From 3aa06f78536886e8dc7529d681f9a395688e3a07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fit=20Demir?= Date: Thu, 24 Mar 2022 12:28:42 +0000 Subject: [PATCH] Add Trove configs and policies to Skyline-Apiserver Change-Id: I28d627dc00dcaafc1582b13b9c0416966978b594 --- etc/skyline.yaml.sample | 1 + .../skyline_apiserver/config/openstack.py | 1 + .../skyline_nginx/cmd/generate_nginx.py | 6 +- .../skyline_policy_manager/policies/trove.py | 764 ++++++++++++++++++ .../tools/post_install.sh | 3 +- 5 files changed, 773 insertions(+), 2 deletions(-) create mode 100644 libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py diff --git a/etc/skyline.yaml.sample b/etc/skyline.yaml.sample index ee47059..445e96e 100644 --- a/etc/skyline.yaml.sample +++ b/etc/skyline.yaml.sample @@ -72,6 +72,7 @@ openstack: service_mapping: baremetal: ironic compute: nova + database: trove identity: keystone image: glance load-balancer: octavia diff --git a/libs/skyline-apiserver/skyline_apiserver/config/openstack.py b/libs/skyline-apiserver/skyline_apiserver/config/openstack.py index 3e4bf57..539fd09 100644 --- a/libs/skyline-apiserver/skyline_apiserver/config/openstack.py +++ b/libs/skyline-apiserver/skyline_apiserver/config/openstack.py @@ -175,6 +175,7 @@ service_mapping = Opt( "baremetal": "ironic", "load-balancer": "octavia", "object-store": "swift", + "database": "trove", }, ) diff --git a/libs/skyline-nginx/skyline_nginx/cmd/generate_nginx.py b/libs/skyline-nginx/skyline_nginx/cmd/generate_nginx.py index 6751313..80d13df 100644 --- a/libs/skyline-nginx/skyline_nginx/cmd/generate_nginx.py +++ b/libs/skyline-nginx/skyline_nginx/cmd/generate_nginx.py @@ -140,7 +140,11 @@ def get_proxy_endpoints() -> Dict[str, ProxyEndpoint]: help=("skyline log file address."), ) def main( - output_file_path: str, ssl_certfile: str, ssl_keyfile: str, listen_address: str, log_dir: str + output_file_path: str, + ssl_certfile: str, + ssl_keyfile: str, + listen_address: str, + log_dir: str, ) -> None: try: configure("skyline") diff --git a/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py new file mode 100644 index 0000000..172829d --- /dev/null +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py @@ -0,0 +1,764 @@ +from . import base + +list_rules = ( + base.Rule( + name="admin", + check_str=("role:admin or is_admin:True"), + description="Must be an administrator.", + ), + base.Rule( + name="admin_or_owner", + check_str=("rule:admin or tenant:%(tenant)s"), + description="Must be an administrator or owner of the object.", + ), + base.Rule( + name="default", + check_str=("rule:admin_or_owner"), + description="Must be an administrator or owner of the object.", + ), + base.APIRule( + name="instance:create", + check_str=("rule:admin_or_owner"), + description="Create a database instance.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances"}], + ), + base.APIRule( + name="instance:delete", + check_str=("rule:admin_or_owner"), + description="Delete a database instance.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + ), + base.APIRule( + name="instance:force_delete", + check_str=("rule:admin_or_owner"), + description="Forcibly delete a database instance.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + ), + base.APIRule( + name="instance:index", + check_str=("rule:admin_or_owner"), + description="List database instances.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances"}], + ), + base.APIRule( + name="instance:detail", + check_str=("rule:admin_or_owner"), + description="List database instances with details.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/detail"}], + ), + base.APIRule( + name="instance:show", + check_str=("rule:admin_or_owner"), + description="Get details of a specific database instance.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + ), + base.APIRule( + name="instance:update", + check_str=("rule:admin_or_owner"), + description="Update a database instance to attach/detach configuration", + scope_types=["project"], + operations=[ + {"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}"}, + {"method": "POST", "path": "/v1.0/{account_id}/instances"}, + ], + ), + base.APIRule( + name="instance:edit", + check_str=("rule:admin_or_owner"), + description="Updates the instance to set or unset one or more attributes.", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + ), + base.APIRule( + name="instance:restart", + check_str=("rule:admin_or_owner"), + description="Restart a database instance.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action (restart)", + }, + ], + ), + base.APIRule( + name="instance:resize_volume", + check_str=("rule:admin_or_owner"), + description="Resize a database instance volume.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)", + }, + ], + ), + base.APIRule( + name="instance:resize_flavor", + check_str=("rule:admin_or_owner"), + description="Resize a database instance flavor.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)", + }, + ], + ), + base.APIRule( + name="instance:reset_status", + check_str=("rule:admin"), + description="Reset the status of a database instance to ERROR.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action (reset_status)", + }, + ], + ), + base.APIRule( + name="instance:promote_to_replica_source", + check_str=("rule:admin_or_owner"), + description="Promote instance to replica source.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action" + + "(promote_to_replica_source)", + }, + ], + ), + base.APIRule( + name="instance:eject_replica_source", + check_str=("rule:admin_or_owner"), + description="Eject the replica source from its replica set.", + scope_types=["project"], + operations=[ + { + "method": "POST", + "path": "/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)", + }, + ], + ), + base.APIRule( + name="instance:configuration", + check_str=("rule:admin_or_owner"), + description="Get the default configuration template applied to the instance.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/configuration"}, + ], + ), + base.APIRule( + name="instance:guest_log_list", + check_str=("rule:admin_or_owner"), + description="Get all informations about all logs of a database instance.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/log"}], + ), + base.APIRule( + name="instance:backups", + check_str=("rule:admin_or_owner"), + description="Get all backups of a database instance.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/backups"}, + ], + ), + base.APIRule( + name="instance:module_list", + check_str=("rule:admin_or_owner"), + description="Get informations about modules on a database instance.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}, + ], + ), + base.APIRule( + name="instance:module_apply", + check_str=("rule:admin_or_owner"), + description="Apply modules to a database instance.", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}, + {"method": "POST", "path": "/v1.0/{account_id}/instances"}, + ], + ), + base.APIRule( + name="instance:module_remove", + check_str=("rule:admin_or_owner"), + description="Remove a module from a database instance.", + scope_types=["project"], + operations=[ + { + "method": "DELETE", + "path": "/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}", + }, + ], + ), + base.APIRule( + name="instance:extension:root:create", + check_str=("rule:admin_or_owner"), + description="Enable the root user of a database instance.", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}, + ], + ), + base.APIRule( + name="instance:extension:root:delete", + check_str=("rule:admin_or_owner"), + description="Disable the root user of a database instance.", + scope_types=["project"], + operations=[ + {"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}, + ], + ), + base.APIRule( + name="instance:extension:root:index", + check_str=("rule:admin_or_owner"), + description="Show whether the root user of a database instance has been ever enabled.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}], + ), + base.APIRule( + name="cluster:extension:root:create", + check_str=("rule:admin_or_owner"), + description="Enable the root user of the instances in a cluster.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + ), + base.APIRule( + name="cluster:extension:root:delete", + check_str=("rule:admin_or_owner"), + description="Enable the root user of the instances in a cluster.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + ), + base.APIRule( + name="cluster:extension:root:index", + check_str=("rule:admin_or_owner"), + description="Disable the root of the instances in a cluster.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + ), + base.APIRule( + name="instance:extension:user:create", + check_str=("rule:admin_or_owner"), + description="Create users for a database instance.", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}, + {"method": "POST", "path": "/v1.0/{account_id}/instances"}, + ], + ), + base.APIRule( + name="instance:extension:user:delete", + check_str=("rule:admin_or_owner"), + description="Delete a user from a database instance.", + scope_types=["project"], + operations=[ + { + "method": "DELETE", + "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}", + }, + ], + ), + base.APIRule( + name="instance:extension:user:index", + check_str=("rule:admin_or_owner"), + description="Get all users of a database instance.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}, + ], + ), + base.APIRule( + name="instance:extension:user:show", + check_str=("rule:admin_or_owner"), + description="Get the information of a single user of a database instance.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}, + ], + ), + base.APIRule( + name="instance:extension:user:update", + check_str=("rule:admin_or_owner"), + description="Update attributes for a user of a database instance.", + scope_types=["project"], + operations=[ + {"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}, + ], + ), + base.APIRule( + name="instance:extension:user:update_all", + check_str=("rule:admin_or_owner"), + description="Update the password for one or more users a database instance.", + scope_types=["project"], + operations=[ + {"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}, + ], + ), + base.APIRule( + name="instance:extension:user_access:update", + check_str=("rule:admin_or_owner"), + description="Grant access for a user to one or more databases.", + scope_types=["project"], + operations=[ + { + "method": "PUT", + "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases", + }, + ], + ), + base.APIRule( + name="instance:extension:user_access:delete", + check_str=("rule:admin_or_owner"), + description="Revoke access for a user to a databases.", + scope_types=["project"], + operations=[ + { + "method": "DELETE", + "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}" + + "/databases/{database}", + }, + ], + ), + base.APIRule( + name="instance:extension:user_access:index", + check_str=("rule:admin_or_owner"), + description="Get permissions of a user", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases", + }, + ], + ), + base.APIRule( + name="instance:extension:database:create", + check_str=("rule:admin_or_owner"), + description="Create a set of Schemas", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}, + {"method": "POST", "path": "/v1.0/{account_id}/instances"}, + ], + ), + base.APIRule( + name="instance:extension:database:delete", + check_str=("rule:admin_or_owner"), + description="Delete a schema from a database.", + scope_types=["project"], + operations=[ + { + "method": "DELETE", + "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}", + }, + ], + ), + base.APIRule( + name="instance:extension:database:index", + check_str=("rule:admin_or_owner"), + description="List all schemas from a database.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}, + ], + ), + base.APIRule( + name="instance:extension:database:show", + check_str=("rule:admin_or_owner"), + description="Get informations of a schema(Currently Not Implemented).", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}", + }, + ], + ), + base.APIRule( + name="cluster:create", + check_str=("rule:admin_or_owner"), + description="Create a cluster.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters"}], + ), + base.APIRule( + name="cluster:delete", + check_str=("rule:admin_or_owner"), + description="Delete a cluster.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + ), + base.APIRule( + name="cluster:force_delete", + check_str=("rule:admin_or_owner"), + description="Forcibly delete a cluster.", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}, + ], + ), + base.APIRule( + name="cluster:index", + check_str=("rule:admin_or_owner"), + description="List all clusters", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters"}], + ), + base.APIRule( + name="cluster:show", + check_str=("rule:admin_or_owner"), + description="Get informations of a cluster.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + ), + base.APIRule( + name="cluster:show_instance", + check_str=("rule:admin_or_owner"), + description="Get informations of a instance in a cluster.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/clusters/{cluster}/instances/{instance}", + }, + ], + ), + base.APIRule( + name="cluster:action", + check_str=("rule:admin_or_owner"), + description="Commit an action against a cluster", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + ), + base.APIRule( + name="cluster:reset-status", + check_str=("rule:admin"), + description="Reset the status of a cluster to NONE.", + scope_types=["project"], + operations=[ + {"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}, + ], + ), + base.APIRule( + name="backup:create", + check_str=("rule:admin_or_owner"), + description="Create a backup of a database instance.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/backups"}], + ), + base.APIRule( + name="backup:delete", + check_str=("rule:admin_or_owner"), + description="Delete a backup of a database instance.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backups/{backup}"}], + ), + base.APIRule( + name="backup:index", + check_str=("rule:admin_or_owner"), + description="List all backups.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], + ), + base.APIRule( + name="backup:index:all_projects", + check_str=("role:admin"), + description="List backups for all the projects.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], + ), + base.APIRule( + name="backup:show", + check_str=("rule:admin_or_owner"), + description="Get informations of a backup.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups/{backup}"}], + ), + base.APIRule( + name="backup_strategy:create", + check_str=("rule:admin_or_owner"), + description="Create a backup strategy.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/backup_strategies"}], + ), + base.APIRule( + name="backup_strategy:index", + check_str=("rule:admin_or_owner"), + description="List all backup strategies.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/backup_strategies"}], + ), + base.APIRule( + name="backup_strategy:delete", + check_str=("rule:admin_or_owner"), + description="Delete backup strategies.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backup_strategies"}], + ), + base.APIRule( + name="configuration:create", + check_str=("rule:admin_or_owner"), + description="Create a configuration group.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/configurations"}], + ), + base.APIRule( + name="configuration:delete", + check_str=("rule:admin_or_owner"), + description="Delete a configuration group.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/configurations/{config}"}], + ), + base.APIRule( + name="configuration:index", + check_str=("rule:admin_or_owner"), + description="List all configuration groups.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations"}], + ), + base.APIRule( + name="configuration:show", + check_str=("rule:admin_or_owner"), + description="Get informations of a configuration group.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}"}], + ), + base.APIRule( + name="configuration:instances", + check_str=("rule:admin_or_owner"), + description="List all instances which a configuration group has be assigned to.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}/instances"}, + ], + ), + base.APIRule( + name="configuration:update", + check_str=("rule:admin_or_owner"), + description="Update a configuration group(the configuration group will be replaced" + + "completely).", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}], + ), + base.APIRule( + name="configuration:edit", + check_str=("rule:admin_or_owner"), + description="Patch a configuration group.", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/configurations/{config}"}], + ), + base.APIRule( + name="configuration-parameter:index", + check_str=("rule:admin_or_owner"), + description="List all parameters bind to a datastore version.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters", + }, + ], + ), + base.APIRule( + name="configuration-parameter:show", + check_str=("rule:admin_or_owner"), + description="Get a paramter of a datastore version.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters" + + "/{param}", + }, + ], + ), + base.APIRule( + name="configuration-parameter:index_by_version", + check_str=("rule:admin_or_owner"), + description="List all paramters bind to a datastore version by the id of the" + + "version(datastore is not provided).", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters", + }, + ], + ), + base.APIRule( + name="configuration-parameter:show_by_version", + check_str=("rule:admin_or_owner"), + description="Get a paramter of a datastore version by it names and the id of the" + + "version(datastore is not provided).", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}", + }, + ], + ), + base.APIRule( + name="datastore:index", + check_str=(""), + description="List all datastores.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores"}], + ), + base.APIRule( + name="datastore:show", + check_str=(""), + description="Get informations of a datastore.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}"}], + ), + base.APIRule( + name="datastore:delete", + check_str=("rule:admin"), + description="Delete a datastore.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/datastores/{datastore}"}], + ), + base.APIRule( + name="datastore:version_show", + check_str=(""), + description="Get a version of a datastore by the version id.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}", + }, + ], + ), + base.APIRule( + name="datastore:version_show_by_uuid", + check_str=(""), + description="Get a version of a datastore by the version" + + "id(without providing the datastore id).", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}"}, + ], + ), + base.APIRule( + name="datastore:version_index", + check_str=(""), + description="Get all versions of a datastore.", + scope_types=["project"], + operations=[ + {"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions"}, + ], + ), + base.APIRule( + name="datastore:list_associated_flavors", + check_str=(""), + description="List all flavors associated with a datastore version.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors", + }, + ], + ), + base.APIRule( + name="datastore:list_associated_volume_types", + check_str=(""), + description="List all volume-types associated with a datastore version.", + scope_types=["project"], + operations=[ + { + "method": "GET", + "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}" + + "/volume-types", + }, + ], + ), + base.APIRule( + name="flavor:index", + check_str=(""), + description="List all flavors.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors"}], + ), + base.APIRule( + name="flavor:show", + check_str=(""), + description="Get information of a flavor.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors/{flavor}"}], + ), + base.APIRule( + name="limits:index", + check_str=("rule:admin_or_owner"), + description="List all absolute and rate limit informations.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/limits"}], + ), + base.APIRule( + name="module:create", + check_str=("rule:admin_or_owner"), + description="Create a module.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v1.0/{account_id}/modules"}], + ), + base.APIRule( + name="module:delete", + check_str=("rule:admin_or_owner"), + description="Delete a module.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/modules/{module}"}], + ), + base.APIRule( + name="module:index", + check_str=("rule:admin_or_owner"), + description="List all modules.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules"}], + ), + base.APIRule( + name="module:show", + check_str=("rule:admin_or_owner"), + description="Get informations of a module.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}"}], + ), + base.APIRule( + name="module:instances", + check_str=("rule:admin_or_owner"), + description="List all instances to which a module is applied.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}/instances"}], + ), + base.APIRule( + name="module:update", + check_str=("rule:admin_or_owner"), + description="Update a module.", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}"}], + ), + base.APIRule( + name="module:reapply", + check_str=("rule:admin_or_owner"), + description="Reapply a module to all instances.", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}/instances"}], + ), +) + +__all__ = ("list_rules",) diff --git a/libs/skyline-policy-manager/tools/post_install.sh b/libs/skyline-policy-manager/tools/post_install.sh index 00ddfbd..7be1bfc 100755 --- a/libs/skyline-policy-manager/tools/post_install.sh +++ b/libs/skyline-policy-manager/tools/post_install.sh @@ -7,11 +7,12 @@ poetry run pip install --no-deps \ nova \ cinder \ glance \ + trove \ neutron neutron-vpnaas \ openstack-heat \ ironic-lib ironic ironic-inspector \ octavia-lib octavia \ - panko + panko # Patch cinder patch_path="$(poetry run python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])')/cinder/__init__.py"