chore: Add license for python file and update policy

1. Add license for python file
2. Update the policy for all services

Change-Id: I4bc6a68874afe1cc51da1a24d278165356d5dec3
This commit is contained in:
Boxiang Zhu 2022-08-25 14:34:43 +08:00
parent f097842c86
commit f3dacbcea7
18 changed files with 526 additions and 254 deletions

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations from __future__ import annotations
from fastapi import APIRouter, Depends, HTTPException, Query, status from fastapi import APIRouter, Depends, HTTPException, Query, status

View File

@ -166,6 +166,20 @@ def generate_rule(service: str) -> None:
rules.append(Rule.from_oslo(rule)) rules.append(Rule.from_oslo(rule))
header_str = """\ header_str = """\
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off
@ -99,11 +113,31 @@ list_rules = (
check_str=("rule:all_users and rule:container_project_match and not rule:container_private_read"), check_str=("rule:all_users and rule:container_project_match and not rule:container_private_read"),
description="No description", description="No description",
), ),
base.Rule(
name="secret_project_reader",
check_str=("role:reader and rule:secret_project_match"),
description="No description",
),
base.Rule(
name="secret_project_member",
check_str=("role:member and rule:secret_project_match"),
description="No description",
),
base.Rule( base.Rule(
name="secret_project_admin", name="secret_project_admin",
check_str=("rule:admin and rule:secret_project_match"), check_str=("rule:admin and rule:secret_project_match"),
description="No description", description="No description",
), ),
base.Rule(
name="secret_owner",
check_str=("user_id:%(target.secret.creator_id)s"),
description="No description",
),
base.Rule(
name="secret_is_not_private",
check_str=("True:%(target.secret.read_project_access)s"),
description="No description",
),
base.Rule( base.Rule(
name="secret_project_creator", name="secret_project_creator",
check_str=("rule:creator and rule:secret_project_match and rule:secret_creator_user"), check_str=("rule:creator and rule:secret_project_match and rule:secret_creator_user"),
@ -355,42 +389,42 @@ list_rules = (
), ),
base.APIRule( base.APIRule(
name="secret:decrypt", name="secret:decrypt",
check_str=("rule:secret_decrypt_non_private_read or rule:secret_project_creator or rule:secret_project_admin or rule:secret_acl_read or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"), check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"),
description="Retrieve a secrets payload.", description="Retrieve a secrets payload.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v1/secrets/{uuid}/payload"}], operations=[{"method": "GET", "path": "/v1/secrets/{uuid}/payload"}],
), ),
base.APIRule( base.APIRule(
name="secret:get", name="secret:get",
check_str=("rule:secret_non_private_read or rule:secret_project_creator or rule:secret_project_admin or rule:secret_acl_read or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"), check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"),
description="Retrieves a secrets metadata.", description="Retrieves a secrets metadata.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}"}], operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}"}],
), ),
base.APIRule( base.APIRule(
name="secret:put", name="secret:put",
check_str=("rule:admin_or_creator and rule:secret_project_match or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"), check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"),
description="Add the payload to an existing metadata-only secret.", description="Add the payload to an existing metadata-only secret.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}"}], operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}"}],
), ),
base.APIRule( base.APIRule(
name="secret:delete", name="secret:delete",
check_str=("rule:secret_project_admin or rule:secret_project_creator or (rule:secret_project_creator_role and not rule:secret_private_read) or (role:member and project_id:%(target.secret.project_id)s and (user_id:%(target.secret.creator_id)s or True:%(target.secret.read_project_access)s)) or role:admin and project_id:%(target.secret.project_id)s"), check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"),
description="Delete a secret by uuid.", description="Delete a secret by uuid.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}"}], operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}"}],
), ),
base.APIRule( base.APIRule(
name="secrets:post", name="secrets:post",
check_str=("rule:admin_or_creator or role:member"), check_str=("True:%(enforce_new_defaults)s and role:member"),
description="Creates a Secret entity.", description="Creates a Secret entity.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/v1/secrets"}], operations=[{"method": "POST", "path": "/v1/secrets"}],
), ),
base.APIRule( base.APIRule(
name="secrets:get", name="secrets:get",
check_str=("rule:all_but_audit or role:member"), check_str=("True:%(enforce_new_defaults)s and role:member"),
description="Lists a projects secrets.", description="Lists a projects secrets.",
scope_types=["project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/v1/secrets"}], operations=[{"method": "GET", "path": "/v1/secrets"}],

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off
@ -64,63 +78,63 @@ list_rules = (
name="os_compute_api:os-aggregates:set_metadata", name="os_compute_api:os-aggregates:set_metadata",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Create or replace metadata for an aggregate", description="Create or replace metadata for an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}], operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:add_host", name="os_compute_api:os-aggregates:add_host",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Add a host to an aggregate", description="Add a host to an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}], operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:create", name="os_compute_api:os-aggregates:create",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Create an aggregate", description="Create an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-aggregates"}], operations=[{"method": "POST", "path": "/os-aggregates"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:remove_host", name="os_compute_api:os-aggregates:remove_host",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Remove a host from an aggregate", description="Remove a host from an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}], operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:update", name="os_compute_api:os-aggregates:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update name and/or availability zone for an aggregate", description="Update name and/or availability zone for an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}], operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:index", name="os_compute_api:os-aggregates:index",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all aggregates", description="List all aggregates",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-aggregates"}], operations=[{"method": "GET", "path": "/os-aggregates"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:delete", name="os_compute_api:os-aggregates:delete",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Delete an aggregate", description="Delete an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}], operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-aggregates:show", name="os_compute_api:os-aggregates:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show details for an aggregate", description="Show details for an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}], operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}],
), ),
base.APIRule( base.APIRule(
name="compute:aggregates:images", name="compute:aggregates:images",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Request image caching for an aggregate", description="Request image caching for an aggregate",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}], operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}],
), ),
base.APIRule( base.APIRule(
@ -169,28 +183,28 @@ list_rules = (
name="os_compute_api:os-availability-zone:list", name="os_compute_api:os-availability-zone:list",
check_str=("@"), check_str=("@"),
description="List availability zone information without host information", description="List availability zone information without host information",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-availability-zone"}], operations=[{"method": "GET", "path": "/os-availability-zone"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-availability-zone:detail", name="os_compute_api:os-availability-zone:detail",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List detailed availability zone information with host information", description="List detailed availability zone information with host information",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-availability-zone/detail"}], operations=[{"method": "GET", "path": "/os-availability-zone/detail"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-baremetal-nodes:list", name="os_compute_api:os-baremetal-nodes:list",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#", description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-baremetal-nodes"}], operations=[{"method": "GET", "path": "/os-baremetal-nodes"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-baremetal-nodes:show", name="os_compute_api:os-baremetal-nodes:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show action details for a server.", description="Show action details for a server.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}], operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}],
), ),
base.APIRule( base.APIRule(
@ -246,91 +260,91 @@ list_rules = (
name="os_compute_api:extensions", name="os_compute_api:extensions",
check_str=("@"), check_str=("@"),
description="List available extensions and show information for an extension by alias", description="List available extensions and show information for an extension by alias",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/extensions"}, {"method": "GET", "path": "/extensions/{alias}"}], operations=[{"method": "GET", "path": "/extensions"}, {"method": "GET", "path": "/extensions/{alias}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-access:add_tenant_access", name="os_compute_api:os-flavor-access:add_tenant_access",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Add flavor access to a tenant", description="Add flavor access to a tenant",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-access:remove_tenant_access", name="os_compute_api:os-flavor-access:remove_tenant_access",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Remove flavor access from a tenant", description="Remove flavor access from a tenant",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-access", name="os_compute_api:os-flavor-access",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#", description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}], operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-extra-specs:show", name="os_compute_api:os-flavor-extra-specs:show",
check_str=("rule:project_reader_or_admin"), check_str=("rule:project_reader_or_admin"),
description="Show an extra spec for a flavor", description="Show an extra spec for a flavor",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-extra-specs:create", name="os_compute_api:os-flavor-extra-specs:create",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Create extra specs for a flavor", description="Create extra specs for a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}], operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-extra-specs:update", name="os_compute_api:os-flavor-extra-specs:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update an extra spec for a flavor", description="Update an extra spec for a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], operations=[{"method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-extra-specs:delete", name="os_compute_api:os-flavor-extra-specs:delete",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Delete an extra spec for a flavor", description="Delete an extra spec for a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-extra-specs:index", name="os_compute_api:os-flavor-extra-specs:index",
check_str=("rule:project_reader_or_admin"), check_str=("rule:project_reader_or_admin"),
description="List extra specs for a flavor. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.", description="List extra specs for a flavor. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, {"method": "POST", "path": "/flavors"}, {"method": "GET", "path": "/flavors/detail"}, {"method": "GET", "path": "/flavors/{flavor_id}"}, {"method": "PUT", "path": "/flavors/{flavor_id}"}], operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, {"method": "POST", "path": "/flavors"}, {"method": "GET", "path": "/flavors/detail"}, {"method": "GET", "path": "/flavors/{flavor_id}"}, {"method": "PUT", "path": "/flavors/{flavor_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-manage:create", name="os_compute_api:os-flavor-manage:create",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Create a flavor", description="Create a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "POST", "path": "/flavors"}], operations=[{"method": "POST", "path": "/flavors"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-manage:update", name="os_compute_api:os-flavor-manage:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update a flavor", description="Update a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}], operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-flavor-manage:delete", name="os_compute_api:os-flavor-manage:delete",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Delete a flavor", description="Delete a flavor",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}], operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-floating-ip-pools", name="os_compute_api:os-floating-ip-pools",
check_str=("@"), check_str=("@"),
description="List floating IP pools. This API is deprecated.", description="List floating IP pools. This API is deprecated.",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-floating-ip-pools"}], operations=[{"method": "GET", "path": "/os-floating-ip-pools"}],
), ),
base.APIRule( base.APIRule(
@ -379,91 +393,91 @@ list_rules = (
name="os_compute_api:os-hosts:list", name="os_compute_api:os-hosts:list",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hosts"}], operations=[{"method": "GET", "path": "/os-hosts"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hosts:show", name="os_compute_api:os-hosts:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}], operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hosts:update", name="os_compute_api:os-hosts:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}], operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hosts:reboot", name="os_compute_api:os-hosts:reboot",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hosts:shutdown", name="os_compute_api:os-hosts:shutdown",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hosts:start", name="os_compute_api:os-hosts:start",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}], operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:list", name="os_compute_api:os-hypervisors:list",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all hypervisors.", description="List all hypervisors.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors"}], operations=[{"method": "GET", "path": "/os-hypervisors"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:list-detail", name="os_compute_api:os-hypervisors:list-detail",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all hypervisors with details", description="List all hypervisors with details",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/details"}], operations=[{"method": "GET", "path": "/os-hypervisors/details"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:statistics", name="os_compute_api:os-hypervisors:statistics",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show summary statistics for all hypervisors over all compute nodes.", description="Show summary statistics for all hypervisors over all compute nodes.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}], operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:show", name="os_compute_api:os-hypervisors:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show details for a hypervisor.", description="Show details for a hypervisor.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:uptime", name="os_compute_api:os-hypervisors:uptime",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Show the uptime of a hypervisor.", description="Show the uptime of a hypervisor.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:search", name="os_compute_api:os-hypervisors:search",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Search hypervisor by hypervisor_hostname pattern.", description="Search hypervisor by hypervisor_hostname pattern.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-hypervisors:servers", name="os_compute_api:os-hypervisors:servers",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.", description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}], operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}],
), ),
base.APIRule( base.APIRule(
@ -498,14 +512,14 @@ list_rules = (
name="os_compute_api:os-instance-usage-audit-log:list", name="os_compute_api:os-instance-usage-audit-log:list",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all usage audits.", description="List all usage audits.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}], operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-instance-usage-audit-log:show", name="os_compute_api:os-instance-usage-audit-log:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured", description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}], operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}],
), ),
base.APIRule( base.APIRule(
@ -526,28 +540,28 @@ list_rules = (
name="os_compute_api:os-keypairs:index", name="os_compute_api:os-keypairs:index",
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
description="List all keypairs", description="List all keypairs",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-keypairs"}], operations=[{"method": "GET", "path": "/os-keypairs"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-keypairs:create", name="os_compute_api:os-keypairs:create",
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
description="Create a keypair", description="Create a keypair",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "POST", "path": "/os-keypairs"}], operations=[{"method": "POST", "path": "/os-keypairs"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-keypairs:delete", name="os_compute_api:os-keypairs:delete",
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
description="Delete a keypair", description="Delete a keypair",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}], operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-keypairs:show", name="os_compute_api:os-keypairs:show",
check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), check_str=("(rule:context_is_admin) or user_id:%(user_id)s"),
description="Show details of a keypair", description="Show details of a keypair",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}], operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}],
), ),
base.APIRule( base.APIRule(
@ -652,14 +666,14 @@ list_rules = (
name="os_compute_api:os-quota-class-sets:show", name="os_compute_api:os-quota-class-sets:show",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List quotas for specific quota classs", description="List quotas for specific quota classs",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}], operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-quota-class-sets:update", name="os_compute_api:os-quota-class-sets:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update quotas for specific quota class", description="Update quotas for specific quota class",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}], operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}],
), ),
base.APIRule( base.APIRule(
@ -673,7 +687,7 @@ list_rules = (
name="os_compute_api:os-quota-sets:defaults", name="os_compute_api:os-quota-sets:defaults",
check_str=("@"), check_str=("@"),
description="List default quotas", description="List default quotas",
scope_types=["system", "project"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}], operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}],
), ),
base.APIRule( base.APIRule(
@ -1198,21 +1212,21 @@ list_rules = (
name="os_compute_api:os-services:list", name="os_compute_api:os-services:list",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="List all running Compute services in a region.", description="List all running Compute services in a region.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "GET", "path": "/os-services"}], operations=[{"method": "GET", "path": "/os-services"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-services:update", name="os_compute_api:os-services:update",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Update a Compute service.", description="Update a Compute service.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "PUT", "path": "/os-services/{service_id}"}], operations=[{"method": "PUT", "path": "/os-services/{service_id}"}],
), ),
base.APIRule( base.APIRule(
name="os_compute_api:os-services:delete", name="os_compute_api:os-services:delete",
check_str=("rule:context_is_admin"), check_str=("rule:context_is_admin"),
description="Delete a Compute service.", description="Delete a Compute service.",
scope_types=["system"], scope_types=["project"],
operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}], operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}],
), ),
base.APIRule( base.APIRule(

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# flake8: noqa # flake8: noqa
# fmt: off # fmt: off

View File

@ -1,3 +1,17 @@
# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations from __future__ import annotations
from typing import Any, Dict, List, Optional from typing import Any, Dict, List, Optional