6f610d2d87
Enable creating, reading, updating, and deleting subnet pools via REST API. Includes required changes to REST, model, alembic migrations, and unit tests. Subnet pools carry a list of IPv4 or IPv6 prefixes from which a subnet can be allocated. This will enable tenants to request a subnet from a pool rather than being forced to explicitly provide their own CIDR's for their subnets. This change simply enables managing the lifecycle of a subnet pool and does not yet enable allocation of subnet prefixes from a pool. Subnet pools can have their prefix bounds (min, max, default), name, and prefix list updated. Changes to prefix bounds do not alter existing allocations and will not be blocked by existing allocations. Prefix lists can only be appended to. Prefixes cannot be removed from the pool once added. ApiImpact Partially-Implements: blueprint subnet-allocation Change-Id: I88c6b15aab258069758f1a9423d6616ceb4a33c4
155 lines
7.0 KiB
JSON
155 lines
7.0 KiB
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
|
|
"context_is_advsvc": "role:advsvc",
|
|
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
|
|
"admin_only": "rule:context_is_admin",
|
|
"regular_user": "",
|
|
"shared": "field:networks:shared=True",
|
|
"shared_firewalls": "field:firewalls:shared=True",
|
|
"shared_firewall_policies": "field:firewall_policies:shared=True",
|
|
"shared_subnetpools": "field:subnetpools:shared=True",
|
|
"external": "field:networks:router:external=True",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"create_subnet": "rule:admin_or_network_owner",
|
|
"get_subnet": "rule:admin_or_owner or rule:shared",
|
|
"update_subnet": "rule:admin_or_network_owner",
|
|
"delete_subnet": "rule:admin_or_network_owner",
|
|
|
|
"create_subnetpool": "",
|
|
"create_subnetpool:shared": "rule:admin_only",
|
|
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
|
|
"update_subnetpool": "rule:admin_or_owner",
|
|
"delete_subnetpool": "rule:admin_or_owner",
|
|
|
|
"create_network": "",
|
|
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
|
|
"get_network:router:external": "rule:regular_user",
|
|
"get_network:segments": "rule:admin_only",
|
|
"get_network:provider:network_type": "rule:admin_only",
|
|
"get_network:provider:physical_network": "rule:admin_only",
|
|
"get_network:provider:segmentation_id": "rule:admin_only",
|
|
"get_network:queue_id": "rule:admin_only",
|
|
"create_network:shared": "rule:admin_only",
|
|
"create_network:router:external": "rule:admin_only",
|
|
"create_network:segments": "rule:admin_only",
|
|
"create_network:provider:network_type": "rule:admin_only",
|
|
"create_network:provider:physical_network": "rule:admin_only",
|
|
"create_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network": "rule:admin_or_owner",
|
|
"update_network:segments": "rule:admin_only",
|
|
"update_network:shared": "rule:admin_only",
|
|
"update_network:provider:network_type": "rule:admin_only",
|
|
"update_network:provider:physical_network": "rule:admin_only",
|
|
"update_network:provider:segmentation_id": "rule:admin_only",
|
|
"update_network:router:external": "rule:admin_only",
|
|
"delete_network": "rule:admin_or_owner",
|
|
|
|
"create_port": "",
|
|
"create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"create_port:binding:host_id": "rule:admin_only",
|
|
"create_port:binding:profile": "rule:admin_only",
|
|
"create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
"get_port:queue_id": "rule:admin_only",
|
|
"get_port:binding:vif_type": "rule:admin_only",
|
|
"get_port:binding:vif_details": "rule:admin_only",
|
|
"get_port:binding:host_id": "rule:admin_only",
|
|
"get_port:binding:profile": "rule:admin_only",
|
|
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
|
|
"update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"update_port:binding:host_id": "rule:admin_only",
|
|
"update_port:binding:profile": "rule:admin_only",
|
|
"update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
|
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
|
|
|
"get_router:ha": "rule:admin_only",
|
|
"create_router": "rule:regular_user",
|
|
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"create_router:distributed": "rule:admin_only",
|
|
"create_router:ha": "rule:admin_only",
|
|
"get_router": "rule:admin_or_owner",
|
|
"get_router:distributed": "rule:admin_only",
|
|
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
|
"update_router:distributed": "rule:admin_only",
|
|
"update_router:ha": "rule:admin_only",
|
|
"delete_router": "rule:admin_or_owner",
|
|
|
|
"add_router_interface": "rule:admin_or_owner",
|
|
"remove_router_interface": "rule:admin_or_owner",
|
|
|
|
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
|
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
|
|
|
|
"create_firewall": "",
|
|
"get_firewall": "rule:admin_or_owner",
|
|
"create_firewall:shared": "rule:admin_only",
|
|
"get_firewall:shared": "rule:admin_only",
|
|
"update_firewall": "rule:admin_or_owner",
|
|
"update_firewall:shared": "rule:admin_only",
|
|
"delete_firewall": "rule:admin_or_owner",
|
|
|
|
"create_firewall_policy": "",
|
|
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
|
|
"create_firewall_policy:shared": "rule:admin_or_owner",
|
|
"update_firewall_policy": "rule:admin_or_owner",
|
|
"delete_firewall_policy": "rule:admin_or_owner",
|
|
|
|
"create_firewall_rule": "",
|
|
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
|
"update_firewall_rule": "rule:admin_or_owner",
|
|
"delete_firewall_rule": "rule:admin_or_owner",
|
|
|
|
"create_qos_queue": "rule:admin_only",
|
|
"get_qos_queue": "rule:admin_only",
|
|
|
|
"update_agent": "rule:admin_only",
|
|
"delete_agent": "rule:admin_only",
|
|
"get_agent": "rule:admin_only",
|
|
|
|
"create_dhcp-network": "rule:admin_only",
|
|
"delete_dhcp-network": "rule:admin_only",
|
|
"get_dhcp-networks": "rule:admin_only",
|
|
"create_l3-router": "rule:admin_only",
|
|
"delete_l3-router": "rule:admin_only",
|
|
"get_l3-routers": "rule:admin_only",
|
|
"get_dhcp-agents": "rule:admin_only",
|
|
"get_l3-agents": "rule:admin_only",
|
|
"get_loadbalancer-agent": "rule:admin_only",
|
|
"get_loadbalancer-pools": "rule:admin_only",
|
|
"get_agent-loadbalancers": "rule:admin_only",
|
|
"get_loadbalancer-hosting-agent": "rule:admin_only",
|
|
|
|
"create_floatingip": "rule:regular_user",
|
|
"create_floatingip:floating_ip_address": "rule:admin_only",
|
|
"update_floatingip": "rule:admin_or_owner",
|
|
"delete_floatingip": "rule:admin_or_owner",
|
|
"get_floatingip": "rule:admin_or_owner",
|
|
|
|
"create_network_profile": "rule:admin_only",
|
|
"update_network_profile": "rule:admin_only",
|
|
"delete_network_profile": "rule:admin_only",
|
|
"get_network_profiles": "",
|
|
"get_network_profile": "",
|
|
"update_policy_profiles": "rule:admin_only",
|
|
"get_policy_profiles": "",
|
|
"get_policy_profile": "",
|
|
|
|
"create_metering_label": "rule:admin_only",
|
|
"delete_metering_label": "rule:admin_only",
|
|
"get_metering_label": "rule:admin_only",
|
|
|
|
"create_metering_label_rule": "rule:admin_only",
|
|
"delete_metering_label_rule": "rule:admin_only",
|
|
"get_metering_label_rule": "rule:admin_only",
|
|
|
|
"get_service_provider": "rule:regular_user",
|
|
"get_lsn": "rule:admin_only",
|
|
"create_lsn": "rule:admin_only"
|
|
}
|