fe56f82f19
add masakari and designate policies file and configs. Change-Id: Ic2d3431df3cb8d33e74d061337514ea3d91bb7ac
593 lines
22 KiB
Python
593 lines
22 KiB
Python
# Copyright 2022 99cloud
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# flake8: noqa
|
|
# fmt: off
|
|
|
|
from . import base
|
|
|
|
list_rules = (
|
|
base.Rule(
|
|
name="admin",
|
|
check_str=("role:admin or is_admin:True"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="owner",
|
|
check_str=("project_id:%(tenant_id)s"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="admin_or_owner",
|
|
check_str=("rule:admin or rule:owner"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="default",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="all_tenants",
|
|
check_str=("role:admin"),
|
|
description="Action on all tenants.",
|
|
),
|
|
base.Rule(
|
|
name="edit_managed_records",
|
|
check_str=("role:admin"),
|
|
description="Edit managed records.",
|
|
),
|
|
base.Rule(
|
|
name="use_low_ttl",
|
|
check_str=("role:admin"),
|
|
description="Use low TTL.",
|
|
),
|
|
base.Rule(
|
|
name="use_sudo",
|
|
check_str=("role:admin"),
|
|
description="Accept sudo from user to tenant.",
|
|
),
|
|
base.Rule(
|
|
name="hard_delete",
|
|
check_str=("role:admin"),
|
|
description="Clean backend resources associated with zone",
|
|
),
|
|
base.Rule(
|
|
name="create_pool",
|
|
check_str=("role:admin"),
|
|
description="Create pool.",
|
|
),
|
|
base.Rule(
|
|
name="update_pool",
|
|
check_str=("role:admin"),
|
|
description="Update pool.",
|
|
),
|
|
base.Rule(
|
|
name="delete_pool",
|
|
check_str=("role:admin"),
|
|
description="Delete pool.",
|
|
),
|
|
base.Rule(
|
|
name="count_records",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="get_recordsets",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="find_recordset",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="List a Recordset in a Zone",
|
|
),
|
|
base.Rule(
|
|
name="count_recordset",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Count recordsets",
|
|
),
|
|
base.Rule(
|
|
name="update_service_status",
|
|
check_str=("role:admin"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="find_project_zone_share",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Check the can query for a specific projects shares.",
|
|
),
|
|
base.Rule(
|
|
name="find_tenants",
|
|
check_str=("role:admin"),
|
|
description="Find all Tenants.",
|
|
),
|
|
base.Rule(
|
|
name="get_tenant",
|
|
check_str=("role:admin"),
|
|
description="Get all Tenants.",
|
|
),
|
|
base.Rule(
|
|
name="count_tenants",
|
|
check_str=("role:admin"),
|
|
description="Count tenants",
|
|
),
|
|
base.Rule(
|
|
name="get_zones",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="get_zone_servers",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="count_zones",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="count_zones_pending_notify",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="purge_zones",
|
|
check_str=("role:admin"),
|
|
description="No description",
|
|
),
|
|
base.Rule(
|
|
name="get_zone_transfer_request_detailed",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="No description",
|
|
),
|
|
base.APIRule(
|
|
name="create_blacklist",
|
|
check_str=("role:admin"),
|
|
description="Create blacklist.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/blacklists"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_blacklists",
|
|
check_str=("role:admin"),
|
|
description="Find blacklists.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/blacklists"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_blacklist",
|
|
check_str=("role:admin"),
|
|
description="Get blacklist.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/blacklists/{blacklist_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_blacklist",
|
|
check_str=("role:admin"),
|
|
description="Update blacklist.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/blacklists/{blacklist_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_blacklist",
|
|
check_str=("role:admin"),
|
|
description="Delete blacklist.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/blacklists/{blacklist_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="use_blacklisted_zone",
|
|
check_str=("role:admin"),
|
|
description="Allowed bypass the blacklist.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_pools",
|
|
check_str=("role:admin"),
|
|
description="Find pool.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/pools"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_pool",
|
|
check_str=("role:admin"),
|
|
description="Find pools.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/pools"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_pool",
|
|
check_str=("role:admin"),
|
|
description="Get pool.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/pools/{pool_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="zone_create_forced_pool",
|
|
check_str=("role:admin"),
|
|
description="load and set the pool to the one provided in the Zone attributes.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_quotas",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"),
|
|
description="View Current Project's Quotas.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/quotas"}],
|
|
),
|
|
base.APIRule(
|
|
name="set_quota",
|
|
check_str=("role:admin"),
|
|
description="Set Quotas.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/quotas/{project_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="reset_quotas",
|
|
check_str=("role:admin"),
|
|
description="Reset Quotas.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/quotas/{project_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_records",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Find records.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/reverse/floatingips/{region}:{floatingip_id}"}, {"method": "GET", "path": "/v2/reverse/floatingips"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_recordset",
|
|
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or (\"True\":%(zone_shared)s) and ('PRIMARY':%(zone_type)s)"),
|
|
description="Create Recordset",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/recordsets"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_recordset",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"),
|
|
description="Get recordset",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_recordsets",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="List Recordsets in a Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_recordset",
|
|
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"),
|
|
description="Update recordset",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PUT", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_recordset",
|
|
check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"),
|
|
description="Delete RecordSet",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_service_status",
|
|
check_str=("role:admin"),
|
|
description="Find a single Service Status",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/service_status/{service_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_service_statuses",
|
|
check_str=("role:admin"),
|
|
description="List service statuses.",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/service_status"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_share",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Get a Zone Share",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares/{zone_share_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="share_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Share a Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/shares"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zone_shares",
|
|
check_str=("@"),
|
|
description="List Shared Zones",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares"}],
|
|
),
|
|
base.APIRule(
|
|
name="unshare_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Unshare Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/shares/{shared_zone_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_tld",
|
|
check_str=("role:admin"),
|
|
description="Create Tld",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/tlds"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_tlds",
|
|
check_str=("role:admin"),
|
|
description="List Tlds",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/tlds"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_tld",
|
|
check_str=("role:admin"),
|
|
description="Show Tld",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/tlds/{tld_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_tld",
|
|
check_str=("role:admin"),
|
|
description="Update Tld",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/tlds/{tld_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_tld",
|
|
check_str=("role:admin"),
|
|
description="Delete Tld",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/tlds/{tld_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_tsigkey",
|
|
check_str=("role:admin"),
|
|
description="Create Tsigkey",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/tsigkeys"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_tsigkeys",
|
|
check_str=("role:admin"),
|
|
description="List Tsigkeys",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/tsigkeys"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_tsigkey",
|
|
check_str=("role:admin"),
|
|
description="Show a Tsigkey",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/tsigkeys/{tsigkey_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_tsigkey",
|
|
check_str=("role:admin"),
|
|
description="Update Tsigkey",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/tsigkeys/{tsigkey_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_tsigkey",
|
|
check_str=("role:admin"),
|
|
description="Delete a Tsigkey",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/tsigkeys/{tsigkey_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Create Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"),
|
|
description="Get Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_ns_records",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Get the Name Servers for a Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/nameservers"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zones",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="List existing zones",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Update Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/zones/{zone_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Delete Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="xfr_zone",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Manually Trigger an Update of a Secondary Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/xfr"}],
|
|
),
|
|
base.APIRule(
|
|
name="abandon_zone",
|
|
check_str=("role:admin"),
|
|
description="Abandon Zone",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/abandon"}],
|
|
),
|
|
base.APIRule(
|
|
name="zone_export",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Retrive a Zone Export from the Designate Datastore",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}/export"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_zone_export",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Create Zone Export",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zone_exports",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="List Zone Exports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_export",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Get Zone Exports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_zone_export",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Update Zone Exports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_zone_export",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Delete a zone export",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/exports/{zone_export_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_zone_import",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Create Zone Import",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zone_imports",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="List all Zone Imports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/imports"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_import",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Get Zone Imports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/imports/{zone_import_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_zone_import",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Update Zone Imports",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_zone_import",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Delete a Zone Import",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/imports/{zone_import_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_zone_transfer_accept",
|
|
check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"),
|
|
description="Create Zone Transfer Accept",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/tasks/transfer_accepts"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_transfer_accept",
|
|
check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"),
|
|
description="Get Zone Transfer Accept",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_accept_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zone_transfer_accepts",
|
|
check_str=("role:admin"),
|
|
description="List Zone Transfer Accepts",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_accepts"}],
|
|
),
|
|
base.APIRule(
|
|
name="create_zone_transfer_request",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Create Zone Transfer Accept",
|
|
scope_types=["project"],
|
|
operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/transfer_requests"}],
|
|
),
|
|
base.APIRule(
|
|
name="get_zone_transfer_request",
|
|
check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"),
|
|
description="Show a Zone Transfer Request",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="find_zone_transfer_requests",
|
|
check_str=("@"),
|
|
description="List Zone Transfer Requests",
|
|
scope_types=["project"],
|
|
operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests"}],
|
|
),
|
|
base.APIRule(
|
|
name="update_zone_transfer_request",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Update a Zone Transfer Request",
|
|
scope_types=["project"],
|
|
operations=[{"method": "PATCH", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
|
|
),
|
|
base.APIRule(
|
|
name="delete_zone_transfer_request",
|
|
check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"),
|
|
description="Delete a Zone Transfer Request",
|
|
scope_types=["project"],
|
|
operations=[{"method": "DELETE", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}],
|
|
),
|
|
)
|
|
|
|
__all__ = ("list_rules",)
|