name="get_log", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a network log", scope_types=["system"], operations=[ @@ -575,6 +655,7 @@ list_rules = ( base.APIRule( name="update_log", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a network log", scope_types=["system"], operations=[{"method": "PUT", "path": "/log/logs/{id}"}], @@ -582,6 +663,7 @@ list_rules = ( base.APIRule( name="delete_log", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a network log", scope_types=["system"], operations=[{"method": "DELETE", "path": "/log/logs/{id}"}], @@ -589,6 +671,7 @@ list_rules = ( base.APIRule( name="create_metering_label", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a metering label", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/metering/metering-labels"}], @@ -596,6 +679,7 @@ list_rules = ( base.APIRule( name="get_metering_label", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a metering label", scope_types=["system", "project"], operations=[ @@ -606,6 +690,7 @@ list_rules = ( base.APIRule( name="delete_metering_label", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a metering label", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/metering/metering-labels/{id}"}], @@ -613,6 +698,7 @@ list_rules = ( base.APIRule( name="create_metering_label_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a metering label rule", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/metering/metering-label-rules"}], @@ -620,6 +706,7 @@ list_rules = ( base.APIRule( name="get_metering_label_rule", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a metering label rule", scope_types=["system", "project"], operations=[ @@ -630,6 +717,7 @@ list_rules = ( base.APIRule( name="delete_metering_label_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a metering label rule", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/metering/metering-label-rules/{id}"}], @@ -639,6 +727,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a network", scope_types=["project"], operations=[{"method": "POST", "path": "/networks"}], @@ -646,6 +737,7 @@ list_rules = ( base.APIRule( name="create_network:shared", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a shared network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -653,6 +745,7 @@ list_rules = ( base.APIRule( name="create_network:router:external", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create an external network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -660,6 +753,7 @@ list_rules = ( base.APIRule( name="create_network:is_default", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``is_default`` attribute when creating a network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -669,6 +763,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Specify ``port_security_enabled`` attribute when creating a network", scope_types=["project"], operations=[{"method": "POST", "path": "/networks"}], @@ -676,6 +773,7 @@ list_rules = ( base.APIRule( name="create_network:segments", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``segments`` attribute when creating a network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -683,6 +781,7 @@ list_rules = ( base.APIRule( name="create_network:provider:network_type", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``provider:network_type`` when creating a network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -690,6 +789,7 @@ list_rules = ( base.APIRule( name="create_network:provider:physical_network", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``provider:physical_network`` when creating a network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -697,6 +797,7 @@ list_rules = ( base.APIRule( name="create_network:provider:segmentation_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``provider:segmentation_id`` when creating a network", scope_types=["system"], operations=[{"method": "POST", "path": "/networks"}], @@ -704,9 +805,10 @@ list_rules = ( base.APIRule( name="get_network", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:shared or rule:external or " - "rule:context_is_advsvc " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:shared or rule:external or rule:context_is_advsvc" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a network", scope_types=["system", "project"], @@ -720,6 +822,7 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=("@"), description="Get ``router:external`` attribute of a network", scope_types=["project"], operations=[ @@ -730,6 +833,7 @@ list_rules = ( base.APIRule( name="get_network:segments", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``segments`` attribute of a network", scope_types=["system"], operations=[ @@ -740,6 +844,9 @@ list_rules = ( base.APIRule( name="get_network:provider:network_type", check_str=("role:reader and system_scope:all"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get ``provider:network_type`` attribute of a network", scope_types=["system"], operations=[ @@ -750,6 +857,7 @@ list_rules = ( base.APIRule( name="get_network:provider:physical_network", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``provider:physical_network`` attribute of a network", scope_types=["system"], operations=[ @@ -760,6 +868,7 @@ list_rules = ( base.APIRule( name="get_network:provider:segmentation_id", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``provider:segmentation_id`` attribute of a network", scope_types=["system"], operations=[ @@ -772,6 +881,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a network", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -779,6 +891,7 @@ list_rules = ( base.APIRule( name="update_network:segments", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``segments`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -786,6 +899,7 @@ list_rules = ( base.APIRule( name="update_network:shared", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``shared`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -793,6 +907,7 @@ list_rules = ( base.APIRule( name="update_network:provider:network_type", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``provider:network_type`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -800,6 +915,7 @@ list_rules = ( base.APIRule( name="update_network:provider:physical_network", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``provider:physical_network`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -807,6 +923,7 @@ list_rules = ( base.APIRule( name="update_network:provider:segmentation_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``provider:segmentation_id`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -814,6 +931,7 @@ list_rules = ( base.APIRule( name="update_network:router:external", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``router:external`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -821,6 +939,7 @@ list_rules = ( base.APIRule( name="update_network:is_default", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``is_default`` attribute of a network", scope_types=["system"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -830,6 +949,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update ``port_security_enabled`` attribute of a network", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/networks/{id}"}], @@ -839,6 +961,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a network", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/networks/{id}"}], @@ -846,6 +971,9 @@ list_rules = ( base.APIRule( name="get_network_ip_availability", check_str=("role:reader and system_scope:all"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get network IP availability", scope_types=["system"], operations=[ @@ -856,6 +984,7 @@ list_rules = ( base.APIRule( name="create_network_segment_range", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a network segment range", scope_types=["system"], operations=[{"method": "POST", "path": "/network_segment_ranges"}], @@ -863,6 +992,7 @@ list_rules = ( base.APIRule( name="get_network_segment_range", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a network segment range", scope_types=["system"], operations=[ @@ -873,6 +1003,7 @@ list_rules = ( base.APIRule( name="update_network_segment_range", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a network segment range", scope_types=["system"], operations=[{"method": "PUT", "path": "/network_segment_ranges/{id}"}], @@ -880,6 +1011,7 @@ list_rules = ( base.APIRule( name="delete_network_segment_range", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a network segment range", scope_types=["system"], operations=[{"method": "DELETE", "path": "/network_segment_ranges/{id}"}], @@ -889,6 +1021,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a port", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/ports"}], @@ -896,9 +1031,10 @@ list_rules = ( base.APIRule( name="create_port:device_owner", check_str=( - "not rule:network_device or role:admin and system_scope:all or " - "role:admin and project_id:%(project_id)s or " - "rule:context_is_advsvc or rule:network_owner " + "not rule:network_device or role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:context_is_advsvc or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``device_owner`` attribute when creting a port", scope_types=["system", "project"], @@ -907,9 +1043,10 @@ list_rules = ( base.APIRule( name="create_port:mac_address", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``mac_address`` attribute when creating a port", scope_types=["system", "project"], @@ -918,9 +1055,10 @@ list_rules = ( base.APIRule( name="create_port:fixed_ips", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s or rule:shared" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:shared" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``fixed_ips`` information when creating a port", scope_types=["system", "project"], @@ -929,9 +1067,10 @@ list_rules = ( base.APIRule( name="create_port:fixed_ips:ip_address", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify IP address in ``fixed_ips`` when creating a port", scope_types=["system", "project"], @@ -940,9 +1079,10 @@ list_rules = ( base.APIRule( name="create_port:fixed_ips:subnet_id", check_str=( - "rule:context_is_advsvc or rule:network_owner or " - "role:admin and system_scope:all or role:admin and " - "project_id:%(project_id)s or rule:shared" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:shared" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify subnet ID in ``fixed_ips`` when creating a port", scope_types=["system", "project"], @@ -951,9 +1091,10 @@ list_rules = ( base.APIRule( name="create_port:port_security_enabled", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``port_security_enabled`` attribute when creating a port", scope_types=["system", "project"], @@ -962,6 +1103,7 @@ list_rules = ( base.APIRule( name="create_port:binding:host_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``binding:host_id`` attribute when creating a port", scope_types=["system"], operations=[{"method": "POST", "path": "/ports"}], @@ -969,6 +1111,7 @@ list_rules = ( base.APIRule( name="create_port:binding:profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``binding:profile`` attribute when creating a port", scope_types=["system"], operations=[{"method": "POST", "path": "/ports"}], @@ -978,6 +1121,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Specify ``binding:vnic_type`` attribute when creating a port", scope_types=["project"], operations=[{"method": "POST", "path": "/ports"}], @@ -985,8 +1131,10 @@ list_rules = ( base.APIRule( name="create_port:allowed_address_pairs", check_str=( - "role:admin and system_scope:all or role:admin and project_id:%(" - "project_id)s or rule:network_owner " + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``allowed_address_pairs`` attribute when creating a port", scope_types=["project", "system"], @@ -995,30 +1143,34 @@ list_rules = ( base.APIRule( name="create_port:allowed_address_pairs:mac_address", check_str=( - "role:admin and system_scope:all or role:admin and project_id:%(" - "project_id)s or rule:network_owner " + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" ), - description="Specify ``mac_address` of `allowed_address_pairs`` " - "attribute when creating a port", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Specify ``mac_address` of `allowed_address_pairs`` attribute when creating a port", scope_types=["project", "system"], operations=[{"method": "POST", "path": "/ports"}], ), base.APIRule( name="create_port:allowed_address_pairs:ip_address", check_str=( - "role:admin and system_scope:all or role:admin and project_id:%(" - "project_id)s or rule:network_owner " + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" ), - description="Specify ``ip_address`` of ``allowed_address_pairs`` " - "attribute when creating a port", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Specify ``ip_address`` of ``allowed_address_pairs`` attribute when creating a port", scope_types=["project", "system"], operations=[{"method": "POST", "path": "/ports"}], ), base.APIRule( name="get_port", check_str=( - "rule:context_is_advsvc or (role:reader and system_scope:all) or " - "(role:reader and project_id:%(project_id)s) " + "rule:context_is_advsvc or (role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a port", scope_types=["project", "system"], @@ -1030,6 +1182,7 @@ list_rules = ( base.APIRule( name="get_port:binding:vif_type", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``binding:vif_type`` attribute of a port", scope_types=["system"], operations=[ @@ -1040,6 +1193,7 @@ list_rules = ( base.APIRule( name="get_port:binding:vif_details", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``binding:vif_details`` attribute of a port", scope_types=["system"], operations=[ @@ -1050,6 +1204,7 @@ list_rules = ( base.APIRule( name="get_port:binding:host_id", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``binding:host_id`` attribute of a port", scope_types=["system"], operations=[ @@ -1060,6 +1215,7 @@ list_rules = ( base.APIRule( name="get_port:binding:profile", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``binding:profile`` attribute of a port", scope_types=["system"], operations=[ @@ -1070,6 +1226,7 @@ list_rules = ( base.APIRule( name="get_port:resource_request", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``resource_request`` attribute of a port", scope_types=["system"], operations=[ @@ -1080,8 +1237,10 @@ list_rules = ( base.APIRule( name="update_port", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:context_is_advsvc " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:context_is_advsvc" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a port", scope_types=["system", "project"], @@ -1090,9 +1249,10 @@ list_rules = ( base.APIRule( name="update_port:device_owner", check_str=( - "not rule:network_device or rule:context_is_advsvc " - "or rule:network_owner or role:admin and system_scope:all " - "or role:admin and project_id:%(project_id)s" + "not rule:network_device or rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``device_owner`` attribute of a port", scope_types=["system", "project"], @@ -1101,6 +1261,9 @@ list_rules = ( base.APIRule( name="update_port:mac_address", check_str=("role:admin and system_scope:all or rule:context_is_advsvc"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update ``mac_address`` attribute of a port", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/ports/{id}"}], @@ -1108,9 +1271,10 @@ list_rules = ( base.APIRule( name="update_port:fixed_ips", check_str=( - "rule:context_is_advsvc or rule:network_owner or " - "role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify ``fixed_ips`` information when updating a port", scope_types=["system", "project"], @@ -1119,9 +1283,10 @@ list_rules = ( base.APIRule( name="update_port:fixed_ips:ip_address", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify IP address in ``fixed_ips`` information when updating a port", scope_types=["system", "project"], @@ -1130,9 +1295,10 @@ list_rules = ( base.APIRule( name="update_port:fixed_ips:subnet_id", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s or rule:shared" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:shared" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Specify subnet ID in ``fixed_ips`` information when updating a port", scope_types=["system", "project"], @@ -1141,9 +1307,10 @@ list_rules = ( base.APIRule( name="update_port:port_security_enabled", check_str=( - "rule:context_is_advsvc or rule:network_owner " - "or role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s" + "rule:context_is_advsvc or rule:network_owner or role:admin and system_scope:all or role:admin and project_id:%(project_id)s" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``port_security_enabled`` attribute of a port", scope_types=["system", "project"], @@ -1152,6 +1319,7 @@ list_rules = ( base.APIRule( name="update_port:binding:host_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``binding:host_id`` attribute of a port", scope_types=["system"], operations=[{"method": "PUT", "path": "/ports/{id}"}], @@ -1159,6 +1327,7 @@ list_rules = ( base.APIRule( name="update_port:binding:profile", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``binding:profile`` attribute of a port", scope_types=["system"], operations=[{"method": "PUT", "path": "/ports/{id}"}], @@ -1166,8 +1335,10 @@ list_rules = ( base.APIRule( name="update_port:binding:vnic_type", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:context_is_advsvc" + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:context_is_advsvc" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``binding:vnic_type`` attribute of a port", scope_types=["system", "project"], @@ -1176,8 +1347,10 @@ list_rules = ( base.APIRule( name="update_port:allowed_address_pairs", check_str=( - "role:admin and system_scope:all or role:admin and " - "project_id:%(project_id)s or rule:network_owner" + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``allowed_address_pairs`` attribute of a port", scope_types=["system", "project"], @@ -1186,8 +1359,10 @@ list_rules = ( base.APIRule( name="update_port:allowed_address_pairs:mac_address", check_str=( - "role:admin and system_scope:all or role:admin " - "and project_id:%(project_id)s or rule:network_owner" + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``mac_address`` of ``allowed_address_pairs`` attribute of a port", scope_types=["system", "project"], @@ -1196,8 +1371,10 @@ list_rules = ( base.APIRule( name="update_port:allowed_address_pairs:ip_address", check_str=( - "role:admin and system_scope:all or role:admin and " - "project_id:%(project_id)s or rule:network_owner" + "role:admin and system_scope:all or role:admin and project_id:%(project_id)s or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update ``ip_address`` of ``allowed_address_pairs`` attribute of a port", scope_types=["system", "project"], @@ -1206,6 +1383,7 @@ list_rules = ( base.APIRule( name="update_port:data_plane_status", check_str=("role:admin and system_scope:all or role:data_plane_integrator"), + basic_check_str=("role:admin"), description="Update ``data_plane_status`` attribute of a port", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/ports/{id}"}], @@ -1213,8 +1391,10 @@ list_rules = ( base.APIRule( name="delete_port", check_str=( - "rule:context_is_advsvc or (role:admin and system_scope:all) " - "or (role:member and project_id:%(project_id)s)" + "rule:context_is_advsvc or (role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a port", scope_types=["system", "project"], @@ -1225,6 +1405,7 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=("@"), description="Get QoS policies", scope_types=["system", "project"], operations=[ @@ -1235,6 +1416,7 @@ list_rules = ( base.APIRule( name="create_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a QoS policy", scope_types=["system"], operations=[{"method": "POST", "path": "/qos/policies"}], @@ -1242,6 +1424,7 @@ list_rules = ( base.APIRule( name="update_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a QoS policy", scope_types=["system"], operations=[{"method": "PUT", "path": "/qos/policies/{id}"}], @@ -1249,6 +1432,7 @@ list_rules = ( base.APIRule( name="delete_policy", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a QoS policy", scope_types=["system"], operations=[{"method": "DELETE", "path": "/qos/policies/{id}"}], @@ -1258,6 +1442,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get available QoS rule types", scope_types=["system", "project"], operations=[ @@ -1270,6 +1457,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS bandwidth limit rule", scope_types=["system", "project"], operations=[ @@ -1283,34 +1473,34 @@ list_rules = ( base.APIRule( name="create_policy_bandwidth_limit_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a QoS bandwidth limit rule", scope_types=["system"], operations=[ - {"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"}, + {"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"} ], ), base.APIRule( name="update_policy_bandwidth_limit_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a QoS bandwidth limit rule", scope_types=["system"], operations=[ - { - "method": "PUT", - "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}", - }, + {"method": "PUT", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"} ], ), base.APIRule( name="delete_policy_bandwidth_limit_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a QoS bandwidth limit rule", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}", - }, + } ], ), base.APIRule( @@ -1318,6 +1508,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS DSCP marking rule", scope_types=["system", "project"], operations=[ @@ -1328,6 +1521,7 @@ list_rules = ( base.APIRule( name="create_policy_dscp_marking_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a QoS DSCP marking rule", scope_types=["system"], operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/dscp_marking_rules"}], @@ -1335,22 +1529,21 @@ list_rules = ( base.APIRule( name="update_policy_dscp_marking_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a QoS DSCP marking rule", scope_types=["system"], operations=[ - {"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}, + {"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"} ], ), base.APIRule( name="delete_policy_dscp_marking_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a QoS DSCP marking rule", scope_types=["system"], operations=[ - { - "method": "DELETE", - "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}", - }, + {"method": "DELETE", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"} ], ), base.APIRule( @@ -1358,6 +1551,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS minimum bandwidth rule", scope_types=["system", "project"], operations=[ @@ -1371,39 +1567,45 @@ list_rules = ( base.APIRule( name="create_policy_minimum_bandwidth_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a QoS minimum bandwidth rule", scope_types=["system"], operations=[ - {"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"}, + {"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"} ], ), base.APIRule( name="update_policy_minimum_bandwidth_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a QoS minimum bandwidth rule", scope_types=["system"], operations=[ { "method": "PUT", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}", - }, + } ], ), base.APIRule( name="delete_policy_minimum_bandwidth_rule", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a QoS minimum bandwidth rule", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}", - }, + } ], ), base.APIRule( name="get_alias_bandwidth_limit_rule", check_str=("rule:get_policy_bandwidth_limit_rule"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS bandwidth limit rule through alias", scope_types=["project"], operations=[{"method": "GET", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], @@ -1411,6 +1613,7 @@ list_rules = ( base.APIRule( name="update_alias_bandwidth_limit_rule", check_str=("rule:update_policy_bandwidth_limit_rule"), + basic_check_str=("role:admin"), description="Update a QoS bandwidth limit rule through alias", scope_types=["project"], operations=[{"method": "PUT", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], @@ -1418,6 +1621,7 @@ list_rules = ( base.APIRule( name="delete_alias_bandwidth_limit_rule", check_str=("rule:delete_policy_bandwidth_limit_rule"), + basic_check_str=("role:admin"), description="Delete a QoS bandwidth limit rule through alias", scope_types=["project"], operations=[{"method": "DELETE", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], @@ -1425,6 +1629,9 @@ list_rules = ( base.APIRule( name="get_alias_dscp_marking_rule", check_str=("rule:get_policy_dscp_marking_rule"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS DSCP marking rule through alias", scope_types=["project"], operations=[{"method": "GET", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], @@ -1432,6 +1639,7 @@ list_rules = ( base.APIRule( name="update_alias_dscp_marking_rule", check_str=("rule:update_policy_dscp_marking_rule"), + basic_check_str=("role:admin"), description="Update a QoS DSCP marking rule through alias", scope_types=["project"], operations=[{"method": "PUT", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], @@ -1439,6 +1647,7 @@ list_rules = ( base.APIRule( name="delete_alias_dscp_marking_rule", check_str=("rule:delete_policy_dscp_marking_rule"), + basic_check_str=("role:admin"), description="Delete a QoS DSCP marking rule through alias", scope_types=["project"], operations=[{"method": "DELETE", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], @@ -1446,6 +1655,9 @@ list_rules = ( base.APIRule( name="get_alias_minimum_bandwidth_rule", check_str=("rule:get_policy_minimum_bandwidth_rule"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a QoS minimum bandwidth rule through alias", scope_types=["project"], operations=[{"method": "GET", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}], @@ -1453,6 +1665,7 @@ list_rules = ( base.APIRule( name="update_alias_minimum_bandwidth_rule", check_str=("rule:update_policy_minimum_bandwidth_rule"), + basic_check_str=("role:admin"), description="Update a QoS minimum bandwidth rule through alias", scope_types=["project"], operations=[{"method": "PUT", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}], @@ -1460,15 +1673,17 @@ list_rules = ( base.APIRule( name="delete_alias_minimum_bandwidth_rule", check_str=("rule:delete_policy_minimum_bandwidth_rule"), + basic_check_str=("role:admin"), description="Delete a QoS minimum bandwidth rule through alias", scope_types=["project"], operations=[ - {"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}, + {"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"} ], ), base.APIRule( name="get_quota", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a resource quota", scope_types=["system"], operations=[ @@ -1479,6 +1694,7 @@ list_rules = ( base.APIRule( name="update_quota", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a resource quota", scope_types=["system"], operations=[{"method": "PUT", "path": "/quota/{id}"}], @@ -1486,6 +1702,7 @@ list_rules = ( base.APIRule( name="delete_quota", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a resource quota", scope_types=["system"], operations=[{"method": "DELETE", "path": "/quota/{id}"}], @@ -1495,6 +1712,7 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=("role:admin"), description="Create an RBAC policy", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/rbac-policies"}], @@ -1502,6 +1720,7 @@ list_rules = ( base.APIRule( name="create_rbac_policy:target_tenant", check_str=("role:admin and system_scope:all or rule:restrict_wildcard"), + basic_check_str=("role:admin"), description="Specify ``target_tenant`` when creating an RBAC policy", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/rbac-policies"}], @@ -1511,6 +1730,7 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=("role:admin"), description="Update an RBAC policy", scope_types=["project", "system"], operations=[{"method": "PUT", "path": "/rbac-policies/{id}"}], @@ -1518,6 +1738,7 @@ list_rules = ( base.APIRule( name="update_rbac_policy:target_tenant", check_str=("role:admin and system_scope:all or rule:restrict_wildcard"), + basic_check_str=("role:admin"), description="Update ``target_tenant`` attribute of an RBAC policy", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/rbac-policies/{id}"}], @@ -1527,6 +1748,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get an RBAC policy", scope_types=["project", "system"], operations=[ @@ -1539,6 +1763,7 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=("role:admin"), description="Delete an RBAC policy", scope_types=["project", "system"], operations=[{"method": "DELETE", "path": "/rbac-policies/{id}"}], @@ -1548,6 +1773,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a router", scope_types=["project"], operations=[{"method": "POST", "path": "/routers"}], @@ -1555,6 +1783,7 @@ list_rules = ( base.APIRule( name="create_router:distributed", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``distributed`` attribute when creating a router", scope_types=["system"], operations=[{"method": "POST", "path": "/routers"}], @@ -1562,6 +1791,7 @@ list_rules = ( base.APIRule( name="create_router:ha", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``ha`` attribute when creating a router", scope_types=["system"], operations=[{"method": "POST", "path": "/routers"}], @@ -1571,6 +1801,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Specify ``external_gateway_info`` information when creating a router", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/routers"}], @@ -1580,26 +1813,26 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), - description="Specify ``network_id`` in ``external_gateway_info`` " - "information when creating a router", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Specify ``network_id`` in ``external_gateway_info`` information when creating a router", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/routers"}], ), base.APIRule( name="create_router:external_gateway_info:enable_snat", check_str=("role:admin and system_scope:all"), - description="Specify ``enable_snat`` " - "in ``external_gateway_info`` information " - "when creating a router", + basic_check_str=("role:admin"), + description="Specify ``enable_snat`` in ``external_gateway_info`` information when creating a router", scope_types=["system"], operations=[{"method": "POST", "path": "/routers"}], ), base.APIRule( name="create_router:external_gateway_info:external_fixed_ips", check_str=("role:admin and system_scope:all"), - description="Specify ``external_fixed_ips`` " - "in ``external_gateway_info`` information " - "when creating a router", + basic_check_str=("role:admin"), + description="Specify ``external_fixed_ips`` in ``external_gateway_info`` information when creating a router", scope_types=["system"], operations=[{"method": "POST", "path": "/routers"}], ), @@ -1608,6 +1841,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a router", scope_types=["system", "project"], operations=[ @@ -1618,6 +1854,7 @@ list_rules = ( base.APIRule( name="get_router:distributed", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``distributed`` attribute of a router", scope_types=["system"], operations=[ @@ -1628,6 +1865,7 @@ list_rules = ( base.APIRule( name="get_router:ha", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``ha`` attribute of a router", scope_types=["system"], operations=[ @@ -1640,6 +1878,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a router", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/routers/{id}"}], @@ -1647,6 +1888,7 @@ list_rules = ( base.APIRule( name="update_router:distributed", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``distributed`` attribute of a router", scope_types=["system"], operations=[{"method": "PUT", "path": "/routers/{id}"}], @@ -1654,6 +1896,7 @@ list_rules = ( base.APIRule( name="update_router:ha", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``ha`` attribute of a router", scope_types=["system"], operations=[{"method": "PUT", "path": "/routers/{id}"}], @@ -1663,6 +1906,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update ``external_gateway_info`` information of a router", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/routers/{id}"}], @@ -1672,24 +1918,28 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), - description="Update ``network_id`` attribute " - "of ``external_gateway_info`` information of a router", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Update ``network_id`` attribute of ``external_gateway_info`` information of a router", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/routers/{id}"}], ), base.APIRule( name="update_router:external_gateway_info:enable_snat", check_str=("role:admin and system_scope:all"), - description="Update ``enable_snat`` attribute " - "of ``external_gateway_info`` information of a router", + basic_check_str=("role:admin"), + description="Update ``enable_snat`` attribute of ``external_gateway_info`` information of a router", scope_types=["system"], operations=[{"method": "PUT", "path": "/routers/{id}"}], ), base.APIRule( name="update_router:external_gateway_info:external_fixed_ips", check_str=("role:admin and system_scope:all"), - description="Update ``external_fixed_ips`` attribute " - "of ``external_gateway_info`` information of a router", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Update ``external_fixed_ips`` attribute of ``external_gateway_info`` information of a router", scope_types=["system"], operations=[{"method": "PUT", "path": "/routers/{id}"}], ), @@ -1698,6 +1948,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a router", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/routers/{id}"}], @@ -1707,6 +1960,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Add an interface to a router", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/routers/{id}/add_router_interface"}], @@ -1716,6 +1972,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Remove an interface from a router", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/routers/{id}/remove_router_interface"}], @@ -1725,6 +1984,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a security group", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/security-groups"}], @@ -1734,6 +1996,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get a security group", scope_types=["system", "project"], operations=[ @@ -1746,6 +2011,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a security group", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/security-groups/{id}"}], @@ -1755,6 +2023,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a security group", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/security-groups/{id}"}], @@ -1764,6 +2035,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a security group rule", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/security-group-rules"}], @@ -1771,8 +2045,10 @@ list_rules = ( base.APIRule( name="get_security_group_rule", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(project_id)s) or rule:sg_owner" + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:sg_owner" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a security group rule", scope_types=["system", "project"], @@ -1786,6 +2062,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a security group rule", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/security-group-rules/{id}"}], @@ -1793,6 +2072,7 @@ list_rules = ( base.APIRule( name="create_segment", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a segment", scope_types=["system"], operations=[{"method": "POST", "path": "/segments"}], @@ -1800,6 +2080,7 @@ list_rules = ( base.APIRule( name="get_segment", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get a segment", scope_types=["system"], operations=[ @@ -1810,6 +2091,7 @@ list_rules = ( base.APIRule( name="update_segment", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update a segment", scope_types=["system"], operations=[{"method": "PUT", "path": "/segments/{id}"}], @@ -1817,6 +2099,7 @@ list_rules = ( base.APIRule( name="delete_segment", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete a segment", scope_types=["system"], operations=[{"method": "DELETE", "path": "/segments/{id}"}], @@ -1826,6 +2109,9 @@ list_rules = ( check_str=( "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get service providers", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/service-providers"}], @@ -1833,9 +2119,10 @@ list_rules = ( base.APIRule( name="create_subnet", check_str=( - "(role:admin and system_scope:all) " - "or (role:member and project_id:%(project_id)s) " - "or rule:network_owner" + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Create a subnet", scope_types=["system", "project"], @@ -1844,6 +2131,7 @@ list_rules = ( base.APIRule( name="create_subnet:segment_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``segment_id`` attribute when creating a subnet", scope_types=["system"], operations=[{"method": "POST", "path": "/subnets"}], @@ -1851,6 +2139,7 @@ list_rules = ( base.APIRule( name="create_subnet:service_types", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``service_types`` attribute when creating a subnet", scope_types=["system"], operations=[{"method": "POST", "path": "/subnets"}], @@ -1858,8 +2147,10 @@ list_rules = ( base.APIRule( name="get_subnet", check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(project_id)s) or rule:shared" + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:shared" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a subnet", scope_types=["system", "project"], @@ -1871,6 +2162,7 @@ list_rules = ( base.APIRule( name="get_subnet:segment_id", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Get ``segment_id`` attribute of a subnet", scope_types=["system"], operations=[ @@ -1881,8 +2173,10 @@ list_rules = ( base.APIRule( name="update_subnet", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:network_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a subnet", scope_types=["system", "project"], @@ -1891,6 +2185,7 @@ list_rules = ( base.APIRule( name="update_subnet:segment_id", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``segment_id`` attribute of a subnet", scope_types=["system"], operations=[{"method": "PUT", "path": "/subnets/{id}"}], @@ -1898,6 +2193,7 @@ list_rules = ( base.APIRule( name="update_subnet:service_types", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``service_types`` attribute of a subnet", scope_types=["system"], operations=[{"method": "PUT", "path": "/subnets/{id}"}], @@ -1905,8 +2201,10 @@ list_rules = ( base.APIRule( name="delete_subnet", check_str=( - "(role:admin and system_scope:all) or (role:member and " - "project_id:%(project_id)s) or rule:network_owner " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) or rule:network_owner" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a subnet", scope_types=["system", "project"], @@ -1915,7 +2213,10 @@ list_rules = ( base.APIRule( name="create_subnetpool", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Create a subnetpool", scope_types=["project", "system"], @@ -1924,6 +2225,7 @@ list_rules = ( base.APIRule( name="create_subnetpool:shared", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create a shared subnetpool", scope_types=["system"], operations=[{"method": "POST", "path": "/subnetpools"}], @@ -1931,6 +2233,7 @@ list_rules = ( base.APIRule( name="create_subnetpool:is_default", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Specify ``is_default`` attribute when creating a subnetpool", scope_types=["system"], operations=[{"method": "POST", "path": "/subnetpools"}], @@ -1938,8 +2241,10 @@ list_rules = ( base.APIRule( name="get_subnetpool", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or rule:shared_subnetpools " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or rule:shared_subnetpools" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a subnetpool", scope_types=["system", "project"], @@ -1951,7 +2256,10 @@ list_rules = ( base.APIRule( name="update_subnetpool", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a subnetpool", scope_types=["system", "project"], @@ -1960,6 +2268,7 @@ list_rules = ( base.APIRule( name="update_subnetpool:is_default", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update ``is_default`` attribute of a subnetpool", scope_types=["system"], operations=[{"method": "PUT", "path": "/subnetpools/{id}"}], @@ -1967,7 +2276,10 @@ list_rules = ( base.APIRule( name="delete_subnetpool", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a subnetpool", scope_types=["system", "project"], @@ -1976,7 +2288,10 @@ list_rules = ( base.APIRule( name="onboard_network_subnets", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Onboard existing subnet into a subnetpool", scope_types=["system", "project"], @@ -1985,7 +2300,10 @@ list_rules = ( base.APIRule( name="add_prefixes", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Add prefixes to a subnetpool", scope_types=["system", "project"], @@ -1994,7 +2312,10 @@ list_rules = ( base.APIRule( name="remove_prefixes", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Remove unallocated prefixes from a subnetpool", scope_types=["system", "project"], @@ -2003,7 +2324,10 @@ list_rules = ( base.APIRule( name="create_trunk", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Create a trunk", scope_types=["project", "system"], @@ -2012,8 +2336,10 @@ list_rules = ( base.APIRule( name="get_trunk", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="Get a trunk", scope_types=["project", "system"], @@ -2025,7 +2351,10 @@ list_rules = ( base.APIRule( name="update_trunk", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Update a trunk", scope_types=["project", "system"], @@ -2034,7 +2363,10 @@ list_rules = ( base.APIRule( name="delete_trunk", check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " + "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" ), description="Delete a trunk", scope_types=["project", "system"], @@ -2043,8 +2375,10 @@ list_rules = ( base.APIRule( name="get_subports", check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " + "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" + ), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" ), description="List subports attached to a trunk", scope_types=["project", "system"], @@ -2055,6 +2389,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Add subports to a trunk", scope_types=["project", "system"], operations=[{"method": "PUT", "path": "/trunks/{id}/add_subports"}], @@ -2064,6 +2401,9 @@ list_rules = ( check_str=( "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" ), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete subports from a trunk", scope_types=["project", "system"], operations=[{"method": "PUT", "path": "/trunks/{id}/remove_subports"}], @@ -2071,6 +2411,9 @@ list_rules = ( base.APIRule( name="create_endpoint_group", check_str=("rule:regular_user"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a VPN endpoint group", scope_types=["project"], operations=[{"method": "POST", "path": "/vpn/endpoint-groups"}], @@ -2078,6 +2421,9 @@ list_rules = ( base.APIRule( name="update_endpoint_group", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a VPN endpoint group", scope_types=["project"], operations=[{"method": "PUT", "path": "/vpn/endpoint-groups/{id}"}], @@ -2085,6 +2431,9 @@ list_rules = ( base.APIRule( name="delete_endpoint_group", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a VPN endpoint group", scope_types=["project"], operations=[{"method": "DELETE", "path": "/vpn/endpoint-groups/{id}"}], @@ -2092,6 +2441,9 @@ list_rules = ( base.APIRule( name="get_endpoint_group", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get VPN endpoint groups", scope_types=["project"], operations=[ @@ -2102,6 +2454,9 @@ list_rules = ( base.APIRule( name="create_ikepolicy", check_str=("rule:regular_user"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an IKE policy", scope_types=["project"], operations=[{"method": "POST", "path": "/vpn/ikepolicies"}], @@ -2109,6 +2464,9 @@ list_rules = ( base.APIRule( name="update_ikepolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update an IKE policy", scope_types=["project"], operations=[{"method": "PUT", "path": "/vpn/ikepolicies/{id}"}], @@ -2116,6 +2474,9 @@ list_rules = ( base.APIRule( name="delete_ikepolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete an IKE policy", scope_types=["project"], operations=[{"method": "DELETE", "path": "/vpn/ikepolicies/{id}"}], @@ -2123,6 +2484,9 @@ list_rules = ( base.APIRule( name="get_ikepolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get IKE policyies", scope_types=["project"], operations=[ @@ -2133,6 +2497,9 @@ list_rules = ( base.APIRule( name="create_ipsecpolicy", check_str=("rule:regular_user"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an IPsec policy", scope_types=["project"], operations=[{"method": "POST", "path": "/vpn/ipsecpolicies"}], @@ -2140,6 +2507,9 @@ list_rules = ( base.APIRule( name="update_ipsecpolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update an IPsec policy", scope_types=["project"], operations=[{"method": "PUT", "path": "/vpn/ipsecpolicies/{id}"}], @@ -2147,6 +2517,9 @@ list_rules = ( base.APIRule( name="delete_ipsecpolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete an IPsec policy", scope_types=["project"], operations=[{"method": "DELETE", "path": "/vpn/ipsecpolicies/{id}"}], @@ -2154,6 +2527,9 @@ list_rules = ( base.APIRule( name="get_ipsecpolicy", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get IPsec policies", scope_types=["project"], operations=[ @@ -2164,6 +2540,9 @@ list_rules = ( base.APIRule( name="create_ipsec_site_connection", check_str=("rule:regular_user"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an IPsec site connection", scope_types=["project"], operations=[{"method": "POST", "path": "/vpn/ipsec-site-connections"}], @@ -2171,6 +2550,9 @@ list_rules = ( base.APIRule( name="update_ipsec_site_connection", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update an IPsec site connection", scope_types=["project"], operations=[{"method": "PUT", "path": "/vpn/ipsec-site-connections/{id}"}], @@ -2178,6 +2560,9 @@ list_rules = ( base.APIRule( name="delete_ipsec_site_connection", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete an IPsec site connection", scope_types=["project"], operations=[{"method": "DELETE", "path": "/vpn/ipsec-site-connections/{id}"}], @@ -2185,6 +2570,9 @@ list_rules = ( base.APIRule( name="get_ipsec_site_connection", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get IPsec site connections", scope_types=["project"], operations=[ @@ -2195,6 +2583,9 @@ list_rules = ( base.APIRule( name="create_vpnservice", check_str=("rule:regular_user"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a VPN service", scope_types=["project"], operations=[{"method": "POST", "path": "/vpn/vpnservices"}], @@ -2202,6 +2593,9 @@ list_rules = ( base.APIRule( name="update_vpnservice", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a VPN service", scope_types=["project"], operations=[{"method": "PUT", "path": "/vpn/vpnservices/{id}"}], @@ -2209,6 +2603,9 @@ list_rules = ( base.APIRule( name="delete_vpnservice", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a VPN service", scope_types=["project"], operations=[{"method": "DELETE", "path": "/vpn/vpnservices/{id}"}], @@ -2216,6 +2613,9 @@ list_rules = ( base.APIRule( name="get_vpnservice", check_str=("rule:admin_or_owner"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Get VPN services", scope_types=["project"], operations=[ diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/nova.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/nova.py similarity index 66% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/nova.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/nova.py index e691dd2..292dcad 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/nova.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/nova.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -54,6 +56,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-admin-actions:reset_state", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Reset the state of a given server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-resetState)"}], @@ -61,15 +64,19 @@ list_rules = ( base.APIRule( name="os_compute_api:os-admin-actions:inject_network_info", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Inject network information into the server", scope_types=["system", "project"], operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"}, + {"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"} ], ), base.APIRule( name="os_compute_api:os-admin-password", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Change the administrative password for a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (changePassword)"}], @@ -77,24 +84,27 @@ list_rules = ( base.APIRule( name="os_compute_api:os-aggregates:set_metadata", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create or replace metadata for an aggregate", scope_types=["system"], operations=[ - {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}, + {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"} ], ), base.APIRule( name="os_compute_api:os-aggregates:add_host", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Add a host to an aggregate", scope_types=["system"], operations=[ - {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}, + {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"} ], ), base.APIRule( name="os_compute_api:os-aggregates:create", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create an aggregate", scope_types=["system"], operations=[{"method": "POST", "path": "/os-aggregates"}], @@ -102,15 +112,17 @@ list_rules = ( base.APIRule( name="os_compute_api:os-aggregates:remove_host", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Remove a host from an aggregate", scope_types=["system"], operations=[ - {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}, + {"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"} ], ), base.APIRule( name="os_compute_api:os-aggregates:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update name and/or availability zone for an aggregate", scope_types=["system"], operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}], @@ -118,6 +130,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-aggregates:index", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all aggregates", scope_types=["system"], operations=[{"method": "GET", "path": "/os-aggregates"}], @@ -125,6 +138,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-aggregates:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete an aggregate", scope_types=["system"], operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}], @@ -132,6 +146,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-aggregates:show", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Show details for an aggregate", scope_types=["system"], operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}], @@ -139,6 +154,7 @@ list_rules = ( base.APIRule( name="compute:aggregates:images", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Request image caching for an aggregate", scope_types=["system"], operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}], @@ -146,6 +162,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-assisted-volume-snapshots:create", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create an assisted volume snapshot", scope_types=["system"], operations=[{"method": "POST", "path": "/os-assisted-volume-snapshots"}], @@ -153,6 +170,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-assisted-volume-snapshots:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete an assisted volume snapshot", scope_types=["system"], operations=[{"method": "DELETE", "path": "/os-assisted-volume-snapshots/{snapshot_id}"}], @@ -160,6 +178,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-attach-interfaces:list", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List port interfaces attached to a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-interface"}], @@ -167,6 +188,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-attach-interfaces:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show details of a port interface attached to a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-interface/{port_id}"}], @@ -174,6 +198,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-attach-interfaces:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Attach an interface to a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/os-interface"}], @@ -181,6 +208,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-attach-interfaces:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Detach an interface from a server", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}/os-interface/{port_id}"}], @@ -188,6 +218,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-availability-zone:list", check_str=("@"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List availability zone information without host information", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-availability-zone"}], @@ -195,6 +228,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-availability-zone:detail", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List detailed availability zone information with host information", scope_types=["system"], operations=[{"method": "GET", "path": "/os-availability-zone/detail"}], @@ -202,15 +236,15 @@ list_rules = ( base.APIRule( name="os_compute_api:os-baremetal-nodes:list", check_str=("rule:system_reader_api"), - description="List and show details of bare metal nodes.\n#\n#These " - "APIs are proxy calls to the Ironic service and are " - "deprecated.\n#", + basic_check_str=("role:admin or role:reader"), + description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#", scope_types=["system"], operations=[{"method": "GET", "path": "/os-baremetal-nodes"}], ), base.APIRule( name="os_compute_api:os-baremetal-nodes:show", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin"), description="Show action details for a server.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}], @@ -218,23 +252,29 @@ list_rules = ( base.APIRule( name="os_compute_api:os-console-auth-tokens", check_str=("rule:system_reader_api"), - description="Show console connection information " - "for a given console authentication token", + basic_check_str=("role:admin or role:reader"), + description="Show console connection information for a given console authentication token", scope_types=["system"], operations=[{"method": "GET", "path": "/os-console-auth-tokens/{console_token}"}], ), base.APIRule( name="os_compute_api:os-console-output", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Show console output for a server", scope_types=["system", "project"], operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"}, + {"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"} ], ), base.APIRule( name="os_compute_api:os-create-backup", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a back up of a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (createBackup)"}], @@ -242,6 +282,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-deferred-delete:restore", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Restore a soft deleted server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (restore)"}], @@ -249,6 +292,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-deferred-delete:force", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Force delete a server before deferred cleanup", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (forceDelete)"}], @@ -256,6 +302,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-evacuate", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Evacuate a server from a failed host to a new host", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (evacuate)"}], @@ -263,24 +310,8 @@ list_rules = ( base.APIRule( name="os_compute_api:os-extended-server-attributes", check_str=("rule:system_admin_api"), - description="Return extended attributes for server.\n#\n#This rule " - "will control the visibility for a set of servers " - "attributes:\n#\n#- ``OS-EXT-SRV-ATTR:host``\n#- " - "``OS-EXT-SRV-ATTR:instance_name``\n#- " - "``OS-EXT-SRV-ATTR:reservation_id`` (since microversion " - "2.3)\n#- ``OS-EXT-SRV-ATTR:launch_index`` (since " - "microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:hostname`` (" - "since microversion 2.3)\n#- " - "``OS-EXT-SRV-ATTR:kernel_id`` (since microversion " - "2.3)\n#- ``OS-EXT-SRV-ATTR:ramdisk_id`` (since " - "microversion 2.3)\n#- " - "``OS-EXT-SRV-ATTR:root_device_name`` (since " - "microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:user_data`` (" - "since microversion 2.3)\n#\n#Microvision 2.75 added the " - "above attributes in the ``PUT /servers/{" - "server_id}``\n#and ``POST /servers/{server_id}/action (" - "rebuild)`` API responses which are\n#also controlled by " - "this policy rule, like the ``GET /servers*`` APIs.\n#", + basic_check_str=("role:admin or role:reader"), + description="Return extended attributes for server.\n#\n#This rule will control the visibility for a set of servers attributes:\n#\n#- ``OS-EXT-SRV-ATTR:host``\n#- ``OS-EXT-SRV-ATTR:instance_name``\n#- ``OS-EXT-SRV-ATTR:reservation_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:launch_index`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:hostname`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:kernel_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:ramdisk_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:root_device_name`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:user_data`` (since microversion 2.3)\n#\n#Microvision 2.75 added the above attributes in the ``PUT /servers/{server_id}``\n#and ``POST /servers/{server_id}/action (rebuild)`` API responses which are\n#also controlled by this policy rule, like the ``GET /servers*`` APIs.\n#", scope_types=["system", "project"], operations=[ {"method": "GET", "path": "/servers/{id}"}, @@ -292,6 +323,7 @@ list_rules = ( base.APIRule( name="os_compute_api:extensions", check_str=("@"), + basic_check_str=("@"), description="List available extensions and show information for an extension by alias", scope_types=["system", "project"], operations=[ @@ -302,6 +334,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-access:add_tenant_access", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Add flavor access to a tenant", scope_types=["system"], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}], @@ -309,36 +342,40 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-access:remove_tenant_access", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Remove flavor access from a tenant", scope_types=["system"], operations=[ - {"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}, + {"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"} ], ), base.APIRule( name="os_compute_api:os-flavor-access", check_str=("rule:system_reader_api"), - description="List flavor access information\n#\n#Allows access to " - "the full list of tenants that have access\n#to a flavor " - "via an os-flavor-access API.\n#", + basic_check_str=("role:admin or role:reader"), + description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#", scope_types=["system"], operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show an extra spec for a flavor", scope_types=["system", "project"], operations=[ { "method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", - }, + } ], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:create", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create extra specs for a flavor", scope_types=["system"], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}], @@ -346,36 +383,36 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-extra-specs:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update an extra spec for a flavor", scope_types=["system"], operations=[ { "method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", - }, + } ], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete an extra spec for a flavor", scope_types=["system"], operations=[ { "method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}", - }, + } ], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:index", check_str=("rule:system_or_project_reader"), - description="List extra specs for a flavor. Starting with " - "microversion 2.47, the flavor used for a server is also " - "returned in the response when showing server details, " - "updating a server or rebuilding a server. Starting with " - "microversion 2.61, extra specs may be returned in " - "responses for the flavor resource.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List extra specs for a flavor. Starting with microversion 2.47, the flavor used for a server is also returned in the response when showing server details, updating a server or rebuilding a server. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.", scope_types=["system", "project"], operations=[ {"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, @@ -392,6 +429,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-manage:create", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create a flavor", scope_types=["system"], operations=[{"method": "POST", "path": "/flavors"}], @@ -399,6 +437,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-manage:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update a flavor", scope_types=["system"], operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}], @@ -406,6 +445,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-flavor-manage:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete a flavor", scope_types=["system"], operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}], @@ -413,6 +453,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ip-pools", check_str=("@"), + basic_check_str=("@"), description="List floating IP pools. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-floating-ip-pools"}], @@ -420,6 +461,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ips:add", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Associate floating IPs to server. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (addFloatingIp)"}], @@ -427,15 +471,19 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ips:remove", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Disassociate floating IPs to server. This API is deprecated.", scope_types=["system", "project"], - operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (removeFloatingIp)"}, - ], + operations=[{"method": "POST", "path": "/servers/{server_id}/action (removeFloatingIp)"}], ), base.APIRule( name="os_compute_api:os-floating-ips:list", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List floating IPs. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-floating-ips"}], @@ -443,6 +491,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ips:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create floating IPs. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-floating-ips"}], @@ -450,6 +501,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ips:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show floating IPs. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-floating-ips/{floating_ip_id}"}], @@ -457,6 +511,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-floating-ips:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete floating IPs. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-floating-ips/{floating_ip_id}"}], @@ -464,54 +521,55 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hosts:list", check_str=("rule:system_reader_api"), - description="List physical hosts.\n#\n#This API is deprecated in " - "favor of os-hypervisors and os-services.", + basic_check_str=("role:admin or role:reader"), + description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hosts"}], ), base.APIRule( name="os_compute_api:os-hosts:show", check_str=("rule:system_reader_api"), - description="Show physical host.\n#\n#This API is " - "deprecated in favor of os-hypervisors and os-services.", + basic_check_str=("role:admin or role:reader"), + description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}], ), base.APIRule( name="os_compute_api:os-hosts:update", check_str=("rule:system_admin_api"), - description="Update physical host.\n#\n#This API is " - "deprecated in favor of os-hypervisors and os-services.", + basic_check_str=("role:admin"), + description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}], ), base.APIRule( name="os_compute_api:os-hosts:reboot", check_str=("rule:system_admin_api"), - description="Reboot physical host.\n#\n#This API is deprecated " - "in favor of os-hypervisors and os-services.", + basic_check_str=("role:admin"), + description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}], ), base.APIRule( name="os_compute_api:os-hosts:shutdown", check_str=("rule:system_admin_api"), - description="Shutdown physical host.\n#\n#This API is deprecated " - "in favor of os-hypervisors and os-services.", + basic_check_str=("role:admin"), + description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}], ), base.APIRule( name="os_compute_api:os-hosts:start", check_str=("rule:system_admin_api"), - description="Start physical host.\n#\n#This API is deprecated " - "in favor of os-hypervisors and os-services.", + basic_check_str=("role:admin"), + description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}], ), base.APIRule( name="os_compute_api:os-hypervisors:list", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all hypervisors.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hypervisors"}], @@ -519,6 +577,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hypervisors:list-detail", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all hypervisors with details", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hypervisors/details"}], @@ -526,6 +585,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hypervisors:statistics", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Show summary statistics for all hypervisors over all compute nodes.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}], @@ -533,6 +593,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hypervisors:show", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Show details for a hypervisor.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}], @@ -540,6 +601,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hypervisors:uptime", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Show the uptime of a hypervisor.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}], @@ -547,62 +609,49 @@ list_rules = ( base.APIRule( name="os_compute_api:os-hypervisors:search", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Search hypervisor by hypervisor_hostname pattern.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}, + {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"} ], ), base.APIRule( name="os_compute_api:os-hypervisors:servers", check_str=("rule:system_reader_api"), - description="List all servers on hypervisors that can match the " - "provided hypervisor_hostname pattern.", + basic_check_str=("role:admin or role:reader"), + description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.", scope_types=["system"], operations=[ - {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}, + {"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"} ], ), base.APIRule( name="os_compute_api:os-instance-actions:events:details", check_str=("rule:system_reader_api"), - description='Add "details" key in action events for a ' - "server.\n#\n#This check is performed only after the " - "check\n#os_compute_api:os-instance-actions:show passes. " - "Beginning with Microversion\n#2.84, new field 'details' " - "is exposed via API which can have more details " - "about\n#event failure. That field is controlled by this " - "policy which is system reader\n#by default. Making the " - "'details' field visible to the non-admin user helps " - "to\n#understand the nature of the problem (i.e. if the " - "action can be retried),\n#but in the other hand it " - "might leak information about the deployment\n#(e.g. the " - "type of the hypervisor).\n#", + basic_check_str=("role:admin or role:reader"), + description="Add \"details\" key in action events for a server.\n#\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.84, new field 'details' is exposed via API which can have more details about\n#event failure. That field is controlled by this policy which is system reader\n#by default. Making the 'details' field visible to the non-admin user helps to\n#understand the nature of the problem (i.e. if the action can be retried),\n#but in the other hand it might leak information about the deployment\n#(e.g. the type of the hypervisor).\n#", scope_types=["system", "project"], operations=[ - {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}, + {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} ], ), base.APIRule( name="os_compute_api:os-instance-actions:events", check_str=("rule:system_reader_api"), - description="Add events details in action details for a " - "server.\n#This check is performed only after the " - "check\n#os_compute_api:os-instance-actions:show passes. " - "Beginning with Microversion\n#2.51, events details are " - "always included; traceback information is " - "provided\n#per event if policy enforcement passes. " - "Beginning with Microversion 2.62,\n#each event includes " - "a hashed host identifier and, if policy " - "enforcement\n#passes, the name of the host.", + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s"), + description="Add events details in action details for a server.\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.51, events details are always included; traceback information is provided\n#per event if policy enforcement passes. Beginning with Microversion 2.62,\n#each event includes a hashed host identifier and, if policy enforcement\n#passes, the name of the host.", scope_types=["system", "project"], operations=[ - {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}, + {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} ], ), base.APIRule( name="os_compute_api:os-instance-actions:list", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List actions for a server.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-instance-actions"}], @@ -610,15 +659,19 @@ list_rules = ( base.APIRule( name="os_compute_api:os-instance-actions:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show action details for a server.", scope_types=["system", "project"], operations=[ - {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}, + {"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"} ], ), base.APIRule( name="os_compute_api:os-instance-usage-audit-log:list", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all usage audits.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}], @@ -626,17 +679,17 @@ list_rules = ( base.APIRule( name="os_compute_api:os-instance-usage-audit-log:show", check_str=("rule:system_reader_api"), - description="List all usage audits occurred before a specified time " - "for all servers on all compute hosts where usage " - "auditing is configured", + basic_check_str=("role:admin or role:reader"), + description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}, - ], + operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}], ), base.APIRule( name="os_compute_api:ips:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show IP addresses details for a network label of a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/ips/{network_label}"}], @@ -644,6 +697,9 @@ list_rules = ( base.APIRule( name="os_compute_api:ips:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List IP addresses that are assigned to a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/ips"}], @@ -651,6 +707,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-keypairs:index", check_str=("(rule:system_reader_api) or user_id:%(user_id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="List all keypairs", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-keypairs"}], @@ -658,6 +715,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-keypairs:create", check_str=("(rule:system_admin_api) or user_id:%(user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Create a keypair", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-keypairs"}], @@ -665,6 +723,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-keypairs:delete", check_str=("(rule:system_admin_api) or user_id:%(user_id)s"), + basic_check_str=("role:admin or user_id:%(user_id)s"), description="Delete a keypair", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}], @@ -672,6 +731,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-keypairs:show", check_str=("(rule:system_reader_api) or user_id:%(user_id)s"), + basic_check_str=("role:admin or role:reader or user_id:%(user_id)s"), description="Show details of a keypair", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}], @@ -679,6 +739,9 @@ list_rules = ( base.APIRule( name="os_compute_api:limits", check_str=("@"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show rate and absolute limits for the current user project", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/limits"}], @@ -686,17 +749,17 @@ list_rules = ( base.APIRule( name="os_compute_api:limits:other_project", check_str=("rule:system_reader_api"), - description="Show rate and absolute limits of other " - "project.\n#\n#This policy only checks if the user has " - "access to the requested\n#project limits. And this " - "check is performed only after the " - "check\n#os_compute_api:limits passes", + basic_check_str=("role:admin or role:reader"), + description="Show rate and absolute limits of other project.\n#\n#This policy only checks if the user has access to the requested\n#project limits. And this check is performed only after the check\n#os_compute_api:limits passes", scope_types=["system"], operations=[{"method": "GET", "path": "/limits"}], ), base.APIRule( name="os_compute_api:os-lock-server:lock", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Lock a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (lock)"}], @@ -704,6 +767,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-lock-server:unlock", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Unlock a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (unlock)"}], @@ -711,15 +777,15 @@ list_rules = ( base.APIRule( name="os_compute_api:os-lock-server:unlock:unlock_override", check_str=("rule:system_admin_api"), - description="Unlock a server, regardless who locked the " - "server.\n#\n#This check is performed only after the " - "check\n#os_compute_api:os-lock-server:unlock passes", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="Unlock a server, regardless who locked the server.\n#\n#This check is performed only after the check\n#os_compute_api:os-lock-server:unlock passes", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (unlock)"}], ), base.APIRule( name="os_compute_api:os-migrate-server:migrate", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Cold migrate a server to a host", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (migrate)"}], @@ -727,6 +793,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-migrate-server:migrate_live", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), description="Live migrate a server to a new host without a reboot", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-migrateLive)"}], @@ -734,6 +801,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-migrations:index", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List migrations", scope_types=["system"], operations=[{"method": "GET", "path": "/os-migrations"}], @@ -741,40 +809,49 @@ list_rules = ( base.APIRule( name="os_compute_api:os-multinic:add", check_str=("rule:system_admin_or_owner"), - description="Add a fixed IP address to a server.\n#\n#This API is " - "proxy calls to the Network service. This " - "is\n#deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Add a fixed IP address to a server.\n#\n#This API is proxy calls to the Network service. This is\n#deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (addFixedIp)"}], ), base.APIRule( name="os_compute_api:os-multinic:remove", check_str=("rule:system_admin_or_owner"), - description="Remove a fixed IP address from a server.\n#\n#This API " - "is proxy calls to the Network service. This " - "is\n#deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Remove a fixed IP address from a server.\n#\n#This API is proxy calls to the Network service. This is\n#deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (removeFixedIp)"}], ), base.APIRule( name="os_compute_api:os-networks:list", check_str=("rule:system_or_project_reader"), - description="List networks for the project.\n#\n#This API is proxy " - "calls to the Network service. This is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List networks for the project.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-networks"}], ), base.APIRule( name="os_compute_api:os-networks:show", check_str=("rule:system_or_project_reader"), - description="Show network details.\n#\n#This API is proxy calls to " - "the Network service. This is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="Show network details.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-networks/{network_id}"}], ), base.APIRule( name="os_compute_api:os-pause-server:pause", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Pause a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (pause)"}], @@ -782,6 +859,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-pause-server:unpause", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Unpause a paused server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (unpause)"}], @@ -789,6 +869,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-class-sets:show", check_str=("rule:system_reader_api"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List quotas for specific quota classs", scope_types=["system"], operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}], @@ -796,6 +879,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-class-sets:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update quotas for specific quota class", scope_types=["system"], operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}], @@ -803,6 +887,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-sets:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update the quotas", scope_types=["system"], operations=[{"method": "PUT", "path": "/os-quota-sets/{tenant_id}"}], @@ -810,6 +895,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-sets:defaults", check_str=("@"), + basic_check_str=("@"), description="List default quotas", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}], @@ -817,6 +903,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-sets:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show a quota", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}"}], @@ -824,6 +913,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-sets:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Revert quotas to defaults", scope_types=["system"], operations=[{"method": "DELETE", "path": "/os-quota-sets/{tenant_id}"}], @@ -831,6 +921,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-quota-sets:detail", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show the detail of quota", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/detail"}], @@ -838,12 +931,10 @@ list_rules = ( base.APIRule( name="os_compute_api:os-remote-consoles", check_str=("rule:system_admin_or_owner"), - description="Generate a URL to access remove server " - "console.\n#\n#This policy is for ``POST " - "/remote-consoles`` API and below Server actions " - "APIs\n#are deprecated:\n#\n#- ``os-getRDPConsole``\n#- " - "``os-getSerialConsole``\n#- ``os-getSPICEConsole``\n#- " - "``os-getVNCConsole``.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Generate a URL to access remove server console.\n#\n#This policy is for ``POST /remote-consoles`` API and below Server actions APIs\n#are deprecated:\n#\n#- ``os-getRDPConsole``\n#- ``os-getSerialConsole``\n#- ``os-getSPICEConsole``\n#- ``os-getVNCConsole``.", scope_types=["system", "project"], operations=[ {"method": "POST", "path": "/servers/{server_id}/action (os-getRDPConsole)"}, @@ -856,6 +947,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-rescue", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Rescue a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (rescue)"}], @@ -863,6 +957,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-unrescue", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Unrescue a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (unrescue)"}], @@ -870,6 +967,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:get", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List security groups. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-security-groups"}], @@ -877,6 +977,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show security group. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-security-groups/{security_group_id}"}], @@ -884,6 +987,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create security group. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-security-groups"}], @@ -891,6 +997,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:update", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update security group. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/os-security-groups/{security_group_id}"}], @@ -898,6 +1007,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete security group. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-security-groups/{security_group_id}"}], @@ -905,6 +1017,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:rule:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create security group Rule. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-security-group-rules"}], @@ -912,6 +1027,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:rule:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete security group Rule. This API is deprecated.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-security-group-rules/{security_group_id}"}], @@ -919,6 +1037,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:list", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List security groups of server.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-security-groups"}], @@ -926,24 +1047,29 @@ list_rules = ( base.APIRule( name="os_compute_api:os-security-groups:add", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Add security groups to server.", scope_types=["system", "project"], - operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (addSecurityGroup)"}, - ], + operations=[{"method": "POST", "path": "/servers/{server_id}/action (addSecurityGroup)"}], ), base.APIRule( name="os_compute_api:os-security-groups:remove", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Remove security groups from server.", scope_types=["system", "project"], operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"}, + {"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"} ], ), base.APIRule( name="os_compute_api:os-server-diagnostics", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s"), description="Show the usage data for a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/diagnostics"}], @@ -951,6 +1077,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-external-events:create", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Create one or more external events", scope_types=["system"], operations=[{"method": "POST", "path": "/os-server-external-events"}], @@ -958,6 +1085,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-groups:create", check_str=("rule:project_member_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a new server group", scope_types=["project"], operations=[{"method": "POST", "path": "/os-server-groups"}], @@ -965,6 +1095,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-groups:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a server group", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-server-groups/{server_group_id}"}], @@ -972,6 +1105,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-groups:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List all server groups", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-server-groups"}], @@ -979,6 +1115,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-groups:index:all_projects", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all server groups for all projects", scope_types=["system"], operations=[{"method": "GET", "path": "/os-server-groups"}], @@ -986,6 +1123,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-groups:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show details of a server group", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-server-groups/{server_group_id}"}], @@ -993,6 +1133,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List all metadata of a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/metadata"}], @@ -1000,6 +1143,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show metadata for a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/metadata/{key}"}], @@ -1007,6 +1153,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create metadata for a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/metadata"}], @@ -1014,6 +1163,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:update_all", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Replace metadata for a server", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/servers/{server_id}/metadata"}], @@ -1021,6 +1173,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:update", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update metadata from a server", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/servers/{server_id}/metadata/{key}"}], @@ -1028,6 +1183,9 @@ list_rules = ( base.APIRule( name="os_compute_api:server-metadata:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete metadata from a server", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}/metadata/{key}"}], @@ -1035,6 +1193,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-password:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show the encrypted administrative password of a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-server-password"}], @@ -1042,6 +1203,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-password:clear", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Clear the encrypted administrative password of a server", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}/os-server-password"}], @@ -1049,6 +1213,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:delete_all", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete all the server tags", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}/tags"}], @@ -1056,6 +1223,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List all tags for given server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/tags"}], @@ -1063,6 +1233,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:update_all", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Replace all tags on specified server with the new set of tags.", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/servers/{server_id}/tags"}], @@ -1070,6 +1243,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a single tag from the specified server", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}/tags/{tag}"}], @@ -1077,6 +1253,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:update", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Add a single tag to the server if server has no specified tag", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/servers/{server_id}/tags/{tag}"}], @@ -1084,6 +1263,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-server-tags:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Check tag existence on the server.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/tags/{tag}"}], @@ -1091,6 +1273,7 @@ list_rules = ( base.APIRule( name="compute:server:topology:index", check_str=("rule:system_or_project_reader"), + basic_check_str=("role:admin or role:reader"), description="Show the NUMA topology data for a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/topology"}], @@ -1098,14 +1281,17 @@ list_rules = ( base.APIRule( name="compute:server:topology:host:index", check_str=("rule:system_reader_api"), - description="Show the NUMA topology data for a server with host NUMA " - "ID and CPU pinning information", + basic_check_str=("role:admin or role:reader"), + description="Show the NUMA topology data for a server with host NUMA ID and CPU pinning information", scope_types=["system"], operations=[{"method": "GET", "path": "/servers/{server_id}/topology"}], ), base.APIRule( name="os_compute_api:servers:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List all servers", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers"}], @@ -1113,6 +1299,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:detail", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List all servers with detailed information", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/detail"}], @@ -1120,6 +1309,7 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:index:get_all_tenants", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all servers for all projects", scope_types=["system"], operations=[{"method": "GET", "path": "/servers"}], @@ -1127,6 +1317,7 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:detail:get_all_tenants", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all servers with detailed information for all projects", scope_types=["system"], operations=[{"method": "GET", "path": "/servers/detail"}], @@ -1134,6 +1325,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:allow_all_filters", check_str=("rule:system_reader_api"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Allow all filters when listing servers", scope_types=["system"], operations=[ @@ -1144,6 +1338,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show a server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}"}], @@ -1151,17 +1348,8 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:show:host_status", check_str=("rule:system_admin_api"), - description="\n#Show a server with additional host status " - "information.\n#\n#This means host_status will be shown " - "irrespective of status value. If showing\n#only " - "host_status UNKNOWN is desired, " - "use the\n#``os_compute_api:servers:show:host_status" - ":unknown-only`` policy rule.\n#\n#Microvision 2.75 " - "added the ``host_status`` attribute in the\n#``PUT " - "/servers/{server_id}`` and ``POST /servers/{" - "server_id}/action (rebuild)``\n#API responses which are " - "also controlled by this policy rule, like the\n#``GET " - "/servers*`` APIs.\n#", + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s"), + description="\n#Show a server with additional host status information.\n#\n#This means host_status will be shown irrespective of status value. If showing\n#only host_status UNKNOWN is desired, use the\n#``os_compute_api:servers:show:host_status:unknown-only`` policy rule.\n#\n#Microvision 2.75 added the ``host_status`` attribute in the\n#``PUT /servers/{server_id}`` and ``POST /servers/{server_id}/action (rebuild)``\n#API responses which are also controlled by this policy rule, like the\n#``GET /servers*`` APIs.\n#", scope_types=["system", "project"], operations=[ {"method": "GET", "path": "/servers/{server_id}"}, @@ -1173,17 +1361,8 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:show:host_status:unknown-only", check_str=("rule:system_admin_api"), - description="\n#Show a server with additional host status " - "information, only if host status " - "is\n#UNKNOWN.\n#\n#This policy rule will only be " - "enforced when " - "the\n#``os_compute_api:servers:show:host_status`` " - "policy rule does not pass for the\n#request. An example " - "policy configuration could be where " - "the\n#``os_compute_api:servers:show:host_status`` rule " - "is set to allow admin-only and\n#the " - "``os_compute_api:servers:show:host_status:unknown-only" - "`` rule is set to\n#allow everyone.\n#", + basic_check_str=("role:admin"), + description="\n#Show a server with additional host status information, only if host status is\n#UNKNOWN.\n#\n#This policy rule will only be enforced when the\n#``os_compute_api:servers:show:host_status`` policy rule does not pass for the\n#request. An example policy configuration could be where the\n#``os_compute_api:servers:show:host_status`` rule is set to allow admin-only and\n#the ``os_compute_api:servers:show:host_status:unknown-only`` rule is set to\n#allow everyone.\n#", scope_types=["system", "project"], operations=[ {"method": "GET", "path": "/servers/{server_id}"}, @@ -1195,6 +1374,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create", check_str=("rule:project_member_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a server", scope_types=["project"], operations=[{"method": "POST", "path": "/servers"}], @@ -1202,30 +1384,25 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create:forced_host", check_str=("rule:project_admin_api"), - description="\n#Create a server on the specified host and/or " - "node.\n#\n#In this case, the server is forced to launch " - "on the specified\n#host and/or node by bypassing the " - "scheduler filters unlike " - "the\n#``compute:servers:create:requested_destination`` " - "rule.\n#", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="\n#Create a server on the specified host and/or node.\n#\n#In this case, the server is forced to launch on the specified\n#host and/or node by bypassing the scheduler filters unlike the\n#``compute:servers:create:requested_destination`` rule.\n#", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers"}], ), base.APIRule( name="compute:servers:create:requested_destination", check_str=("rule:project_admin_api"), - description="\n#Create a server on the requested compute service " - "host and/or\n#hypervisor_hostname.\n#\n#In this case, " - "the requested host and/or hypervisor_hostname " - "is\n#validated by the scheduler filters unlike " - "the\n#``os_compute_api:servers:create:forced_host`` " - "rule.\n#", + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s"), + description="\n#Create a server on the requested compute service host and/or\n#hypervisor_hostname.\n#\n#In this case, the requested host and/or hypervisor_hostname is\n#validated by the scheduler filters unlike the\n#``os_compute_api:servers:create:forced_host`` rule.\n#", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers"}], ), base.APIRule( name="os_compute_api:servers:create:attach_volume", check_str=("rule:project_member_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a server with the requested volume attached to it", scope_types=["project"], operations=[{"method": "POST", "path": "/servers"}], @@ -1233,6 +1410,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create:attach_network", check_str=("rule:project_member_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a server with the requested network attached to it", scope_types=["project"], operations=[{"method": "POST", "path": "/servers"}], @@ -1240,6 +1420,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create:trusted_certs", check_str=("rule:project_member_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create a server with trusted image certificate IDs", scope_types=["project"], operations=[{"method": "POST", "path": "/servers"}], @@ -1247,29 +1430,19 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create:zero_disk_flavor", check_str=("rule:project_admin_api"), - description="\n#This rule controls the compute API validation " - "behavior of creating a server\n#with a flavor that has " - "0 disk, indicating the server should be " - "volume-backed.\n#\n#For a flavor with disk=0, the root " - "disk will be set to exactly the size of the\n#image " - "used to deploy the instance. However, in this case the " - "filter_scheduler\n#cannot select the compute host based " - "on the virtual image size. Therefore, 0\n#should only " - "be used for volume booted instances or for testing " - "purposes.\n#\n#WARNING: It is a potential security " - "exposure to enable this policy rule\n#if users can " - "upload their own images since repeated attempts " - "to\n#create a disk=0 flavor instance with a large image " - "can exhaust\n#the local disk of the compute (or shared " - "storage cluster). See " - "bug\n#https://bugs.launchpad.net/nova/+bug/1739646 for " - "details.\n#", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="\n#This rule controls the compute API validation behavior of creating a server\n#with a flavor that has 0 disk, indicating the server should be volume-backed.\n#\n#For a flavor with disk=0, the root disk will be set to exactly the size of the\n#image used to deploy the instance. However, in this case the filter_scheduler\n#cannot select the compute host based on the virtual image size. Therefore, 0\n#should only be used for volume booted instances or for testing purposes.\n#\n#WARNING: It is a potential security exposure to enable this policy rule\n#if users can upload their own images since repeated attempts to\n#create a disk=0 flavor instance with a large image can exhaust\n#the local disk of the compute (or shared storage cluster). See bug\n#https://bugs.launchpad.net/nova/+bug/1739646 for details.\n#", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers"}], ), base.APIRule( name="network:attach_external_network", check_str=("rule:project_admin_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Attach an unshared external network to a server", scope_types=["system", "project"], operations=[ @@ -1280,6 +1453,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Delete a server", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/servers/{server_id}"}], @@ -1287,6 +1463,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:update", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Update a server", scope_types=["system", "project"], operations=[{"method": "PUT", "path": "/servers/{server_id}"}], @@ -1294,6 +1473,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:confirm_resize", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Confirm a server resize", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (confirmResize)"}], @@ -1301,6 +1483,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:revert_resize", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Revert a server resize", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (revertResize)"}], @@ -1308,6 +1493,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:reboot", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Reboot a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (reboot)"}], @@ -1315,6 +1503,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:resize", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Resize a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (resize)"}], @@ -1322,17 +1513,17 @@ list_rules = ( base.APIRule( name="compute:servers:resize:cross_cell", check_str=("!"), - description="Resize a server across cells. By default, this is " - "disabled for all users and recommended to be tested in " - "a deployment for admin users before opening it up to " - "non-admin users. Resizing within a cell is the default " - "preferred behavior even if this is enabled. ", + basic_check_str=("!"), + description="Resize a server across cells. By default, this is disabled for all users and recommended to be tested in a deployment for admin users before opening it up to non-admin users. Resizing within a cell is the default preferred behavior even if this is enabled. ", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (resize)"}], ), base.APIRule( name="os_compute_api:servers:rebuild", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Rebuild a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], @@ -1340,6 +1531,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:rebuild:trusted_certs", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Rebuild a server with trusted image certificate IDs", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], @@ -1347,6 +1541,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create_image", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an image from a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (createImage)"}], @@ -1354,6 +1551,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:create_image:allow_volume_backed", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Create an image from a volume backed server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (createImage)"}], @@ -1361,6 +1561,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:start", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Start a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-start)"}], @@ -1368,6 +1571,9 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:stop", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Stop a server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-stop)"}], @@ -1375,46 +1581,50 @@ list_rules = ( base.APIRule( name="os_compute_api:servers:trigger_crash_dump", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Trigger crash dump in a server", scope_types=["system", "project"], operations=[ - {"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"}, + {"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"} ], ), base.APIRule( name="os_compute_api:servers:migrations:show", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Show details for an in-progress live migration for a given server", scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/servers/{server_id}/migrations/{migration_id}"}, - ], + operations=[{"method": "GET", "path": "/servers/{server_id}/migrations/{migration_id}"}], ), base.APIRule( name="os_compute_api:servers:migrations:force_complete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Force an in-progress live migration for a given server to complete", scope_types=["system", "project"], operations=[ { "method": "POST", - "path": "/servers/{server_id}/migrations/{migration_id}/" - "action (force_complete)", - }, + "path": "/servers/{server_id}/migrations/{migration_id}/action (force_complete)", + } ], ), base.APIRule( name="os_compute_api:servers:migrations:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete(Abort) an in-progress live migration", scope_types=["system", "project"], operations=[ - {"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"}, + {"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"} ], ), base.APIRule( name="os_compute_api:servers:migrations:index", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="Lists in-progress live migrations for a given server", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/migrations"}], @@ -1422,6 +1632,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-services:list", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List all running Compute services in a region.", scope_types=["system"], operations=[{"method": "GET", "path": "/os-services"}], @@ -1429,6 +1640,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-services:update", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update a Compute service.", scope_types=["system"], operations=[{"method": "PUT", "path": "/os-services/{service_id}"}], @@ -1436,6 +1648,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-services:delete", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Delete a Compute service.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}], @@ -1443,6 +1656,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-shelve:shelve", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Shelve server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (shelve)"}], @@ -1450,6 +1666,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-shelve:unshelve", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Unshelve (restore) shelved server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (unshelve)"}], @@ -1457,6 +1676,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-shelve:shelve_offload", check_str=("rule:system_admin_api"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Shelf-offload (remove) server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (shelveOffload)"}], @@ -1464,6 +1686,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-simple-tenant-usage:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show usage statistics for a specific tenant", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-simple-tenant-usage/{tenant_id}"}], @@ -1471,6 +1696,7 @@ list_rules = ( base.APIRule( name="os_compute_api:os-simple-tenant-usage:list", check_str=("rule:system_reader_api"), + basic_check_str=("role:admin or role:reader"), description="List per tenant usage statistics for all tenants", scope_types=["system"], operations=[{"method": "GET", "path": "/os-simple-tenant-usage"}], @@ -1478,6 +1704,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-suspend-server:resume", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Resume suspended server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (resume)"}], @@ -1485,6 +1714,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-suspend-server:suspend", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Suspend server", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/action (suspend)"}], @@ -1492,102 +1724,129 @@ list_rules = ( base.APIRule( name="os_compute_api:os-tenant-networks:list", check_str=("rule:system_or_project_reader"), - description="List project networks.\n#\n#This API is proxy calls to " - "the Network service. This is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List project networks.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-tenant-networks"}], ), base.APIRule( name="os_compute_api:os-tenant-networks:show", check_str=("rule:system_or_project_reader"), - description="Show project network details.\n#\n#This API is proxy " - "calls to the Network service. This is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="Show project network details.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-tenant-networks/{network_id}"}], ), base.APIRule( name="os_compute_api:os-volumes:list", check_str=("rule:system_or_project_reader"), - description="List volumes.\n#\n#This API is a proxy call to " - "the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List volumes.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-volumes"}], ), base.APIRule( name="os_compute_api:os-volumes:create", check_str=("rule:system_admin_or_owner"), - description="Create volume.\n#\n#This API is a proxy call to the " - "Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Create volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-volumes"}], ), base.APIRule( name="os_compute_api:os-volumes:detail", check_str=("rule:system_or_project_reader"), - description="List volumes detail.\n#\n#This API is a proxy call to " - "the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List volumes detail.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-volumes/detail"}], ), base.APIRule( name="os_compute_api:os-volumes:show", check_str=("rule:system_or_project_reader"), - description="Show volume.\n#\n#This API is a proxy call to " - "the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="Show volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-volumes/{volume_id}"}], ), base.APIRule( name="os_compute_api:os-volumes:delete", check_str=("rule:system_admin_or_owner"), - description="Delete volume.\n#\n#This API is a proxy call to " - "the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Delete volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-volumes/{volume_id}"}], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:list", check_str=("rule:system_or_project_reader"), - description="List snapshots.\n#\n#This API is a proxy call " - "to the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List snapshots.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-snapshots"}], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:create", check_str=("rule:system_admin_or_owner"), - description="Create snapshots.\n#\n#This API is a proxy call " - "to the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Create snapshots.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/os-snapshots"}], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:detail", check_str=("rule:system_or_project_reader"), - description="List snapshots details.\n#\n#This API is a proxy call " - "to the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="List snapshots details.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-snapshots/detail"}], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:show", check_str=("rule:system_or_project_reader"), - description="Show snapshot.\n#\n#This API is a proxy call to " - "the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), + description="Show snapshot.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/os-snapshots/{snapshot_id}"}], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:delete", check_str=("rule:system_admin_or_owner"), - description="Delete snapshot.\n#\n#This API is a proxy call " - "to the Volume service. It is deprecated.", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Delete snapshot.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["system", "project"], operations=[{"method": "DELETE", "path": "/os-snapshots/{snapshot_id}"}], ), base.APIRule( name="os_compute_api:os-volumes-attachments:index", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="List volume attachments for an instance", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments"}], @@ -1595,6 +1854,9 @@ list_rules = ( base.APIRule( name="os_compute_api:os-volumes-attachments:create", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Attach a volume to an instance", scope_types=["system", "project"], operations=[{"method": "POST", "path": "/servers/{server_id}/os-volume_attachments"}], @@ -1602,44 +1864,47 @@ list_rules = ( base.APIRule( name="os_compute_api:os-volumes-attachments:show", check_str=("rule:system_or_project_reader"), + basic_check_str=( + "role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s" + ), description="Show details of a volume attachment", scope_types=["system", "project"], operations=[ - {"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}, + {"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} ], ), base.APIRule( name="os_compute_api:os-volumes-attachments:update", check_str=("rule:system_admin_or_owner"), - description="Update a volume attachment.\n#New 'update' policy about " - "'swap + update' request (which is possible\n#only " - ">2.85) only is checked. We expect to be\n#always superset of this policy " - "permission.\n#", + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), + description="Update a volume attachment.\n#New 'update' policy about 'swap + update' request (which is possible\n#only >2.85) only is checked. We expect to be\n#always superset of this policy permission.\n#", scope_types=["system", "project"], operations=[ - {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}, + {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} ], ), base.APIRule( name="os_compute_api:os-volumes-attachments:swap", check_str=("rule:system_admin_api"), + basic_check_str=("role:admin"), description="Update a volume attachment with a different volumeId", scope_types=["system"], operations=[ - {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}, + {"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} ], ), base.APIRule( name="os_compute_api:os-volumes-attachments:delete", check_str=("rule:system_admin_or_owner"), + basic_check_str=( + "role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s" + ), description="Detach a volume from an instance", scope_types=["system", "project"], operations=[ - { - "method": "DELETE", - "path": "/servers/{server_id}/os-volume_attachments/{volume_id}", - }, + {"method": "DELETE", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"} ], ), ) diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/octavia.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/octavia.py similarity index 67% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/octavia.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/octavia.py index 265cef4..8cd6bb8 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/octavia.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/octavia.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -53,12 +55,7 @@ list_rules = ( ), base.Rule( name="load-balancer:read", - check_str=( - "rule:load-balancer:observer_and_owner " - "or rule:load-balancer:global_observer " - "or rule:load-balancer:member_and_owner " - "or rule:load-balancer:admin" - ), + check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or rule:load-balancer:admin"), description="No description", ), base.Rule( @@ -73,30 +70,23 @@ list_rules = ( ), base.Rule( name="load-balancer:read-quota", - check_str=( - "rule:load-balancer:observer_and_owner or " - "rule:load-balancer:global_observer or " - "rule:load-balancer:member_and_owner or " - "role:load-balancer_quota_admin or rule:load-balancer:admin " - ), + check_str=("rule:load-balancer:observer_and_owner or rule:load-balancer:global_observer or rule:load-balancer:member_and_owner or role:load-balancer_quota_admin or rule:load-balancer:admin"), description="No description", ), base.Rule( name="load-balancer:read-quota-global", - check_str=( - "rule:load-balancer:global_observer or " - "role:load-balancer_quota_admin or rule:load-balancer:admin " - ), + check_str=("rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"), description="No description", ), base.Rule( name="load-balancer:write-quota", - check_str="role:load-balancer_quota_admin or rule:load-balancer:admin", + check_str=("role:load-balancer_quota_admin or rule:load-balancer:admin"), description="No description", ), base.APIRule( name="os_load-balancer_api:flavor:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Flavors", scope_types=["project"], operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors"}], @@ -104,6 +94,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor:post", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Create a Flavor", scope_types=["project"], operations=[{"method": "POST", "path": "/v2.0/lbaas/flavors"}], @@ -111,6 +102,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor:put", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Update a Flavor", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], @@ -118,6 +110,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Flavor details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], @@ -125,6 +118,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor:delete", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Remove a Flavor", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], @@ -132,6 +126,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor-profile:get_all", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="List Flavor Profiles", scope_types=["project"], operations=[{"method": "GET", "path": "/v2.0/lbaas/flavorprofiles"}], @@ -139,6 +134,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor-profile:post", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Create a Flavor Profile", scope_types=["project"], operations=[{"method": "POST", "path": "/v2.0/lbaas/flavorprofiles"}], @@ -146,33 +142,31 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:flavor-profile:put", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Update a Flavor Profile", scope_types=["project"], - operations=[ - {"method": "PUT", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}, - ], + operations=[{"method": "PUT", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:flavor-profile:get_one", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="Show Flavor Profile details", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}, - ], + operations=[{"method": "GET", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:flavor-profile:delete", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Remove a Flavor Profile", scope_types=["project"], - operations=[ - {"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}, - ], + operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Availability Zones", scope_types=["project"], operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones"}], @@ -180,6 +174,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:availability-zone:post", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Create an Availability Zone", scope_types=["project"], operations=[{"method": "POST", "path": "/v2.0/lbaas/availabilityzones"}], @@ -187,33 +182,31 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:availability-zone:put", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Update an Availability Zone", scope_types=["project"], - operations=[ - {"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}, - ], + operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Availability Zone details", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}, - ], + operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone:delete", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Remove an Availability Zone", scope_types=["project"], - operations=[ - {"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}, - ], + operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:get_all", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="List Availability Zones", scope_types=["project"], operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles"}], @@ -221,6 +214,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:availability-zone-profile:post", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Create an Availability Zone", scope_types=["project"], operations=[{"method": "POST", "path": "/v2.0/lbaas/availabilityzoneprofiles"}], @@ -228,42 +222,31 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:availability-zone-profile:put", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Update an Availability Zone", scope_types=["project"], - operations=[ - { - "method": "PUT", - "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}", - }, - ], + operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:get_one", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="Show Availability Zone details", scope_types=["project"], - operations=[ - { - "method": "GET", - "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}", - }, - ], + operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:delete", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Remove an Availability Zone", scope_types=["project"], - operations=[ - { - "method": "DELETE", - "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}", - }, - ], + operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], ), base.APIRule( name="os_load-balancer_api:healthmonitor:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Health Monitors of a Pool", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}], @@ -271,6 +254,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:healthmonitor:get_all-global", check_str=("rule:load-balancer:read-global"), + basic_check_str=("role:admin or role:reader"), description="List Health Monitors including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}], @@ -278,6 +262,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:healthmonitor:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a Health Monitor", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/healthmonitors"}], @@ -285,6 +270,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:healthmonitor:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Health Monitor details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], @@ -292,6 +278,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:healthmonitor:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a Health Monitor", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], @@ -299,6 +286,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:healthmonitor:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a Health Monitor", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], @@ -306,6 +294,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List L7 Policys", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}], @@ -313,6 +302,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:get_all-global", check_str=("rule:load-balancer:read-global"), + basic_check_str=("role:admin or role:reader"), description="List L7 Policys including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}], @@ -320,6 +310,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a L7 Policy", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/l7policies"}], @@ -327,6 +318,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show L7 Policy details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], @@ -334,6 +326,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a L7 Policy", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], @@ -341,6 +334,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7policy:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a L7 Policy", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], @@ -348,6 +342,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7rule:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List L7 Rules", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], @@ -355,6 +350,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7rule:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a L7 Rule", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], @@ -362,33 +358,31 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:l7rule:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show L7 Rule details", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}, - ], + operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], ), base.APIRule( name="os_load-balancer_api:l7rule:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a L7 Rule", scope_types=["project"], - operations=[ - {"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}, - ], + operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], ), base.APIRule( name="os_load-balancer_api:l7rule:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a L7 Rule", scope_types=["project"], - operations=[ - {"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}, - ], + operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], ), base.APIRule( name="os_load-balancer_api:listener:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Listeners", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}], @@ -396,6 +390,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:get_all-global", check_str=("rule:load-balancer:read-global"), + basic_check_str=("role:admin or role:reader"), description="List Listeners including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}], @@ -403,6 +398,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a Listener", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/listeners"}], @@ -410,6 +406,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Listener details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}"}], @@ -417,6 +414,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a Listener", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/listeners/{listener_id}"}], @@ -424,6 +422,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a Listener", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/listeners/{listener_id}"}], @@ -431,6 +430,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:listener:get_stats", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Listener statistics", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}/stats"}], @@ -438,6 +438,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Load Balancers", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}], @@ -445,6 +446,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:get_all-global", check_str=("rule:load-balancer:read-global"), + basic_check_str=("role:admin or role:reader"), description="List Load Balancers including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}], @@ -452,6 +454,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a Load Balancer", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/loadbalancers"}], @@ -459,6 +462,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Load Balancer details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], @@ -466,6 +470,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a Load Balancer", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], @@ -473,6 +478,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a Load Balancer", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], @@ -480,33 +486,31 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:loadbalancer:get_stats", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Load Balancer statistics", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}, - ], + operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_status", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Load Balancer status", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"}, - ], + operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"}], ), base.APIRule( name="os_load-balancer_api:loadbalancer:put_failover", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Failover a Load Balancer", scope_types=["project"], - operations=[ - {"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"}, - ], + operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"}], ), base.APIRule( name="os_load-balancer_api:member:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Members of a Pool", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members"}], @@ -514,6 +518,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:member:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a Member", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/pools/{pool_id}/members"}], @@ -521,6 +526,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:member:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Member details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], @@ -528,6 +534,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:member:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a Member", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], @@ -535,15 +542,15 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:member:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a Member", scope_types=["project"], - operations=[ - {"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}, - ], + operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], ), base.APIRule( name="os_load-balancer_api:pool:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Pools", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/pools"}], @@ -551,6 +558,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:pool:get_all-global", check_str=("rule:load-balancer:read-global"), + basic_check_str=("role:admin or role:reader"), description="List Pools including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/pools"}], @@ -558,6 +566,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:pool:post", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Create a Pool", scope_types=["project"], operations=[{"method": "POST", "path": "/v2/lbaas/pools"}], @@ -565,6 +574,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:pool:get_one", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Pool details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}"}], @@ -572,6 +582,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:pool:put", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Update a Pool", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}"}], @@ -579,6 +590,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:pool:delete", check_str=("rule:load-balancer:write"), + basic_check_str=("role:admin or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s"), description="Remove a Pool", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}"}], @@ -586,6 +598,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:provider:get_all", check_str=("rule:load-balancer:read"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List enabled providers", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/providers"}], @@ -593,6 +606,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:get_all", check_str=("rule:load-balancer:read-quota"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="List Quotas", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}], @@ -600,6 +614,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:get_all-global", check_str=("rule:load-balancer:read-quota-global"), + basic_check_str=("role:admin or role:reader"), description="List Quotas including resources owned by others", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}], @@ -607,6 +622,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:get_one", check_str=("rule:load-balancer:read-quota"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Quota details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}"}], @@ -614,6 +630,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:put", check_str=("rule:load-balancer:write-quota"), + basic_check_str=("role:admin"), description="Update a Quota", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/lbaas/quotas/{project_id}"}], @@ -621,6 +638,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:delete", check_str=("rule:load-balancer:write-quota"), + basic_check_str=("role:admin"), description="Reset a Quota", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/lbaas/quotas/{project_id}"}], @@ -628,6 +646,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:quota:get_defaults", check_str=("rule:load-balancer:read-quota"), + basic_check_str=("role:admin or role:reader or role:admin and project_id:%(project_id)s or role:member and project_id:%(project_id)s or role:reader and project_id:%(project_id)s"), description="Show Default Quota for a Project", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}/default"}], @@ -635,6 +654,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:get_all", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="List Amphorae", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/octavia/amphorae"}], @@ -642,6 +662,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:get_one", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="Show Amphora details", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/octavia/amphorae/{amphora_id}"}], @@ -649,6 +670,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:delete", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Delete an Amphora", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v2/octavia/amphorae/{amphora_id}"}], @@ -656,6 +678,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:put_config", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Update Amphora Agent Configuration", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/octavia/amphorae/{amphora_id}/config"}], @@ -663,6 +686,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:put_failover", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin"), description="Failover Amphora", scope_types=["project"], operations=[{"method": "PUT", "path": "/v2/octavia/amphorae/{amphora_id}/failover"}], @@ -670,6 +694,7 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:amphora:get_stats", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="Show Amphora statistics", scope_types=["project"], operations=[{"method": "GET", "path": "/v2/octavia/amphorae/{amphora_id}/stats"}], @@ -677,23 +702,18 @@ list_rules = ( base.APIRule( name="os_load-balancer_api:provider-flavor:get_all", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="List the provider flavor capabilities.", scope_types=["project"], - operations=[ - {"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"}, - ], + operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"}], ), base.APIRule( name="os_load-balancer_api:provider-availability-zone:get_all", check_str=("rule:load-balancer:admin"), + basic_check_str=("role:admin or role:reader"), description="List the provider availability zone capabilities.", scope_types=["project"], - operations=[ - { - "method": "GET", - "path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities", - }, - ], + operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities"}], ), ) diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/panko.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/panko.py similarity index 79% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/panko.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/panko.py index f00e4fb..6b1f1f9 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/panko.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/panko.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -9,16 +11,15 @@ list_rules = ( base.APIRule( name="segregation", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Return the user and project the requestshould be limited to", scope_types=["system"], - operations=[ - {"method": "GET", "path": "/v2/events"}, - {"method": "GET", "path": "/v2/events/{message_id}"}, - ], + operations=[{"method": "GET", "path": "/v2/events"}, {"method": "GET", "path": "/v2/events/{message_id}"}], ), base.APIRule( name="telemetry:events:index", check_str=(""), + basic_check_str=("@"), description="Return all events matching the query filters.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/events"}], @@ -26,6 +27,7 @@ list_rules = ( base.APIRule( name="telemetry:events:show", check_str=(""), + basic_check_str=("@"), description="Return a single event with the given message id.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/v2/events/{message_id}"}], diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/placement.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/placement.py similarity index 81% rename from libs/skyline-policy-manager/src/skyline_policy_manager/policies/placement.py rename to libs/skyline-policy-manager/skyline_policy_manager/policies/placement.py index db71b8d..1ebd155 100644 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/placement.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/placement.py @@ -1,3 +1,5 @@ +# flake8: noqa + from . import base list_rules = ( @@ -9,6 +11,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource providers.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers"}], @@ -16,6 +19,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create resource provider.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_providers"}], @@ -23,6 +27,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:show", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show resource provider.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}"}], @@ -30,6 +35,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update resource provider.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}"}], @@ -37,6 +43,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete resource provider.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}"}], @@ -44,6 +51,7 @@ list_rules = ( base.APIRule( name="placement:resource_classes:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource classes.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_classes"}], @@ -51,6 +59,7 @@ list_rules = ( base.APIRule( name="placement:resource_classes:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create resource class.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_classes"}], @@ -58,6 +67,7 @@ list_rules = ( base.APIRule( name="placement:resource_classes:show", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show resource class.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_classes/{name}"}], @@ -65,6 +75,7 @@ list_rules = ( base.APIRule( name="placement:resource_classes:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update resource class.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_classes/{name}"}], @@ -72,6 +83,7 @@ list_rules = ( base.APIRule( name="placement:resource_classes:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete resource class.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_classes/{name}"}], @@ -79,6 +91,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:inventories:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource provider inventories.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories"}], @@ -86,6 +99,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:inventories:create", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Create one resource provider inventory.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_providers/{uuid}/inventories"}], @@ -93,44 +107,31 @@ list_rules = ( base.APIRule( name="placement:resource_providers:inventories:show", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show resource provider inventory.", scope_types=["system"], - operations=[ - { - "method": "GET", - "path": "/resource_providers/{uuid}/inventories/{resource_class}", - }, - ], + operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:inventories:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update resource provider inventory.", scope_types=["system"], - operations=[ - {"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, - { - "method": "PUT", - "path": "/resource_providers/{uuid}/inventories/{resource_class}", - }, - ], + operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, {"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:inventories:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete resource provider inventory.", scope_types=["system"], - operations=[ - {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, - { - "method": "DELETE", - "path": "/resource_providers/{uuid}/inventories/{resource_class}", - }, - ], + operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:aggregates:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource provider aggregates.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/aggregates"}], @@ -138,6 +139,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:aggregates:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update resource provider aggregates.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/aggregates"}], @@ -145,15 +147,15 @@ list_rules = ( base.APIRule( name="placement:resource_providers:usages", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource provider usages.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/usages"}], ), base.APIRule( name="placement:usages", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), + check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), + basic_check_str=("role:admin or role:reader"), description="List total resource usages for a given project.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/usages"}], @@ -161,6 +163,7 @@ list_rules = ( base.APIRule( name="placement:traits:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List traits.", scope_types=["system"], operations=[{"method": "GET", "path": "/traits"}], @@ -168,6 +171,7 @@ list_rules = ( base.APIRule( name="placement:traits:show", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="Show trait.", scope_types=["system"], operations=[{"method": "GET", "path": "/traits/{name}"}], @@ -175,6 +179,7 @@ list_rules = ( base.APIRule( name="placement:traits:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update trait.", scope_types=["system"], operations=[{"method": "PUT", "path": "/traits/{name}"}], @@ -182,6 +187,7 @@ list_rules = ( base.APIRule( name="placement:traits:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete trait.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/traits/{name}"}], @@ -189,6 +195,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:traits:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource provider traits.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/traits"}], @@ -196,6 +203,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:traits:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update resource provider traits.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/traits"}], @@ -203,6 +211,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:traits:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete resource provider traits.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/traits"}], @@ -210,6 +219,7 @@ list_rules = ( base.APIRule( name="placement:allocations:manage", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Manage allocations.", scope_types=["system"], operations=[{"method": "POST", "path": "/allocations"}], @@ -217,6 +227,7 @@ list_rules = ( base.APIRule( name="placement:allocations:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List allocations.", scope_types=["system"], operations=[{"method": "GET", "path": "/allocations/{consumer_uuid}"}], @@ -224,6 +235,7 @@ list_rules = ( base.APIRule( name="placement:allocations:update", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Update allocations.", scope_types=["system"], operations=[{"method": "PUT", "path": "/allocations/{consumer_uuid}"}], @@ -231,6 +243,7 @@ list_rules = ( base.APIRule( name="placement:allocations:delete", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Delete allocations.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/allocations/{consumer_uuid}"}], @@ -238,6 +251,7 @@ list_rules = ( base.APIRule( name="placement:resource_providers:allocations:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List resource provider allocations.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/allocations"}], @@ -245,6 +259,7 @@ list_rules = ( base.APIRule( name="placement:allocation_candidates:list", check_str=("role:reader and system_scope:all"), + basic_check_str=("role:admin or role:reader"), description="List allocation candidates.", scope_types=["system"], operations=[{"method": "GET", "path": "/allocation_candidates"}], @@ -252,6 +267,7 @@ list_rules = ( base.APIRule( name="placement:reshaper:reshape", check_str=("role:admin and system_scope:all"), + basic_check_str=("role:admin"), description="Reshape Inventory and Allocations.", scope_types=["system"], operations=[{"method": "POST", "path": "/reshaper"}], diff --git a/libs/skyline-policy-manager/skyline_policy_manager/py.typed b/libs/skyline-policy-manager/skyline_policy_manager/py.typed new file mode 100644 index 0000000..e69de29 diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/schema.py b/libs/skyline-policy-manager/skyline_policy_manager/schema.py similarity index 100% rename from libs/skyline-policy-manager/src/skyline_policy_manager/schema.py rename to libs/skyline-policy-manager/skyline_policy_manager/schema.py diff --git a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/heat.py b/libs/skyline-policy-manager/src/skyline_policy_manager/policies/heat.py deleted file mode 100644 index 129e503..0000000 --- a/libs/skyline-policy-manager/src/skyline_policy_manager/policies/heat.py +++ /dev/null @@ -1,911 +0,0 @@ -from . import base - -list_rules = ( - base.Rule( - name="context_is_admin", - check_str=("(role:admin and is_admin_project:True) OR (role:admin and system_scope:all)"), - description="Decides what is required for the 'is_admin:True' check to succeed.", - ), - base.Rule( - name="project_admin", - check_str=("role:admin"), - description="Default rule for project admin.", - ), - base.Rule( - name="deny_stack_user", - check_str=("not role:heat_stack_user"), - description="Default rule for deny stack user.", - ), - base.Rule( - name="deny_everybody", - check_str=("!"), - description="Default rule for deny everybody.", - ), - base.Rule( - name="allow_everybody", - check_str=(""), - description="Default rule for allow everybody.", - ), - base.Rule( - name="cloudformation:ListStacks", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:CreateStack", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:DescribeStacks", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:DeleteStack", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:UpdateStack", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:CancelUpdateStack", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:DescribeStackEvents", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:ValidateTemplate", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:GetTemplate", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:EstimateTemplateCost", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:DescribeStackResource", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(project_id)s) " - "or (role:heat_stack_user and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:DescribeStackResources", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="cloudformation:ListStackResources", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="No description", - ), - base.Rule( - name="resource_types:OS::Nova::Flavor", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Cinder::EncryptedVolumeType", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Cinder::VolumeType", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Cinder::Quota", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::Quota", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Nova::Quota", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Octavia::Quota", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Manila::ShareType", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::ProviderNet", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::QoSPolicy", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::QoSBandwidthLimitRule", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::QoSDscpMarkingRule", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::QoSMinimumBandwidthRule", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Neutron::Segment", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Nova::HostAggregate", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Cinder::QoSSpecs", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Cinder::QoSAssociation", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Keystone::*", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Blazar::Host", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Octavia::Flavor", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="resource_types:OS::Octavia::FlavorProfile", - check_str=("rule:project_admin"), - description="No description", - ), - base.Rule( - name="service:index", - check_str=("role:reader and system_scope:all"), - description="No description", - ), - base.APIRule( - name="actions:action", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Performs non-lifecycle operations on the stack " - "(Snapshot, Resume, Cancel update, or check stack " - "resources). This is the default for all actions but " - "can be overridden by more specific policies " - "for individual actions.", - scope_types=["project"], - operations=[ - {"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}, - ], - ), - base.APIRule( - name="actions:snapshot", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Create stack snapshot", - scope_types=["system", "project"], - operations=[ - {"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}, - ], - ), - base.APIRule( - name="actions:suspend", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Suspend a stack.", - scope_types=["system", "project"], - operations=[ - {"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}, - ], - ), - base.APIRule( - name="actions:resume", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Resume a suspended stack.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions", - }, - ], - ), - base.APIRule( - name="actions:check", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="Check stack resources.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions", - }, - ], - ), - base.APIRule( - name="actions:cancel_update", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " - ), - description="Cancel stack operation and roll back.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions", - }, - ], - ), - base.APIRule( - name="actions:cancel_without_rollback", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " - ), - description="Cancel stack operation without rolling back.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions", - }, - ], - ), - base.APIRule( - name="build_info:build_info", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="Show build information.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/build_info"}], - ), - base.APIRule( - name="events:index", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="List events.", - scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events"}, - ], - ), - base.APIRule( - name="events:show", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show event.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{" - "stack_id}/resources/{resource_name}/events/{" - "event_id}", - }, - ], - ), - base.APIRule( - name="resource:index", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="List resources.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources", - }, - ], - ), - base.APIRule( - name="resource:metadata", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or (role:heat_stack_user and " - "project_id:%(project_id)s) " - ), - description="Show resource metadata.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{" - "stack_id}/resources/{resource_name}/metadata", - }, - ], - ), - base.APIRule( - name="resource:signal", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) or (role:heat_stack_user and " - "project_id:%(project_id)s) " - ), - description="Signal resource.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{" - "stack_id}/resources/{resource_name}/signal", - }, - ], - ), - base.APIRule( - name="resource:mark_unhealthy", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " - ), - description="Mark resource as unhealthy.", - scope_types=["system", "project"], - operations=[ - { - "method": "PATCH", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{" - "stack_id}/resources/{resource_name_or_physical_id}", - }, - ], - ), - base.APIRule( - name="resource:show", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show resource.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}" - "/{stack_id}/resources/{resource_name}", - }, - ], - ), - base.APIRule( - name="software_configs:global_index", - check_str=("role:reader and system_scope:all"), - description="List configs globally.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], - ), - base.APIRule( - name="software_configs:index", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="List configs.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], - ), - base.APIRule( - name="software_configs:create", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="Create config.", - scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_configs"}], - ), - base.APIRule( - name="software_configs:show", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="Show config details.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], - ), - base.APIRule( - name="software_configs:delete", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Delete config.", - scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], - ), - base.APIRule( - name="software_deployments:index", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List deployments.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments"}], - ), - base.APIRule( - name="software_deployments:create", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Create deployment.", - scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_deployments"}], - ), - base.APIRule( - name="software_deployments:show", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show deployment details.", - scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}, - ], - ), - base.APIRule( - name="software_deployments:update", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Update deployment.", - scope_types=["system", "project"], - operations=[ - {"method": "PUT", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}, - ], - ), - base.APIRule( - name="software_deployments:delete", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Delete deployment.", - scope_types=["system", "project"], - operations=[ - {"method": "DELETE", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}, - ], - ), - base.APIRule( - name="software_deployments:metadata", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(project_id)s) " - "or (role:heat_stack_user and project_id:%(project_id)s)" - ), - description="Show server configuration metadata.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/software_deployments/metadata/{server_id}", - }, - ], - ), - base.APIRule( - name="stacks:abandon", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Abandon stack.", - scope_types=["system", "project"], - operations=[ - { - "method": "DELETE", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon", - }, - ], - ), - base.APIRule( - name="stacks:create", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Create stack.", - scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks"}], - ), - base.APIRule( - name="stacks:delete", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Delete stack.", - scope_types=["system", "project"], - operations=[ - {"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}, - ], - ), - base.APIRule( - name="stacks:detail", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List stacks in detail.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], - ), - base.APIRule( - name="stacks:export", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Export stack.", - scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export"}, - ], - ), - base.APIRule( - name="stacks:generate_template", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Generate stack template.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template", - }, - ], - ), - base.APIRule( - name="stacks:global_index", - check_str=("role:reader and system_scope:all"), - description="List stacks globally.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], - ), - base.APIRule( - name="stacks:index", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List stacks.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], - ), - base.APIRule( - name="stacks:list_resource_types", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List resource types.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types"}], - ), - base.APIRule( - name="stacks:list_template_versions", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List template versions.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/template_versions"}], - ), - base.APIRule( - name="stacks:list_template_functions", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List template functions.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/template_versions/{template_version}/functions", - }, - ], - ), - base.APIRule( - name="stacks:lookup", - check_str=( - "(role:reader and system_scope:all) " - "or (role:reader and project_id:%(project_id)s) " - "or (role:heat_stack_user and project_id:%(project_id)s)" - ), - description="Find stack.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], - ), - base.APIRule( - name="stacks:preview", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Preview stack.", - scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/preview"}], - ), - base.APIRule( - name="stacks:resource_schema", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show resource type schema.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types/{type_name}"}], - ), - base.APIRule( - name="stacks:show", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show stack.", - scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], - ), - base.APIRule( - name="stacks:template", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Get stack template.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template", - }, - ], - ), - base.APIRule( - name="stacks:environment", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Get stack environment.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/environment", - }, - ], - ), - base.APIRule( - name="stacks:files", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Get stack files.", - scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/files"}, - ], - ), - base.APIRule( - name="stacks:update", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Update stack.", - scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], - ), - base.APIRule( - name="stacks:update_patch", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Update stack (PATCH).", - scope_types=["system", "project"], - operations=[ - {"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}, - ], - ), - base.APIRule( - name="stacks:update_no_change", - check_str=("rule:stacks:update_patch"), - description="Update stack (PATCH) with no changes.", - scope_types=["system", "project"], - operations=[ - {"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}, - ], - ), - base.APIRule( - name="stacks:preview_update", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Preview update stack.", - scope_types=["system", "project"], - operations=[ - {"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}, - ], - ), - base.APIRule( - name="stacks:preview_update_patch", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Preview update stack (PATCH).", - scope_types=["system", "project"], - operations=[ - {"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}, - ], - ), - base.APIRule( - name="stacks:validate_template", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Validate template.", - scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/validate"}], - ), - base.APIRule( - name="stacks:snapshot", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Snapshot Stack.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots", - }, - ], - ), - base.APIRule( - name="stacks:show_snapshot", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="Show snapshot.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/" - "{stack_id}/snapshots/{snapshot_id}", - }, - ], - ), - base.APIRule( - name="stacks:delete_snapshot", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s)" - ), - description="Delete snapshot.", - scope_types=["system", "project"], - operations=[ - { - "method": "DELETE", - "path": "/v1/{tenant_id}/stacks/{stack_name}" - "/{stack_id}/snapshots/{snapshot_id}", - }, - ], - ), - base.APIRule( - name="stacks:list_snapshots", - check_str=( - "(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)" - ), - description="List snapshots.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots", - }, - ], - ), - base.APIRule( - name="stacks:restore_snapshot", - check_str=( - "(role:admin and system_scope:all) or (role:member and project_id:%(project_id)s) " - ), - description="Restore snapshot.", - scope_types=["system", "project"], - operations=[ - { - "method": "POST", - "path": "/v1/{tenant_id}/stacks/{stack_name}/" - "{stack_id}/snapshots/{snapshot_id}/restore", - }, - ], - ), - base.APIRule( - name="stacks:list_outputs", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="List outputs.", - scope_types=["system", "project"], - operations=[ - {"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs"}, - ], - ), - base.APIRule( - name="stacks:show_output", - check_str=( - "(role:reader and system_scope:all) or (role:reader and " - "project_id:%(project_id)s) " - ), - description="Show outputs.", - scope_types=["system", "project"], - operations=[ - { - "method": "GET", - "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs/{output_key}", - }, - ], - ), -) - -__all__ = ("list_rules",) diff --git a/libs/skyline-policy-manager/tools/post_install.sh b/libs/skyline-policy-manager/tools/post_install.sh index d6aee92..00ddfbd 100755 --- a/libs/skyline-policy-manager/tools/post_install.sh +++ b/libs/skyline-policy-manager/tools/post_install.sh @@ -2,16 +2,16 @@ # Install openstack service package poetry run pip install --no-deps \ -keystone \ -openstack-placement \ -nova \ -cinder \ -glance \ -neutron neutron-vpnaas \ -openstack-heat \ -ironic-lib ironic ironic-inspector \ -octavia-lib octavia \ -panko + keystone \ + openstack-placement \ + nova \ + cinder \ + glance \ + neutron neutron-vpnaas \ + openstack-heat \ + ironic-lib ironic ironic-inspector \ + octavia-lib octavia \ + panko # Patch cinder patch_path="$(poetry run python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')/cinder/__init__.py"