32a00a6529
1. We register both apirule and rule into enforcer, so we can keep the rule in the check_str 2. We re-generate all the services' policy, we just use the original policy of them. If users want to change, they can change them by themselves. 3. Adjust the post_install.sh, we install the service packages with dependencies. 4. Split the ironic and ironic_inspector policy, they can not be in the same policy file. Change-Id: I9e152e33be4eef60432fb2030d388b3bec4c082e
613 lines
26 KiB
Python
613 lines
26 KiB
Python
# flake8: noqa
|
|
# fmt: off
|
|
|
|
from . import base
|
|
|
|
list_rules = (
|
|
base.Rule(
|
|
name="admin",
|
|
check_str=("role:admin or is_admin:True"),
|
|
description="Must be an administrator.",
|
|
),
|
|
base.Rule(
|
|
name="admin_or_owner",
|
|
check_str=("rule:admin or project_id:%(tenant)s"),
|
|
description="Must be an administrator or owner of the object.",
|
|
),
|
|
base.Rule(
|
|
name="default",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Must be an administrator or owner of the object.",
|
|
),
|
|
base.APIRule(
|
|
name="instance:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:force_delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Forcibly delete a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List database instances.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:detail",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List database instances with details.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/detail"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get details of a specific database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:update",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Update a database instance to attach/detach configuration",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:edit",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Updates the instance to set or unset one or more attributes.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/instances/{instance_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:restart",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Restart a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (restart)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:resize_volume",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Resize a database instance volume.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:resize_flavor",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Resize a database instance flavor.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:reset_status",
|
|
check_str=("rule:admin"),
|
|
description="Reset the status of a database instance to ERROR.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (reset_status)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:promote_to_replica_source",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Promote instance to replica source.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:eject_replica_source",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Eject the replica source from its replica set.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:configuration",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get the default configuration template applied to the instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/configuration"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:guest_log_list",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get all informations about all logs of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/log"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:backups",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get all backups of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/backups"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:module_list",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations about modules on a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:module_apply",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Apply modules to a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:module_remove",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Remove a module from a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:root:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Enable the root user of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:root:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Disable the root user of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:root:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Show whether the root user of a database instance has been ever enabled.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:extension:root:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Enable the root user of the instances in a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:extension:root:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Enable the root user of the instances in a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:extension:root:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Disable the root of the instances in a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create users for a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a user from a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get all users of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get the information of a single user of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:update",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Update attributes for a user of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user:update_all",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Update the password for one or more users a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user_access:update",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Grant access for a user to one or more databases.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user_access:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Revoke access for a user to a databases.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:user_access:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get permissions of a user",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:database:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a set of Schemas",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:database:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a schema from a database.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:database:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all schemas from a database.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}],
|
|
),
|
|
base.APIRule(
|
|
name="instance:extension:database:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a schema(Currently Not Implemented).",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:force_delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Forcibly delete a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all clusters",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:show_instance",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a instance in a cluster.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/instances/{instance}"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:action",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Commit an action against a cluster",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}"}],
|
|
),
|
|
base.APIRule(
|
|
name="cluster:reset-status",
|
|
check_str=("rule:admin"),
|
|
description="Reset the status of a cluster to NONE.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a backup of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/backups"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a backup of a database instance.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backups/{backup}"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all backups.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup:index:all_projects",
|
|
check_str=("role:admin"),
|
|
description="List backups for all the projects.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a backup.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups/{backup}"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup_strategy:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a backup strategy.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/backup_strategies"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup_strategy:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all backup strategies.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/backup_strategies"}],
|
|
),
|
|
base.APIRule(
|
|
name="backup_strategy:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete backup strategies.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backup_strategies"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a configuration group.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/configurations"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a configuration group.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/configurations/{config}"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all configuration groups.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a configuration group.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:instances",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all instances which a configuration group has be assigned to.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:update",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Update a configuration group(the configuration group will be replaced completely).",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration:edit",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Patch a configuration group.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/configurations/{config}"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration-parameter:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all parameters bind to a datastore version.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration-parameter:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get a paramter of a datastore version.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration-parameter:index_by_version",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all paramters bind to a datastore version by the id of the version(datastore is not provided).",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters"}],
|
|
),
|
|
base.APIRule(
|
|
name="configuration-parameter:show_by_version",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:index",
|
|
check_str=(""),
|
|
description="List all datastores.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:show",
|
|
check_str=(""),
|
|
description="Get informations of a datastore.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:delete",
|
|
check_str=("rule:admin"),
|
|
description="Delete a datastore.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/datastores/{datastore}"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:version_show",
|
|
check_str=(""),
|
|
description="Get a version of a datastore by the version id.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:version_show_by_uuid",
|
|
check_str=(""),
|
|
description="Get a version of a datastore by the version id(without providing the datastore id).",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:version_index",
|
|
check_str=(""),
|
|
description="Get all versions of a datastore.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:list_associated_flavors",
|
|
check_str=(""),
|
|
description="List all flavors associated with a datastore version.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors"}],
|
|
),
|
|
base.APIRule(
|
|
name="datastore:list_associated_volume_types",
|
|
check_str=(""),
|
|
description="List all volume-types associated with a datastore version.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types"}],
|
|
),
|
|
base.APIRule(
|
|
name="flavor:index",
|
|
check_str=(""),
|
|
description="List all flavors.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors"}],
|
|
),
|
|
base.APIRule(
|
|
name="flavor:show",
|
|
check_str=(""),
|
|
description="Get information of a flavor.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors/{flavor}"}],
|
|
),
|
|
base.APIRule(
|
|
name="limits:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all absolute and rate limit informations.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/limits"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:create",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Create a module.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v1.0/{account_id}/modules"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:delete",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Delete a module.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/modules/{module}"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:index",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all modules.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:show",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Get informations of a module.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:instances",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="List all instances to which a module is applied.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}/instances"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:update",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Update a module.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}"}],
|
|
),
|
|
base.APIRule(
|
|
name="module:reapply",
|
|
check_str=("rule:admin_or_owner"),
|
|
description="Reapply a module to all instances.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}/instances"}],
|
|
),
|
|
)
|
|
|
|
__all__ = ("list_rules",)
|