From ce16e7249b25a215fa829e349b76cdea8bd897bf Mon Sep 17 00:00:00 2001 From: "zhu.boxiang" Date: Thu, 14 Apr 2022 15:30:46 +0800 Subject: [PATCH] fix: Add prefix for trove policy APIRule Some rule names are duplicated. So we add prefix for trove policy APIrule. Change-Id: Ib49431ffeea170f74163641df2d4f06e97ca06ae --- .../skyline_policy_manager/policies/trove.py | 168 +++++++++--------- 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py b/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py index 172829d..ce8751b 100644 --- a/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py +++ b/libs/skyline-policy-manager/skyline_policy_manager/policies/trove.py @@ -17,49 +17,49 @@ list_rules = ( description="Must be an administrator or owner of the object.", ), base.APIRule( - name="instance:create", + name="trove:instance:create", check_str=("rule:admin_or_owner"), description="Create a database instance.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances"}], ), base.APIRule( - name="instance:delete", + name="trove:instance:delete", check_str=("rule:admin_or_owner"), description="Delete a database instance.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], ), base.APIRule( - name="instance:force_delete", + name="trove:instance:force_delete", check_str=("rule:admin_or_owner"), description="Forcibly delete a database instance.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], ), base.APIRule( - name="instance:index", + name="trove:instance:index", check_str=("rule:admin_or_owner"), description="List database instances.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances"}], ), base.APIRule( - name="instance:detail", + name="trove:instance:detail", check_str=("rule:admin_or_owner"), description="List database instances with details.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/detail"}], ), base.APIRule( - name="instance:show", + name="trove:instance:show", check_str=("rule:admin_or_owner"), description="Get details of a specific database instance.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}"}], ), base.APIRule( - name="instance:update", + name="trove:instance:update", check_str=("rule:admin_or_owner"), description="Update a database instance to attach/detach configuration", scope_types=["project"], @@ -69,14 +69,14 @@ list_rules = ( ], ), base.APIRule( - name="instance:edit", + name="trove:instance:edit", check_str=("rule:admin_or_owner"), description="Updates the instance to set or unset one or more attributes.", scope_types=["project"], operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/instances/{instance_id}"}], ), base.APIRule( - name="instance:restart", + name="trove:instance:restart", check_str=("rule:admin_or_owner"), description="Restart a database instance.", scope_types=["project"], @@ -88,7 +88,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:resize_volume", + name="trove:instance:resize_volume", check_str=("rule:admin_or_owner"), description="Resize a database instance volume.", scope_types=["project"], @@ -100,7 +100,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:resize_flavor", + name="trove:instance:resize_flavor", check_str=("rule:admin_or_owner"), description="Resize a database instance flavor.", scope_types=["project"], @@ -112,7 +112,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:reset_status", + name="trove:instance:reset_status", check_str=("rule:admin"), description="Reset the status of a database instance to ERROR.", scope_types=["project"], @@ -124,7 +124,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:promote_to_replica_source", + name="trove:instance:promote_to_replica_source", check_str=("rule:admin_or_owner"), description="Promote instance to replica source.", scope_types=["project"], @@ -137,7 +137,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:eject_replica_source", + name="trove:instance:eject_replica_source", check_str=("rule:admin_or_owner"), description="Eject the replica source from its replica set.", scope_types=["project"], @@ -149,7 +149,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:configuration", + name="trove:instance:configuration", check_str=("rule:admin_or_owner"), description="Get the default configuration template applied to the instance.", scope_types=["project"], @@ -158,14 +158,14 @@ list_rules = ( ], ), base.APIRule( - name="instance:guest_log_list", + name="trove:instance:guest_log_list", check_str=("rule:admin_or_owner"), description="Get all informations about all logs of a database instance.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/log"}], ), base.APIRule( - name="instance:backups", + name="trove:instance:backups", check_str=("rule:admin_or_owner"), description="Get all backups of a database instance.", scope_types=["project"], @@ -174,7 +174,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:module_list", + name="trove:instance:module_list", check_str=("rule:admin_or_owner"), description="Get informations about modules on a database instance.", scope_types=["project"], @@ -183,7 +183,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:module_apply", + name="trove:instance:module_apply", check_str=("rule:admin_or_owner"), description="Apply modules to a database instance.", scope_types=["project"], @@ -193,7 +193,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:module_remove", + name="trove:instance:module_remove", check_str=("rule:admin_or_owner"), description="Remove a module from a database instance.", scope_types=["project"], @@ -205,7 +205,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:root:create", + name="trove:instance:extension:root:create", check_str=("rule:admin_or_owner"), description="Enable the root user of a database instance.", scope_types=["project"], @@ -214,7 +214,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:root:delete", + name="trove:instance:extension:root:delete", check_str=("rule:admin_or_owner"), description="Disable the root user of a database instance.", scope_types=["project"], @@ -223,35 +223,35 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:root:index", + name="trove:instance:extension:root:index", check_str=("rule:admin_or_owner"), description="Show whether the root user of a database instance has been ever enabled.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}], ), base.APIRule( - name="cluster:extension:root:create", + name="trove:cluster:extension:root:create", check_str=("rule:admin_or_owner"), description="Enable the root user of the instances in a cluster.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], ), base.APIRule( - name="cluster:extension:root:delete", + name="trove:cluster:extension:root:delete", check_str=("rule:admin_or_owner"), description="Enable the root user of the instances in a cluster.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], ), base.APIRule( - name="cluster:extension:root:index", + name="trove:cluster:extension:root:index", check_str=("rule:admin_or_owner"), description="Disable the root of the instances in a cluster.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], ), base.APIRule( - name="instance:extension:user:create", + name="trove:instance:extension:user:create", check_str=("rule:admin_or_owner"), description="Create users for a database instance.", scope_types=["project"], @@ -261,7 +261,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user:delete", + name="trove:instance:extension:user:delete", check_str=("rule:admin_or_owner"), description="Delete a user from a database instance.", scope_types=["project"], @@ -273,7 +273,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user:index", + name="trove:instance:extension:user:index", check_str=("rule:admin_or_owner"), description="Get all users of a database instance.", scope_types=["project"], @@ -282,7 +282,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user:show", + name="trove:instance:extension:user:show", check_str=("rule:admin_or_owner"), description="Get the information of a single user of a database instance.", scope_types=["project"], @@ -291,7 +291,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user:update", + name="trove:instance:extension:user:update", check_str=("rule:admin_or_owner"), description="Update attributes for a user of a database instance.", scope_types=["project"], @@ -300,7 +300,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user:update_all", + name="trove:instance:extension:user:update_all", check_str=("rule:admin_or_owner"), description="Update the password for one or more users a database instance.", scope_types=["project"], @@ -309,7 +309,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user_access:update", + name="trove:instance:extension:user_access:update", check_str=("rule:admin_or_owner"), description="Grant access for a user to one or more databases.", scope_types=["project"], @@ -321,7 +321,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user_access:delete", + name="trove:instance:extension:user_access:delete", check_str=("rule:admin_or_owner"), description="Revoke access for a user to a databases.", scope_types=["project"], @@ -334,7 +334,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:user_access:index", + name="trove:instance:extension:user_access:index", check_str=("rule:admin_or_owner"), description="Get permissions of a user", scope_types=["project"], @@ -346,7 +346,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:database:create", + name="trove:instance:extension:database:create", check_str=("rule:admin_or_owner"), description="Create a set of Schemas", scope_types=["project"], @@ -356,7 +356,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:database:delete", + name="trove:instance:extension:database:delete", check_str=("rule:admin_or_owner"), description="Delete a schema from a database.", scope_types=["project"], @@ -368,7 +368,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:database:index", + name="trove:instance:extension:database:index", check_str=("rule:admin_or_owner"), description="List all schemas from a database.", scope_types=["project"], @@ -377,7 +377,7 @@ list_rules = ( ], ), base.APIRule( - name="instance:extension:database:show", + name="trove:instance:extension:database:show", check_str=("rule:admin_or_owner"), description="Get informations of a schema(Currently Not Implemented).", scope_types=["project"], @@ -389,21 +389,21 @@ list_rules = ( ], ), base.APIRule( - name="cluster:create", + name="trove:cluster:create", check_str=("rule:admin_or_owner"), description="Create a cluster.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters"}], ), base.APIRule( - name="cluster:delete", + name="trove:cluster:delete", check_str=("rule:admin_or_owner"), description="Delete a cluster.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}"}], ), base.APIRule( - name="cluster:force_delete", + name="trove:cluster:force_delete", check_str=("rule:admin_or_owner"), description="Forcibly delete a cluster.", scope_types=["project"], @@ -412,21 +412,21 @@ list_rules = ( ], ), base.APIRule( - name="cluster:index", + name="trove:cluster:index", check_str=("rule:admin_or_owner"), description="List all clusters", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters"}], ), base.APIRule( - name="cluster:show", + name="trove:cluster:show", check_str=("rule:admin_or_owner"), description="Get informations of a cluster.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}"}], ), base.APIRule( - name="cluster:show_instance", + name="trove:cluster:show_instance", check_str=("rule:admin_or_owner"), description="Get informations of a instance in a cluster.", scope_types=["project"], @@ -438,14 +438,14 @@ list_rules = ( ], ), base.APIRule( - name="cluster:action", + name="trove:cluster:action", check_str=("rule:admin_or_owner"), description="Commit an action against a cluster", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}"}], ), base.APIRule( - name="cluster:reset-status", + name="trove:cluster:reset-status", check_str=("rule:admin"), description="Reset the status of a cluster to NONE.", scope_types=["project"], @@ -454,91 +454,91 @@ list_rules = ( ], ), base.APIRule( - name="backup:create", + name="trove:backup:create", check_str=("rule:admin_or_owner"), description="Create a backup of a database instance.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/backups"}], ), base.APIRule( - name="backup:delete", + name="trove:backup:delete", check_str=("rule:admin_or_owner"), description="Delete a backup of a database instance.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backups/{backup}"}], ), base.APIRule( - name="backup:index", + name="trove:backup:index", check_str=("rule:admin_or_owner"), description="List all backups.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], ), base.APIRule( - name="backup:index:all_projects", + name="trove:backup:index:all_projects", check_str=("role:admin"), description="List backups for all the projects.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], ), base.APIRule( - name="backup:show", + name="trove:backup:show", check_str=("rule:admin_or_owner"), description="Get informations of a backup.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups/{backup}"}], ), base.APIRule( - name="backup_strategy:create", + name="trove:backup_strategy:create", check_str=("rule:admin_or_owner"), description="Create a backup strategy.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/backup_strategies"}], ), base.APIRule( - name="backup_strategy:index", + name="trove:backup_strategy:index", check_str=("rule:admin_or_owner"), description="List all backup strategies.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/backup_strategies"}], ), base.APIRule( - name="backup_strategy:delete", + name="trove:backup_strategy:delete", check_str=("rule:admin_or_owner"), description="Delete backup strategies.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backup_strategies"}], ), base.APIRule( - name="configuration:create", + name="trove:configuration:create", check_str=("rule:admin_or_owner"), description="Create a configuration group.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/configurations"}], ), base.APIRule( - name="configuration:delete", + name="trove:configuration:delete", check_str=("rule:admin_or_owner"), description="Delete a configuration group.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/configurations/{config}"}], ), base.APIRule( - name="configuration:index", + name="trove:configuration:index", check_str=("rule:admin_or_owner"), description="List all configuration groups.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations"}], ), base.APIRule( - name="configuration:show", + name="trove:configuration:show", check_str=("rule:admin_or_owner"), description="Get informations of a configuration group.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}"}], ), base.APIRule( - name="configuration:instances", + name="trove:configuration:instances", check_str=("rule:admin_or_owner"), description="List all instances which a configuration group has be assigned to.", scope_types=["project"], @@ -547,7 +547,7 @@ list_rules = ( ], ), base.APIRule( - name="configuration:update", + name="trove:configuration:update", check_str=("rule:admin_or_owner"), description="Update a configuration group(the configuration group will be replaced" + "completely).", @@ -555,14 +555,14 @@ list_rules = ( operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}], ), base.APIRule( - name="configuration:edit", + name="trove:configuration:edit", check_str=("rule:admin_or_owner"), description="Patch a configuration group.", scope_types=["project"], operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/configurations/{config}"}], ), base.APIRule( - name="configuration-parameter:index", + name="trove:configuration-parameter:index", check_str=("rule:admin_or_owner"), description="List all parameters bind to a datastore version.", scope_types=["project"], @@ -574,7 +574,7 @@ list_rules = ( ], ), base.APIRule( - name="configuration-parameter:show", + name="trove:configuration-parameter:show", check_str=("rule:admin_or_owner"), description="Get a paramter of a datastore version.", scope_types=["project"], @@ -587,7 +587,7 @@ list_rules = ( ], ), base.APIRule( - name="configuration-parameter:index_by_version", + name="trove:configuration-parameter:index_by_version", check_str=("rule:admin_or_owner"), description="List all paramters bind to a datastore version by the id of the" + "version(datastore is not provided).", @@ -600,7 +600,7 @@ list_rules = ( ], ), base.APIRule( - name="configuration-parameter:show_by_version", + name="trove:configuration-parameter:show_by_version", check_str=("rule:admin_or_owner"), description="Get a paramter of a datastore version by it names and the id of the" + "version(datastore is not provided).", @@ -613,28 +613,28 @@ list_rules = ( ], ), base.APIRule( - name="datastore:index", + name="trove:datastore:index", check_str=(""), description="List all datastores.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores"}], ), base.APIRule( - name="datastore:show", + name="trove:datastore:show", check_str=(""), description="Get informations of a datastore.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}"}], ), base.APIRule( - name="datastore:delete", + name="trove:datastore:delete", check_str=("rule:admin"), description="Delete a datastore.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/datastores/{datastore}"}], ), base.APIRule( - name="datastore:version_show", + name="trove:datastore:version_show", check_str=(""), description="Get a version of a datastore by the version id.", scope_types=["project"], @@ -646,7 +646,7 @@ list_rules = ( ], ), base.APIRule( - name="datastore:version_show_by_uuid", + name="trove:datastore:version_show_by_uuid", check_str=(""), description="Get a version of a datastore by the version" + "id(without providing the datastore id).", @@ -656,7 +656,7 @@ list_rules = ( ], ), base.APIRule( - name="datastore:version_index", + name="trove:datastore:version_index", check_str=(""), description="Get all versions of a datastore.", scope_types=["project"], @@ -665,7 +665,7 @@ list_rules = ( ], ), base.APIRule( - name="datastore:list_associated_flavors", + name="trove:datastore:list_associated_flavors", check_str=(""), description="List all flavors associated with a datastore version.", scope_types=["project"], @@ -677,7 +677,7 @@ list_rules = ( ], ), base.APIRule( - name="datastore:list_associated_volume_types", + name="trove:datastore:list_associated_volume_types", check_str=(""), description="List all volume-types associated with a datastore version.", scope_types=["project"], @@ -690,70 +690,70 @@ list_rules = ( ], ), base.APIRule( - name="flavor:index", + name="trove:flavor:index", check_str=(""), description="List all flavors.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors"}], ), base.APIRule( - name="flavor:show", + name="trove:flavor:show", check_str=(""), description="Get information of a flavor.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors/{flavor}"}], ), base.APIRule( - name="limits:index", + name="trove:limits:index", check_str=("rule:admin_or_owner"), description="List all absolute and rate limit informations.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/limits"}], ), base.APIRule( - name="module:create", + name="trove:module:create", check_str=("rule:admin_or_owner"), description="Create a module.", scope_types=["project"], operations=[{"method": "POST", "path": "/v1.0/{account_id}/modules"}], ), base.APIRule( - name="module:delete", + name="trove:module:delete", check_str=("rule:admin_or_owner"), description="Delete a module.", scope_types=["project"], operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/modules/{module}"}], ), base.APIRule( - name="module:index", + name="trove:module:index", check_str=("rule:admin_or_owner"), description="List all modules.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules"}], ), base.APIRule( - name="module:show", + name="trove:module:show", check_str=("rule:admin_or_owner"), description="Get informations of a module.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}"}], ), base.APIRule( - name="module:instances", + name="trove:module:instances", check_str=("rule:admin_or_owner"), description="List all instances to which a module is applied.", scope_types=["project"], operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}/instances"}], ), base.APIRule( - name="module:update", + name="trove:module:update", check_str=("rule:admin_or_owner"), description="Update a module.", scope_types=["project"], operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}"}], ), base.APIRule( - name="module:reapply", + name="trove:module:reapply", check_str=("rule:admin_or_owner"), description="Reapply a module to all instances.", scope_types=["project"],