# flake8: noqa from . import base list_rules = ( base.Rule( name="admin_api", check_str=("role:admin"), description="Default rule for most placement APIs.", ), base.APIRule( name="placement:resource_providers:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource providers.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers"}], ), base.APIRule( name="placement:resource_providers:create", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Create resource provider.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_providers"}], ), base.APIRule( name="placement:resource_providers:show", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="Show resource provider.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}"}], ), base.APIRule( name="placement:resource_providers:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update resource provider.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}"}], ), base.APIRule( name="placement:resource_providers:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete resource provider.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}"}], ), base.APIRule( name="placement:resource_classes:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource classes.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_classes"}], ), base.APIRule( name="placement:resource_classes:create", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Create resource class.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_classes"}], ), base.APIRule( name="placement:resource_classes:show", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="Show resource class.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_classes/{name}"}], ), base.APIRule( name="placement:resource_classes:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update resource class.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_classes/{name}"}], ), base.APIRule( name="placement:resource_classes:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete resource class.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_classes/{name}"}], ), base.APIRule( name="placement:resource_providers:inventories:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource provider inventories.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories"}], ), base.APIRule( name="placement:resource_providers:inventories:create", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Create one resource provider inventory.", scope_types=["system"], operations=[{"method": "POST", "path": "/resource_providers/{uuid}/inventories"}], ), base.APIRule( name="placement:resource_providers:inventories:show", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="Show resource provider inventory.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:inventories:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update resource provider inventory.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, {"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:inventories:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete resource provider inventory.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], ), base.APIRule( name="placement:resource_providers:aggregates:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource provider aggregates.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/aggregates"}], ), base.APIRule( name="placement:resource_providers:aggregates:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update resource provider aggregates.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/aggregates"}], ), base.APIRule( name="placement:resource_providers:usages", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource provider usages.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/usages"}], ), base.APIRule( name="placement:usages", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), basic_check_str=("role:admin or role:reader"), description="List total resource usages for a given project.", scope_types=["system", "project"], operations=[{"method": "GET", "path": "/usages"}], ), base.APIRule( name="placement:traits:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List traits.", scope_types=["system"], operations=[{"method": "GET", "path": "/traits"}], ), base.APIRule( name="placement:traits:show", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="Show trait.", scope_types=["system"], operations=[{"method": "GET", "path": "/traits/{name}"}], ), base.APIRule( name="placement:traits:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update trait.", scope_types=["system"], operations=[{"method": "PUT", "path": "/traits/{name}"}], ), base.APIRule( name="placement:traits:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete trait.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/traits/{name}"}], ), base.APIRule( name="placement:resource_providers:traits:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource provider traits.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/traits"}], ), base.APIRule( name="placement:resource_providers:traits:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update resource provider traits.", scope_types=["system"], operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/traits"}], ), base.APIRule( name="placement:resource_providers:traits:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete resource provider traits.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/traits"}], ), base.APIRule( name="placement:allocations:manage", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Manage allocations.", scope_types=["system"], operations=[{"method": "POST", "path": "/allocations"}], ), base.APIRule( name="placement:allocations:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List allocations.", scope_types=["system"], operations=[{"method": "GET", "path": "/allocations/{consumer_uuid}"}], ), base.APIRule( name="placement:allocations:update", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Update allocations.", scope_types=["system"], operations=[{"method": "PUT", "path": "/allocations/{consumer_uuid}"}], ), base.APIRule( name="placement:allocations:delete", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Delete allocations.", scope_types=["system"], operations=[{"method": "DELETE", "path": "/allocations/{consumer_uuid}"}], ), base.APIRule( name="placement:resource_providers:allocations:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List resource provider allocations.", scope_types=["system"], operations=[{"method": "GET", "path": "/resource_providers/{uuid}/allocations"}], ), base.APIRule( name="placement:allocation_candidates:list", check_str=("role:reader and system_scope:all"), basic_check_str=("role:admin or role:reader"), description="List allocation candidates.", scope_types=["system"], operations=[{"method": "GET", "path": "/allocation_candidates"}], ), base.APIRule( name="placement:reshaper:reshape", check_str=("role:admin and system_scope:all"), basic_check_str=("role:admin"), description="Reshape Inventory and Allocations.", scope_types=["system"], operations=[{"method": "POST", "path": "/reshaper"}], ), ) __all__ = ("list_rules",)