chore: Add license for python file and update policy
1. Add license for python file 2. Update the policy for all services Change-Id: I4bc6a68874afe1cc51da1a24d278165356d5dec3
This commit is contained in:
parent
f097842c86
commit
f3dacbcea7
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
from fastapi import APIRouter, Depends, HTTPException, Query, status
|
from fastapi import APIRouter, Depends, HTTPException, Query, status
|
||||||
|
@ -166,6 +166,20 @@ def generate_rule(service: str) -> None:
|
|||||||
rules.append(Rule.from_oslo(rule))
|
rules.append(Rule.from_oslo(rule))
|
||||||
|
|
||||||
header_str = """\
|
header_str = """\
|
||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
@ -99,11 +113,31 @@ list_rules = (
|
|||||||
check_str=("rule:all_users and rule:container_project_match and not rule:container_private_read"),
|
check_str=("rule:all_users and rule:container_project_match and not rule:container_private_read"),
|
||||||
description="No description",
|
description="No description",
|
||||||
),
|
),
|
||||||
|
base.Rule(
|
||||||
|
name="secret_project_reader",
|
||||||
|
check_str=("role:reader and rule:secret_project_match"),
|
||||||
|
description="No description",
|
||||||
|
),
|
||||||
|
base.Rule(
|
||||||
|
name="secret_project_member",
|
||||||
|
check_str=("role:member and rule:secret_project_match"),
|
||||||
|
description="No description",
|
||||||
|
),
|
||||||
base.Rule(
|
base.Rule(
|
||||||
name="secret_project_admin",
|
name="secret_project_admin",
|
||||||
check_str=("rule:admin and rule:secret_project_match"),
|
check_str=("rule:admin and rule:secret_project_match"),
|
||||||
description="No description",
|
description="No description",
|
||||||
),
|
),
|
||||||
|
base.Rule(
|
||||||
|
name="secret_owner",
|
||||||
|
check_str=("user_id:%(target.secret.creator_id)s"),
|
||||||
|
description="No description",
|
||||||
|
),
|
||||||
|
base.Rule(
|
||||||
|
name="secret_is_not_private",
|
||||||
|
check_str=("True:%(target.secret.read_project_access)s"),
|
||||||
|
description="No description",
|
||||||
|
),
|
||||||
base.Rule(
|
base.Rule(
|
||||||
name="secret_project_creator",
|
name="secret_project_creator",
|
||||||
check_str=("rule:creator and rule:secret_project_match and rule:secret_creator_user"),
|
check_str=("rule:creator and rule:secret_project_match and rule:secret_creator_user"),
|
||||||
@ -355,42 +389,42 @@ list_rules = (
|
|||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secret:decrypt",
|
name="secret:decrypt",
|
||||||
check_str=("rule:secret_decrypt_non_private_read or rule:secret_project_creator or rule:secret_project_admin or rule:secret_acl_read or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"),
|
check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"),
|
||||||
description="Retrieve a secrets payload.",
|
description="Retrieve a secrets payload.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/v1/secrets/{uuid}/payload"}],
|
operations=[{"method": "GET", "path": "/v1/secrets/{uuid}/payload"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secret:get",
|
name="secret:get",
|
||||||
check_str=("rule:secret_non_private_read or rule:secret_project_creator or rule:secret_project_admin or rule:secret_acl_read or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"),
|
check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"),
|
||||||
description="Retrieves a secrets metadata.",
|
description="Retrieves a secrets metadata.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}"}],
|
operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secret:put",
|
name="secret:put",
|
||||||
check_str=("rule:admin_or_creator and rule:secret_project_match or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"),
|
check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"),
|
||||||
description="Add the payload to an existing metadata-only secret.",
|
description="Add the payload to an existing metadata-only secret.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}"}],
|
operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secret:delete",
|
name="secret:delete",
|
||||||
check_str=("rule:secret_project_admin or rule:secret_project_creator or (rule:secret_project_creator_role and not rule:secret_private_read) or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"),
|
check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"),
|
||||||
description="Delete a secret by uuid.",
|
description="Delete a secret by uuid.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}"}],
|
operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secrets:post",
|
name="secrets:post",
|
||||||
check_str=("rule:admin_or_creator or role:member"),
|
check_str=("True:%(enforce_new_defaults)s and role:member"),
|
||||||
description="Creates a Secret entity.",
|
description="Creates a Secret entity.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/v1/secrets"}],
|
operations=[{"method": "POST", "path": "/v1/secrets"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="secrets:get",
|
name="secrets:get",
|
||||||
check_str=("rule:all_but_audit or role:member"),
|
check_str=("True:%(enforce_new_defaults)s and role:member"),
|
||||||
description="Lists a projects secrets.",
|
description="Lists a projects secrets.",
|
||||||
scope_types=["project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/v1/secrets"}],
|
operations=[{"method": "GET", "path": "/v1/secrets"}],
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
@ -64,63 +78,63 @@ list_rules = (
|
|||||||
name="os_compute_api:os-aggregates:set_metadata",
|
name="os_compute_api:os-aggregates:set_metadata",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Create or replace metadata for an aggregate",
|
description="Create or replace metadata for an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}],
|
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:add_host",
|
name="os_compute_api:os-aggregates:add_host",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Add a host to an aggregate",
|
description="Add a host to an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}],
|
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:create",
|
name="os_compute_api:os-aggregates:create",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Create an aggregate",
|
description="Create an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-aggregates"}],
|
operations=[{"method": "POST", "path": "/os-aggregates"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:remove_host",
|
name="os_compute_api:os-aggregates:remove_host",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Remove a host from an aggregate",
|
description="Remove a host from an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}],
|
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:update",
|
name="os_compute_api:os-aggregates:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update name and/or availability zone for an aggregate",
|
description="Update name and/or availability zone for an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}],
|
operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:index",
|
name="os_compute_api:os-aggregates:index",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all aggregates",
|
description="List all aggregates",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-aggregates"}],
|
operations=[{"method": "GET", "path": "/os-aggregates"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:delete",
|
name="os_compute_api:os-aggregates:delete",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Delete an aggregate",
|
description="Delete an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}],
|
operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-aggregates:show",
|
name="os_compute_api:os-aggregates:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show details for an aggregate",
|
description="Show details for an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}],
|
operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="compute:aggregates:images",
|
name="compute:aggregates:images",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Request image caching for an aggregate",
|
description="Request image caching for an aggregate",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}],
|
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -169,28 +183,28 @@ list_rules = (
|
|||||||
name="os_compute_api:os-availability-zone:list",
|
name="os_compute_api:os-availability-zone:list",
|
||||||
check_str=("@"),
|
check_str=("@"),
|
||||||
description="List availability zone information without host information",
|
description="List availability zone information without host information",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-availability-zone"}],
|
operations=[{"method": "GET", "path": "/os-availability-zone"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-availability-zone:detail",
|
name="os_compute_api:os-availability-zone:detail",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List detailed availability zone information with host information",
|
description="List detailed availability zone information with host information",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-availability-zone/detail"}],
|
operations=[{"method": "GET", "path": "/os-availability-zone/detail"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-baremetal-nodes:list",
|
name="os_compute_api:os-baremetal-nodes:list",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#",
|
description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-baremetal-nodes"}],
|
operations=[{"method": "GET", "path": "/os-baremetal-nodes"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-baremetal-nodes:show",
|
name="os_compute_api:os-baremetal-nodes:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show action details for a server.",
|
description="Show action details for a server.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}],
|
operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -246,91 +260,91 @@ list_rules = (
|
|||||||
name="os_compute_api:extensions",
|
name="os_compute_api:extensions",
|
||||||
check_str=("@"),
|
check_str=("@"),
|
||||||
description="List available extensions and show information for an extension by alias",
|
description="List available extensions and show information for an extension by alias",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/extensions"}, {"method": "GET", "path": "/extensions/{alias}"}],
|
operations=[{"method": "GET", "path": "/extensions"}, {"method": "GET", "path": "/extensions/{alias}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-access:add_tenant_access",
|
name="os_compute_api:os-flavor-access:add_tenant_access",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Add flavor access to a tenant",
|
description="Add flavor access to a tenant",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}],
|
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-access:remove_tenant_access",
|
name="os_compute_api:os-flavor-access:remove_tenant_access",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Remove flavor access from a tenant",
|
description="Remove flavor access from a tenant",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}],
|
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-access",
|
name="os_compute_api:os-flavor-access",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#",
|
description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}],
|
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-extra-specs:show",
|
name="os_compute_api:os-flavor-extra-specs:show",
|
||||||
check_str=("rule:project_reader_or_admin"),
|
check_str=("rule:project_reader_or_admin"),
|
||||||
description="Show an extra spec for a flavor",
|
description="Show an extra spec for a flavor",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-extra-specs:create",
|
name="os_compute_api:os-flavor-extra-specs:create",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Create extra specs for a flavor",
|
description="Create extra specs for a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}],
|
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-extra-specs:update",
|
name="os_compute_api:os-flavor-extra-specs:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update an extra spec for a flavor",
|
description="Update an extra spec for a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-extra-specs:delete",
|
name="os_compute_api:os-flavor-extra-specs:delete",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Delete an extra spec for a flavor",
|
description="Delete an extra spec for a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-extra-specs:index",
|
name="os_compute_api:os-flavor-extra-specs:index",
|
||||||
check_str=("rule:project_reader_or_admin"),
|
check_str=("rule:project_reader_or_admin"),
|
||||||
description="List extra specs for a flavor. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.",
|
description="List extra specs for a flavor. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, {"method": "POST", "path": "/flavors"}, {"method": "GET", "path": "/flavors/detail"}, {"method": "GET", "path": "/flavors/{flavor_id}"}, {"method": "PUT", "path": "/flavors/{flavor_id}"}],
|
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, {"method": "POST", "path": "/flavors"}, {"method": "GET", "path": "/flavors/detail"}, {"method": "GET", "path": "/flavors/{flavor_id}"}, {"method": "PUT", "path": "/flavors/{flavor_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-manage:create",
|
name="os_compute_api:os-flavor-manage:create",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Create a flavor",
|
description="Create a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/flavors"}],
|
operations=[{"method": "POST", "path": "/flavors"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-manage:update",
|
name="os_compute_api:os-flavor-manage:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update a flavor",
|
description="Update a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}],
|
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-flavor-manage:delete",
|
name="os_compute_api:os-flavor-manage:delete",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Delete a flavor",
|
description="Delete a flavor",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}],
|
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-floating-ip-pools",
|
name="os_compute_api:os-floating-ip-pools",
|
||||||
check_str=("@"),
|
check_str=("@"),
|
||||||
description="List floating IP pools. This API is deprecated.",
|
description="List floating IP pools. This API is deprecated.",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-floating-ip-pools"}],
|
operations=[{"method": "GET", "path": "/os-floating-ip-pools"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -379,91 +393,91 @@ list_rules = (
|
|||||||
name="os_compute_api:os-hosts:list",
|
name="os_compute_api:os-hosts:list",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hosts"}],
|
operations=[{"method": "GET", "path": "/os-hosts"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hosts:show",
|
name="os_compute_api:os-hosts:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}],
|
operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hosts:update",
|
name="os_compute_api:os-hosts:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}],
|
operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hosts:reboot",
|
name="os_compute_api:os-hosts:reboot",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}],
|
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hosts:shutdown",
|
name="os_compute_api:os-hosts:shutdown",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}],
|
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hosts:start",
|
name="os_compute_api:os-hosts:start",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}],
|
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:list",
|
name="os_compute_api:os-hypervisors:list",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all hypervisors.",
|
description="List all hypervisors.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:list-detail",
|
name="os_compute_api:os-hypervisors:list-detail",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all hypervisors with details",
|
description="List all hypervisors with details",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/details"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/details"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:statistics",
|
name="os_compute_api:os-hypervisors:statistics",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show summary statistics for all hypervisors over all compute nodes.",
|
description="Show summary statistics for all hypervisors over all compute nodes.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:show",
|
name="os_compute_api:os-hypervisors:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show details for a hypervisor.",
|
description="Show details for a hypervisor.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:uptime",
|
name="os_compute_api:os-hypervisors:uptime",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Show the uptime of a hypervisor.",
|
description="Show the uptime of a hypervisor.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:search",
|
name="os_compute_api:os-hypervisors:search",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Search hypervisor by hypervisor_hostname pattern.",
|
description="Search hypervisor by hypervisor_hostname pattern.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-hypervisors:servers",
|
name="os_compute_api:os-hypervisors:servers",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.",
|
description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}],
|
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -498,14 +512,14 @@ list_rules = (
|
|||||||
name="os_compute_api:os-instance-usage-audit-log:list",
|
name="os_compute_api:os-instance-usage-audit-log:list",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all usage audits.",
|
description="List all usage audits.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}],
|
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-instance-usage-audit-log:show",
|
name="os_compute_api:os-instance-usage-audit-log:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured",
|
description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}],
|
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -526,28 +540,28 @@ list_rules = (
|
|||||||
name="os_compute_api:os-keypairs:index",
|
name="os_compute_api:os-keypairs:index",
|
||||||
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
||||||
description="List all keypairs",
|
description="List all keypairs",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-keypairs"}],
|
operations=[{"method": "GET", "path": "/os-keypairs"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-keypairs:create",
|
name="os_compute_api:os-keypairs:create",
|
||||||
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
||||||
description="Create a keypair",
|
description="Create a keypair",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "POST", "path": "/os-keypairs"}],
|
operations=[{"method": "POST", "path": "/os-keypairs"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-keypairs:delete",
|
name="os_compute_api:os-keypairs:delete",
|
||||||
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
||||||
description="Delete a keypair",
|
description="Delete a keypair",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}],
|
operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-keypairs:show",
|
name="os_compute_api:os-keypairs:show",
|
||||||
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
|
||||||
description="Show details of a keypair",
|
description="Show details of a keypair",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}],
|
operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -652,14 +666,14 @@ list_rules = (
|
|||||||
name="os_compute_api:os-quota-class-sets:show",
|
name="os_compute_api:os-quota-class-sets:show",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List quotas for specific quota classs",
|
description="List quotas for specific quota classs",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}],
|
operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-quota-class-sets:update",
|
name="os_compute_api:os-quota-class-sets:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update quotas for specific quota class",
|
description="Update quotas for specific quota class",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}],
|
operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -673,7 +687,7 @@ list_rules = (
|
|||||||
name="os_compute_api:os-quota-sets:defaults",
|
name="os_compute_api:os-quota-sets:defaults",
|
||||||
check_str=("@"),
|
check_str=("@"),
|
||||||
description="List default quotas",
|
description="List default quotas",
|
||||||
scope_types=["system", "project"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}],
|
operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
@ -1198,21 +1212,21 @@ list_rules = (
|
|||||||
name="os_compute_api:os-services:list",
|
name="os_compute_api:os-services:list",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="List all running Compute services in a region.",
|
description="List all running Compute services in a region.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "GET", "path": "/os-services"}],
|
operations=[{"method": "GET", "path": "/os-services"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-services:update",
|
name="os_compute_api:os-services:update",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Update a Compute service.",
|
description="Update a Compute service.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "PUT", "path": "/os-services/{service_id}"}],
|
operations=[{"method": "PUT", "path": "/os-services/{service_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
name="os_compute_api:os-services:delete",
|
name="os_compute_api:os-services:delete",
|
||||||
check_str=("rule:context_is_admin"),
|
check_str=("rule:context_is_admin"),
|
||||||
description="Delete a Compute service.",
|
description="Delete a Compute service.",
|
||||||
scope_types=["system"],
|
scope_types=["project"],
|
||||||
operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}],
|
operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}],
|
||||||
),
|
),
|
||||||
base.APIRule(
|
base.APIRule(
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
# fmt: off
|
# fmt: off
|
||||||
|
|
||||||
|
@ -1,3 +1,17 @@
|
|||||||
|
# Copyright 2022 99cloud
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
from __future__ import annotations
|
from __future__ import annotations
|
||||||
|
|
||||||
from typing import Any, Dict, List, Optional
|
from typing import Any, Dict, List, Optional
|
||||||
|
Loading…
Reference in New Issue
Block a user