baha/skyline-apiserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Fix trove policy

Browse Source 
1. add trove into SUPPORTED_SERVICE_EPS
2. add PREFIX_MAPPINGS
3. change manage to remove/add prefix auto

Change-Id: Ia6bfa83cb721655c25952e0fd7c0c12020bdf9ff
This commit is contained in:
zhu.boxiang 2022-04-29 16:52:01 +08:00
parent 4b35a82ea3
commit 988185cbdf
3 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libs/skyline-policy-manager/skyline_policy_manager/cmd/manage.py
View File

@ -134,7 +134,10 @@ def generate_conf(dir: str, desc: str) -> None:
f.write(f"{'#' * 20}\n# {service}\n{'#' * 20}\n") f.write(f"{'#' * 20}\n# {service}\n{'#' * 20}\n")
f.write(f"# {desc}\n\n") f.write(f"# {desc}\n\n")
for rule in rules: for rule in rules:
f.writelines(rule.format_into_yaml()) rule_yaml = rule.format_into_yaml()
if service in constants.PREFIX_MAPPINGS:
rule_yaml = rule_yaml.replace(constants.PREFIX_MAPPINGS[service], "")
f.writelines(rule_yaml)
LOG.info("Generate policy successful") LOG.info("Generate policy successful")
@ -192,7 +195,7 @@ list_rules = ("""
for r in api_rules: for r in api_rules:
print( print(
apirule_format_str.format( apirule_format_str.format(
name=json.dumps(r.name), name=json.dumps(constants.PREFIX_MAPPINGS.get(entry_point, "") + r.name),
check_str=json.dumps(r.check_str), check_str=json.dumps(r.check_str),
description=json.dumps(r.description), description=json.dumps(r.description),
scope_types=json.dumps(r.scope_types), scope_types=json.dumps(r.scope_types),

3
libs/skyline-policy-manager/skyline_policy_manager/constants.py
View File

@ -26,4 +26,7 @@ SUPPORTED_SERVICE_EPS = {
"octavia": ["octavia"], "octavia": ["octavia"],
"panko": ["panko"], "panko": ["panko"],
"placement": ["placement"], "placement": ["placement"],
"trove": ["trove"],
} }
PREFIX_MAPPINGS = {"trove": "trove:"}

26
libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py
View File

@ -8,7 +8,7 @@ list_rules = (
), ),
base.Rule( base.Rule(
name="admin_or_owner", name="admin_or_owner",
check_str=("rule:admin or tenant:%(tenant)s"), check_str=("rule:admin or project_id:%(tenant)s"),
description="Must be an administrator or owner of the object.", description="Must be an administrator or owner of the object.",
), ),
base.Rule( base.Rule(
@ -131,8 +131,7 @@ list_rules = (
operations=[ operations=[
{ {
"method": "POST", "method": "POST",
"path": "/v1.0/{account_id}/instances/{instance_id}/action" "path": "/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)", # noqa
+ "(promote_to_replica_source)",
}, },
], ],
), ),
@ -328,8 +327,7 @@ list_rules = (
operations=[ operations=[
{ {
"method": "DELETE", "method": "DELETE",
"path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}" "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}", # noqa
+ "/databases/{database}",
}, },
], ],
), ),
@ -549,8 +547,7 @@ list_rules = (
base.APIRule( base.APIRule(
name="trove:configuration:update", name="trove:configuration:update",
check_str=("rule:admin_or_owner"), check_str=("rule:admin_or_owner"),
description="Update a configuration group(the configuration group will be replaced" description="Update a configuration group(the configuration group will be replaced completely).", # noqa
+ "completely).",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}], operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}],
), ),
@ -581,16 +578,14 @@ list_rules = (
operations=[ operations=[
{ {
"method": "GET", "method": "GET",
"path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters" "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}", # noqa
+ "/{param}",
}, },
], ],
), ),
base.APIRule( base.APIRule(
name="trove:configuration-parameter:index_by_version", name="trove:configuration-parameter:index_by_version",
check_str=("rule:admin_or_owner"), check_str=("rule:admin_or_owner"),
description="List all paramters bind to a datastore version by the id of the" description="List all paramters bind to a datastore version by the id of the version(datastore is not provided).", # noqa
+ "version(datastore is not provided).",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{ {
@ -602,8 +597,7 @@ list_rules = (
base.APIRule( base.APIRule(
name="trove:configuration-parameter:show_by_version", name="trove:configuration-parameter:show_by_version",
check_str=("rule:admin_or_owner"), check_str=("rule:admin_or_owner"),
description="Get a paramter of a datastore version by it names and the id of the" description="Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).", # noqa
+ "version(datastore is not provided).",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{ {
@ -648,8 +642,7 @@ list_rules = (
base.APIRule( base.APIRule(
name="trove:datastore:version_show_by_uuid", name="trove:datastore:version_show_by_uuid",
check_str=(""), check_str=(""),
description="Get a version of a datastore by the version" description="Get a version of a datastore by the version id(without providing the datastore id).", # noqa
+ "id(without providing the datastore id).",
scope_types=["project"], scope_types=["project"],
operations=[ operations=[
{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}"}, {"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}"},
@ -684,8 +677,7 @@ list_rules = (
operations=[ operations=[
{ {
"method": "GET", "method": "GET",
"path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}" "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types", # noqa
+ "/volume-types",
}, },
], ],
), ),