diff --git a/etc/skyline.yaml.sample b/etc/skyline.yaml.sample index ef41eab..1098ca2 100644 --- a/etc/skyline.yaml.sample +++ b/etc/skyline.yaml.sample @@ -1,6 +1,7 @@ default: access_token_expire: 3600 access_token_renew: 1800 + cafile: '' cors_allow_origins: [] database_url: sqlite:////tmp/skyline.db debug: false @@ -33,8 +34,10 @@ openstack: container: zun container-infra: magnum database: trove + dns: designate identity: keystone image: glance + instance-ha: masakari key-manager: barbican load-balancer: octavia network: neutron diff --git a/releasenotes/notes/add-masakari-and-designate-configs-policies-a20c8a5704122b1e.yaml b/releasenotes/notes/add-masakari-and-designate-configs-policies-a20c8a5704122b1e.yaml new file mode 100644 index 0000000..88dfaec --- /dev/null +++ b/releasenotes/notes/add-masakari-and-designate-configs-policies-a20c8a5704122b1e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add masakari related policies. So that we provide policies of masakari to skyline-console. + - | + Add designate related policies. So that we provide policies of designate to skyline-console. diff --git a/skyline_apiserver/config/openstack.py b/skyline_apiserver/config/openstack.py index fbf3afd..ad01d52 100644 --- a/skyline_apiserver/config/openstack.py +++ b/skyline_apiserver/config/openstack.py @@ -123,8 +123,10 @@ service_mapping = Opt( "container": "zun", "container-infra": "magnum", "database": "trove", + "dns": "designate", "identity": "keystone", "image": "glance", + "instance-ha": "masakari", "key-manager": "barbican", "load-balancer": "octavia", "network": "neutron", diff --git a/skyline_apiserver/policy/manager/designate.py b/skyline_apiserver/policy/manager/designate.py new file mode 100644 index 0000000..8e99686 --- /dev/null +++ b/skyline_apiserver/policy/manager/designate.py @@ -0,0 +1,592 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# flake8: noqa +# fmt: off + +from . import base + +list_rules = ( + base.Rule( + name="admin", + check_str=("role:admin or is_admin:True"), + description="No description", + ), + base.Rule( + name="owner", + check_str=("project_id:%(tenant_id)s"), + description="No description", + ), + base.Rule( + name="admin_or_owner", + check_str=("rule:admin or rule:owner"), + description="No description", + ), + base.Rule( + name="default", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="all_tenants", + check_str=("role:admin"), + description="Action on all tenants.", + ), + base.Rule( + name="edit_managed_records", + check_str=("role:admin"), + description="Edit managed records.", + ), + base.Rule( + name="use_low_ttl", + check_str=("role:admin"), + description="Use low TTL.", + ), + base.Rule( + name="use_sudo", + check_str=("role:admin"), + description="Accept sudo from user to tenant.", + ), + base.Rule( + name="hard_delete", + check_str=("role:admin"), + description="Clean backend resources associated with zone", + ), + base.Rule( + name="create_pool", + check_str=("role:admin"), + description="Create pool.", + ), + base.Rule( + name="update_pool", + check_str=("role:admin"), + description="Update pool.", + ), + base.Rule( + name="delete_pool", + check_str=("role:admin"), + description="Delete pool.", + ), + base.Rule( + name="count_records", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="get_recordsets", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="find_recordset", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="List a Recordset in a Zone", + ), + base.Rule( + name="count_recordset", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Count recordsets", + ), + base.Rule( + name="update_service_status", + check_str=("role:admin"), + description="No description", + ), + base.Rule( + name="find_project_zone_share", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Check the can query for a specific projects shares.", + ), + base.Rule( + name="find_tenants", + check_str=("role:admin"), + description="Find all Tenants.", + ), + base.Rule( + name="get_tenant", + check_str=("role:admin"), + description="Get all Tenants.", + ), + base.Rule( + name="count_tenants", + check_str=("role:admin"), + description="Count tenants", + ), + base.Rule( + name="get_zones", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="get_zone_servers", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="count_zones", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="count_zones_pending_notify", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.Rule( + name="purge_zones", + check_str=("role:admin"), + description="No description", + ), + base.Rule( + name="get_zone_transfer_request_detailed", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="No description", + ), + base.APIRule( + name="create_blacklist", + check_str=("role:admin"), + description="Create blacklist.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/blacklists"}], + ), + base.APIRule( + name="find_blacklists", + check_str=("role:admin"), + description="Find blacklists.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/blacklists"}], + ), + base.APIRule( + name="get_blacklist", + check_str=("role:admin"), + description="Get blacklist.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/blacklists/{blacklist_id}"}], + ), + base.APIRule( + name="update_blacklist", + check_str=("role:admin"), + description="Update blacklist.", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/blacklists/{blacklist_id}"}], + ), + base.APIRule( + name="delete_blacklist", + check_str=("role:admin"), + description="Delete blacklist.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/blacklists/{blacklist_id}"}], + ), + base.APIRule( + name="use_blacklisted_zone", + check_str=("role:admin"), + description="Allowed bypass the blacklist.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones"}], + ), + base.APIRule( + name="find_pools", + check_str=("role:admin"), + description="Find pool.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/pools"}], + ), + base.APIRule( + name="find_pool", + check_str=("role:admin"), + description="Find pools.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/pools"}], + ), + base.APIRule( + name="get_pool", + check_str=("role:admin"), + description="Get pool.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/pools/{pool_id}"}], + ), + base.APIRule( + name="zone_create_forced_pool", + check_str=("role:admin"), + description="load and set the pool to the one provided in the Zone attributes.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones"}], + ), + base.APIRule( + name="get_quotas", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"), + description="View Current Project's Quotas.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/quotas"}], + ), + base.APIRule( + name="set_quota", + check_str=("role:admin"), + description="Set Quotas.", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/quotas/{project_id}"}], + ), + base.APIRule( + name="reset_quotas", + check_str=("role:admin"), + description="Reset Quotas.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/quotas/{project_id}"}], + ), + base.APIRule( + name="find_records", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Find records.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/reverse/floatingips/{region}:{floatingip_id}"}, {"method": "GET", "path": "/v2/reverse/floatingips"}], + ), + base.APIRule( + name="create_recordset", + check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or (\"True\":%(zone_shared)s) and ('PRIMARY':%(zone_type)s)"), + description="Create Recordset", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/recordsets"}], + ), + base.APIRule( + name="get_recordset", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"), + description="Get recordset", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + ), + base.APIRule( + name="find_recordsets", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="List Recordsets in a Zone", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets"}], + ), + base.APIRule( + name="update_recordset", + check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"), + description="Update recordset", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + ), + base.APIRule( + name="delete_recordset", + check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"), + description="Delete RecordSet", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + ), + base.APIRule( + name="find_service_status", + check_str=("role:admin"), + description="Find a single Service Status", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/service_status/{service_id}"}], + ), + base.APIRule( + name="find_service_statuses", + check_str=("role:admin"), + description="List service statuses.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/service_status"}], + ), + base.APIRule( + name="get_zone_share", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Get a Zone Share", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares/{zone_share_id}"}], + ), + base.APIRule( + name="share_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Share a Zone", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/shares"}], + ), + base.APIRule( + name="find_zone_shares", + check_str=("@"), + description="List Shared Zones", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares"}], + ), + base.APIRule( + name="unshare_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Unshare Zone", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/shares/{shared_zone_id}"}], + ), + base.APIRule( + name="create_tld", + check_str=("role:admin"), + description="Create Tld", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/tlds"}], + ), + base.APIRule( + name="find_tlds", + check_str=("role:admin"), + description="List Tlds", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/tlds"}], + ), + base.APIRule( + name="get_tld", + check_str=("role:admin"), + description="Show Tld", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/tlds/{tld_id}"}], + ), + base.APIRule( + name="update_tld", + check_str=("role:admin"), + description="Update Tld", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/tlds/{tld_id}"}], + ), + base.APIRule( + name="delete_tld", + check_str=("role:admin"), + description="Delete Tld", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/tlds/{tld_id}"}], + ), + base.APIRule( + name="create_tsigkey", + check_str=("role:admin"), + description="Create Tsigkey", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/tsigkeys"}], + ), + base.APIRule( + name="find_tsigkeys", + check_str=("role:admin"), + description="List Tsigkeys", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/tsigkeys"}], + ), + base.APIRule( + name="get_tsigkey", + check_str=("role:admin"), + description="Show a Tsigkey", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/tsigkeys/{tsigkey_id}"}], + ), + base.APIRule( + name="update_tsigkey", + check_str=("role:admin"), + description="Update Tsigkey", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/tsigkeys/{tsigkey_id}"}], + ), + base.APIRule( + name="delete_tsigkey", + check_str=("role:admin"), + description="Delete a Tsigkey", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/tsigkeys/{tsigkey_id}"}], + ), + base.APIRule( + name="create_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Create Zone", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones"}], + ), + base.APIRule( + name="get_zone", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"), + description="Get Zone", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}"}], + ), + base.APIRule( + name="get_zone_ns_records", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Get the Name Servers for a Zone", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/nameservers"}], + ), + base.APIRule( + name="find_zones", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="List existing zones", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones"}], + ), + base.APIRule( + name="update_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Update Zone", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/zones/{zone_id}"}], + ), + base.APIRule( + name="delete_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Delete Zone", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}"}], + ), + base.APIRule( + name="xfr_zone", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Manually Trigger an Update of a Secondary Zone", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/xfr"}], + ), + base.APIRule( + name="abandon_zone", + check_str=("role:admin"), + description="Abandon Zone", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/abandon"}], + ), + base.APIRule( + name="zone_export", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Retrive a Zone Export from the Designate Datastore", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}/export"}], + ), + base.APIRule( + name="create_zone_export", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Create Zone Export", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}], + ), + base.APIRule( + name="find_zone_exports", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="List Zone Exports", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/exports"}], + ), + base.APIRule( + name="get_zone_export", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Get Zone Exports", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}"}], + ), + base.APIRule( + name="update_zone_export", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Update Zone Exports", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}], + ), + base.APIRule( + name="delete_zone_export", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Delete a zone export", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/tasks/exports/{zone_export_id}"}], + ), + base.APIRule( + name="create_zone_import", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Create Zone Import", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}], + ), + base.APIRule( + name="find_zone_imports", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="List all Zone Imports", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/imports"}], + ), + base.APIRule( + name="get_zone_import", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Get Zone Imports", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/imports/{zone_import_id}"}], + ), + base.APIRule( + name="update_zone_import", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Update Zone Imports", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}], + ), + base.APIRule( + name="delete_zone_import", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Delete a Zone Import", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/tasks/imports/{zone_import_id}"}], + ), + base.APIRule( + name="create_zone_transfer_accept", + check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"), + description="Create Zone Transfer Accept", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/tasks/transfer_accepts"}], + ), + base.APIRule( + name="get_zone_transfer_accept", + check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), + description="Get Zone Transfer Accept", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_accept_id}"}], + ), + base.APIRule( + name="find_zone_transfer_accepts", + check_str=("role:admin"), + description="List Zone Transfer Accepts", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_accepts"}], + ), + base.APIRule( + name="create_zone_transfer_request", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Create Zone Transfer Accept", + scope_types=["project"], + operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/transfer_requests"}], + ), + base.APIRule( + name="get_zone_transfer_request", + check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"), + description="Show a Zone Transfer Request", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + ), + base.APIRule( + name="find_zone_transfer_requests", + check_str=("@"), + description="List Zone Transfer Requests", + scope_types=["project"], + operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests"}], + ), + base.APIRule( + name="update_zone_transfer_request", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Update a Zone Transfer Request", + scope_types=["project"], + operations=[{"method": "PATCH", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + ), + base.APIRule( + name="delete_zone_transfer_request", + check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), + description="Delete a Zone Transfer Request", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + ), +) + +__all__ = ("list_rules",) diff --git a/skyline_apiserver/policy/manager/masakari.py b/skyline_apiserver/policy/manager/masakari.py new file mode 100644 index 0000000..ae59590 --- /dev/null +++ b/skyline_apiserver/policy/manager/masakari.py @@ -0,0 +1,194 @@ +# Copyright 2022 99cloud +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# flake8: noqa +# fmt: off + +from . import base + +list_rules = ( + base.Rule( + name="context_is_admin", + check_str=("role:admin"), + description="Decides what is required for the 'is_admin:True' check to succeed.", + ), + base.Rule( + name="admin_or_owner", + check_str=("is_admin:True or project_id:%(project_id)s"), + description="Default rule for most non-Admin APIs.", + ), + base.Rule( + name="admin_api", + check_str=("is_admin:True"), + description="Default rule for most Admin APIs.", + ), + base.Rule( + name="os_masakari_api:extensions:discoverable", + check_str=("rule:admin_api"), + description="Extension Info API extensions to change the API.", + ), + base.Rule( + name="os_masakari_api:os-hosts:discoverable", + check_str=("rule:admin_api"), + description="Host API extensions to change the API.", + ), + base.Rule( + name="os_masakari_api:notifications:discoverable", + check_str=("rule:admin_api"), + description="Notification API extensions to change the API.", + ), + base.Rule( + name="os_masakari_api:segments:discoverable", + check_str=("rule:admin_api"), + description="Segment API extensions to change the API.", + ), + base.Rule( + name="os_masakari_api:versions:discoverable", + check_str=("@"), + description="Version API extensions to change the API.", + ), + base.Rule( + name="os_masakari_api:vmoves:discoverable", + check_str=("rule:admin_api"), + description="VM moves API extensions to change the API.", + ), + base.APIRule( + name="os_masakari_api:extensions:index", + check_str=("rule:admin_api"), + description="List available extensions.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/extensions"}], + ), + base.APIRule( + name="os_masakari_api:extensions:detail", + check_str=("rule:admin_api"), + description="Shows information for an extension.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/extensions/{extensions_id}"}], + ), + base.APIRule( + name="os_masakari_api:os-hosts:index", + check_str=("rule:admin_api"), + description="Lists IDs, names, type, reserved, on_maintenance for all hosts.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts"}], + ), + base.APIRule( + name="os_masakari_api:os-hosts:detail", + check_str=("rule:admin_api"), + description="Shows details for a host.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts/{host_id}"}], + ), + base.APIRule( + name="os_masakari_api:os-hosts:create", + check_str=("rule:admin_api"), + description="Creates a host under given segment.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/segments/{segment_id}/hosts"}], + ), + base.APIRule( + name="os_masakari_api:os-hosts:update", + check_str=("rule:admin_api"), + description="Updates the editable attributes of an existing host.", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/segments/{segment_id}/hosts/{host_id}"}], + ), + base.APIRule( + name="os_masakari_api:os-hosts:delete", + check_str=("rule:admin_api"), + description="Deletes a host from given segment.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/segments/{segment_id}/hosts/{host_id}"}], + ), + base.APIRule( + name="os_masakari_api:notifications:index", + check_str=("rule:admin_api"), + description="Lists IDs, notification types, host_name, generated_time, payload and status for all notifications.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/notifications"}], + ), + base.APIRule( + name="os_masakari_api:notifications:detail", + check_str=("rule:admin_api"), + description="Shows details for a notification.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/notifications/{notification_id}"}], + ), + base.APIRule( + name="os_masakari_api:notifications:create", + check_str=("rule:admin_api"), + description="Creates a notification.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/notifications"}], + ), + base.APIRule( + name="os_masakari_api:segments:index", + check_str=("rule:admin_api"), + description="Lists IDs, names, description, recovery_method, service_type for all segments.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/segments"}], + ), + base.APIRule( + name="os_masakari_api:segments:detail", + check_str=("rule:admin_api"), + description="Shows details for a segment.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/segments/{segment_id}"}], + ), + base.APIRule( + name="os_masakari_api:segments:create", + check_str=("rule:admin_api"), + description="Creates a segment.", + scope_types=["project"], + operations=[{"method": "POST", "path": "/segments"}], + ), + base.APIRule( + name="os_masakari_api:segments:update", + check_str=("rule:admin_api"), + description="Updates the editable attributes of an existing host.", + scope_types=["project"], + operations=[{"method": "PUT", "path": "/segments/{segment_id}"}], + ), + base.APIRule( + name="os_masakari_api:segments:delete", + check_str=("rule:admin_api"), + description="Deletes a segment.", + scope_types=["project"], + operations=[{"method": "DELETE", "path": "/segments/{segment_id}"}], + ), + base.APIRule( + name="os_masakari_api:versions:index", + check_str=("@"), + description="List all versions.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/"}], + ), + base.APIRule( + name="os_masakari_api:vmoves:index", + check_str=("rule:admin_api"), + description="Lists IDs, notification_id, instance_id, source_host, dest_host, status and type for all VM moves.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves"}], + ), + base.APIRule( + name="os_masakari_api:vmoves:detail", + check_str=("rule:admin_api"), + description="Shows details for one VM move.", + scope_types=["project"], + operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves/{vmove_id}"}], + ), +) + +__all__ = ("list_rules",) diff --git a/skyline_apiserver/types/constants.py b/skyline_apiserver/types/constants.py index fa53090..7a95e0c 100644 --- a/skyline_apiserver/types/constants.py +++ b/skyline_apiserver/types/constants.py @@ -51,6 +51,7 @@ SUPPORTED_SERVICE_EPS = { # openstack_service: [, ,] "barbican": ["barbican"], "cinder": ["cinder"], + "designate": ["designate"], "glance": ["glance"], "heat": ["heat"], "ironic": ["ironic.api"], @@ -58,6 +59,7 @@ SUPPORTED_SERVICE_EPS = { "keystone": ["keystone"], "magnum": ["magnum"], "manila": ["manila"], + "masakari": ["masakari"], "neutron": ["neutron", "neutron-vpnaas"], "nova": ["nova"], "octavia": ["octavia"], diff --git a/tools/post_install.sh b/tools/post_install.sh index 9444052..32bf7aa 100755 --- a/tools/post_install.sh +++ b/tools/post_install.sh @@ -16,7 +16,9 @@ INSTALL_PROJECTS="keystone \ manila \ magnum \ zun\ - barbican" + barbican \ + designate \ + masakari" BRANCH=`git rev-parse --abbrev-ref HEAD` for project in ${INSTALL_PROJECTS}