diff --git a/.isort.cfg b/.isort.cfg index c21e9e4..34c0f86 100644 --- a/.isort.cfg +++ b/.isort.cfg @@ -7,3 +7,7 @@ ensure_newline_before_comments = True line_length = 98 reverse_relative = true combine_as_imports = true + +[isort] +known_first_party = skyline_apiserver +known_third_party = skyline_console diff --git a/README.rst b/README.rst index 8edeac4..01cb530 100644 --- a/README.rst +++ b/README.rst @@ -159,7 +159,7 @@ Install & Run .. code:: bash tox -e venv - pip install -r requirements.txt -r test-requirements.txt + pip install -r requirements.txt -r test-requirements.txt -chttps://releases.openstack.org/constraints/upper/master pip install -e . 2. Set skyline.yaml config file diff --git a/requirements.txt b/requirements.txt index 1311ec7..fe2c672 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ pbr>=5.8.0 # Apache-2.0 -fastapi==0.111.0 # MIT -pydantic>=1.9.0,<2.0.0 +fastapi>=0.111.0 # MIT +pydantic>=2.11.7,<3.0.0 # MIT uvicorn==0.30.1 # BSD License (3 clause) gunicorn>=20.1.0 # MIT python-jose<=3.3.0 # MIT diff --git a/skyline_apiserver/api/v1/login.py b/skyline_apiserver/api/v1/login.py index 56f4c97..6173d32 100644 --- a/skyline_apiserver/api/v1/login.py +++ b/skyline_apiserver/api/v1/login.py @@ -20,12 +20,13 @@ from typing import Any, Dict, List, Optional, Tuple, Union from fastapi import status from fastapi.exceptions import HTTPException from fastapi.param_functions import Depends, Form, Header +from fastapi.responses import RedirectResponse from fastapi.routing import APIRouter from keystoneauth1.identity.v3 import Password, Token from keystoneauth1.session import Session from keystoneclient.client import Client as KeystoneClient from starlette.requests import Request -from starlette.responses import RedirectResponse, Response +from starlette.responses import Response from skyline_apiserver import schemas from skyline_apiserver.api import deps @@ -262,7 +263,7 @@ def get_sso(request: Request) -> schemas.SSO: "/websso", description="Websso", responses={ - 302: {"class": RedirectResponse}, + 302: {"description": "Redirect to SSO provider"}, 401: {"model": schemas.common.UnauthorizedMessage}, }, response_class=RedirectResponse, @@ -378,33 +379,33 @@ def logout( ) def switch_project( project_id: str, + request: Request, response: Response, - profile: schemas.Profile = Depends(deps.get_profile), x_openstack_request_id: str = Header( "", alias=constants.INBOUND_HEADER, regex=constants.INBOUND_HEADER_REGEX, ), ) -> schemas.Profile: + profile = deps.get_profile(request) + region = profile.region try: project_scope_token = get_project_scope_token( keystone_token=profile.keystone_token, - region=profile.region, + region=region, project_id=project_id, ) - - profile = generate_profile( + new_profile = generate_profile( keystone_token=project_scope_token, - region=profile.region, - uuid_value=profile.uuid, + region=region, ) - profile = _patch_profile(profile, x_openstack_request_id) + new_profile = _patch_profile(new_profile, x_openstack_request_id) except Exception as e: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e), ) else: - response.set_cookie(CONF.default.session_name, profile.toJWTPayload()) - response.set_cookie(constants.TIME_EXPIRED_KEY, str(profile.exp)) - return profile + response.set_cookie(CONF.default.session_name, new_profile.toJWTPayload()) + response.set_cookie(constants.TIME_EXPIRED_KEY, str(new_profile.exp)) + return new_profile diff --git a/skyline_apiserver/cmd/generate_nginx.py b/skyline_apiserver/cmd/generate_nginx.py index e76bf09..f70fe32 100644 --- a/skyline_apiserver/cmd/generate_nginx.py +++ b/skyline_apiserver/cmd/generate_nginx.py @@ -196,7 +196,7 @@ def main( endpoints = get_proxy_endpoints() context = { "skyline_console_static_path": static_path, - "endpoints": [i.dict() for i in endpoints.values()], + "endpoints": [i.model_dump() for i in endpoints.values()], "api_prefix": constants.API_PREFIX, } if ssl_certfile: diff --git a/skyline_apiserver/cmd/generate_swagger.py b/skyline_apiserver/cmd/generate_swagger.py index 5f043ae..54ee8f1 100644 --- a/skyline_apiserver/cmd/generate_swagger.py +++ b/skyline_apiserver/cmd/generate_swagger.py @@ -16,6 +16,7 @@ from __future__ import annotations import json import sys +import traceback import click @@ -41,6 +42,7 @@ def main(output_file_path: str) -> None: except Exception as e: print(f"Generate swagger file failed: {str(e)}") + traceback.print_exc() sys.exit(1) diff --git a/skyline_apiserver/cmd/policy_manager.py b/skyline_apiserver/cmd/policy_manager.py index 5be33af..6ed35d3 100644 --- a/skyline_apiserver/cmd/policy_manager.py +++ b/skyline_apiserver/cmd/policy_manager.py @@ -198,9 +198,9 @@ list_rules = (""" for r in rules: print( rule_format_str.format( - name=json.dumps(r.name), - check_str=json.dumps(r.check_str), - description=json.dumps(r.description), + name=r.name, + check_str=r.check_str, + description=r.description, ), ) @@ -216,11 +216,11 @@ list_rules = (""" for r in api_rules: print( apirule_format_str.format( - name=json.dumps(r.name), - check_str=json.dumps(r.check_str), - description=json.dumps(r.description), - scope_types=json.dumps(r.scope_types), - operations=json.dumps(r.operations), + name=r.name, + check_str=r.check_str, + description=r.description, + scope_types=r.scope_types, + operations=r.operations.model_dump(), ), ) diff --git a/skyline_apiserver/policy/manager/barbican.py b/skyline_apiserver/policy/manager/barbican.py index 75c8c36..107489b 100644 --- a/skyline_apiserver/policy/manager/barbican.py +++ b/skyline_apiserver/policy/manager/barbican.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -203,336 +205,336 @@ list_rules = ( check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Retrieve the ACL settings for a given secret.If no ACL is defined for that secret, then Default ACL is returned.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}/acl"}], + operations=[Operation(method="GET", path="/v1/secrets/{secret-id}/acl")], ), base.APIRule( name="secret_acls:delete", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Delete the ACL settings for a given secret.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}/acl"}], + operations=[Operation(method="DELETE", path="/v1/secrets/{secret-id}/acl")], ), base.APIRule( name="secret_acls:put_patch", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Create new, replaces, or updates existing ACL for a given secret.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}/acl"}, {"method": "PATCH", "path": "/v1/secrets/{secret-id}/acl"}], + operations=[Operation(method="PUT", path="/v1/secrets/{secret-id}/acl"), Operation(method="PATCH", path="/v1/secrets/{secret-id}/acl")], ), base.APIRule( name="container_acls:get", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Retrieve the ACL settings for a given container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container-id}/acl"}], + operations=[Operation(method="GET", path="/v1/containers/{container-id}/acl")], ), base.APIRule( name="container_acls:delete", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Delete ACL for a given container. No content is returned in the case of successful deletion.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container-id}/acl"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container-id}/acl")], ), base.APIRule( name="container_acls:put_patch", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Create new or replaces existing ACL for a given container.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/containers/{container-id}/acl"}, {"method": "PATCH", "path": "/v1/containers/{container-id}/acl"}], + operations=[Operation(method="PUT", path="/v1/containers/{container-id}/acl"), Operation(method="PATCH", path="/v1/containers/{container-id}/acl")], ), base.APIRule( name="consumer:get", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), description="DEPRECATED: show information for a specific consumer", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/containers/{container-id}/consumers/{consumer-id}"}], + operations=[Operation(method="GET", path="/v1/containers/{container-id}/consumers/{consumer-id}")], ), base.APIRule( name="container_consumers:get", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), description="List a containers consumers.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/containers/{container-id}/consumers"}], + operations=[Operation(method="GET", path="/v1/containers/{container-id}/consumers")], ), base.APIRule( name="container_consumers:post", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), description="Creates a consumer.", scope_types=["project", "system"], - operations=[{"method": "POST", "path": "/v1/containers/{container-id}/consumers"}], + operations=[Operation(method="POST", path="/v1/containers/{container-id}/consumers")], ), base.APIRule( name="container_consumers:delete", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), description="Deletes a consumer.", scope_types=["project", "system"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container-id}/consumers"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container-id}/consumers")], ), base.APIRule( name="secret_consumers:get", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="List consumers for a secret.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}/consumers"}], + operations=[Operation(method="GET", path="/v1/secrets/{secret-id}/consumers")], ), base.APIRule( name="secret_consumers:post", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="Creates a consumer.", scope_types=["project", "system"], - operations=[{"method": "POST", "path": "/v1/secrets/{secrets-id}/consumers"}], + operations=[Operation(method="POST", path="/v1/secrets/{secrets-id}/consumers")], ), base.APIRule( name="secret_consumers:delete", check_str=("True:%(enforce_new_defaults)s and (rule:system_admin or rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="Deletes a consumer.", scope_types=["project", "system"], - operations=[{"method": "DELETE", "path": "/v1/secrets/{secrets-id}/consumers"}], + operations=[Operation(method="DELETE", path="/v1/secrets/{secrets-id}/consumers")], ), base.APIRule( name="containers:post", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Creates a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="containers:get", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Lists a projects containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers"}], + operations=[Operation(method="GET", path="/v1/containers")], ), base.APIRule( name="container:get", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private) or rule:container_acl_read)"), description="Retrieves a single container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container-id}"}], + operations=[Operation(method="GET", path="/v1/containers/{container-id}")], ), base.APIRule( name="container:delete", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Deletes a container.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{uuid}"}], + operations=[Operation(method="DELETE", path="/v1/containers/{uuid}")], ), base.APIRule( name="container_secret:post", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Add a secret to an existing container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container-id}/secrets"}], + operations=[Operation(method="POST", path="/v1/containers/{container-id}/secrets")], ), base.APIRule( name="container_secret:delete", check_str=("True:%(enforce_new_defaults)s and (rule:container_project_admin or (rule:container_project_member and rule:container_owner) or (rule:container_project_member and rule:container_is_not_private))"), description="Remove a secret from a container.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container-id}/secrets/{secret-id}"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container-id}/secrets/{secret-id}")], ), base.APIRule( name="orders:get", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Gets list of all orders associated with a project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/orders"}], + operations=[Operation(method="GET", path="/v1/orders")], ), base.APIRule( name="orders:post", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Creates an order.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/orders"}], + operations=[Operation(method="POST", path="/v1/orders")], ), base.APIRule( name="orders:put", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Unsupported method for the orders API.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/orders"}], + operations=[Operation(method="PUT", path="/v1/orders")], ), base.APIRule( name="order:get", check_str=("True:%(enforce_new_defaults)s and rule:order_project_member"), description="Retrieves an orders metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/orders/{order-id}"}], + operations=[Operation(method="GET", path="/v1/orders/{order-id}")], ), base.APIRule( name="order:delete", check_str=("True:%(enforce_new_defaults)s and rule:order_project_member"), description="Deletes an order.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/orders/{order-id}"}], + operations=[Operation(method="DELETE", path="/v1/orders/{order-id}")], ), base.APIRule( name="quotas:get", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="List quotas for the project the user belongs to.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quotas"}], + operations=[Operation(method="GET", path="/v1/quotas")], ), base.APIRule( name="project_quotas:get", check_str=("True:%(enforce_new_defaults)s and rule:system_reader"), description="List quotas for the specified project.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v1/project-quotas"}, {"method": "GET", "path": "/v1/project-quotas/{uuid}"}], + operations=[Operation(method="GET", path="/v1/project-quotas"), Operation(method="GET", path="/v1/project-quotas/{uuid}")], ), base.APIRule( name="project_quotas:put", check_str=("True:%(enforce_new_defaults)s and rule:system_admin"), description="Create or update the configured project quotas for the project with the specified UUID.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v1/project-quotas/{uuid}"}], + operations=[Operation(method="PUT", path="/v1/project-quotas/{uuid}")], ), base.APIRule( name="project_quotas:delete", check_str=("True:%(enforce_new_defaults)s and rule:system_admin"), description="Delete the project quotas configuration for the project with the requested UUID.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v1/quotas}"}], + operations=[Operation(method="DELETE", path="/v1/quotas}")], ), base.APIRule( name="secret_meta:get", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="metadata/: Lists a secrets user-defined metadata. || metadata/{key}: Retrieves a secrets user-added metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}/metadata"}, {"method": "GET", "path": "/v1/secrets/{secret-id}/metadata/{meta-key}"}], + operations=[Operation(method="GET", path="/v1/secrets/{secret-id}/metadata"), Operation(method="GET", path="/v1/secrets/{secret-id}/metadata/{meta-key}")], ), base.APIRule( name="secret_meta:post", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Adds a new key/value pair to the secrets user-defined metadata.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/secrets/{secret-id}/metadata/{meta-key}"}], + operations=[Operation(method="POST", path="/v1/secrets/{secret-id}/metadata/{meta-key}")], ), base.APIRule( name="secret_meta:put", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="metadata/: Sets the user-defined metadata for a secret || metadata/{key}: Updates an existing key/value pair in the secrets user-defined metadata.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}/metadata"}, {"method": "PUT", "path": "/v1/secrets/{secret-id}/metadata/{meta-key}"}], + operations=[Operation(method="PUT", path="/v1/secrets/{secret-id}/metadata"), Operation(method="PUT", path="/v1/secrets/{secret-id}/metadata/{meta-key}")], ), base.APIRule( name="secret_meta:delete", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Delete secret user-defined metadata by key.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}/metadata/{meta-key}"}], + operations=[Operation(method="DELETE", path="/v1/secrets/{secret-id}/metadata/{meta-key}")], ), base.APIRule( name="secret:decrypt", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="Retrieve a secrets payload.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/secrets/{uuid}/payload"}], + operations=[Operation(method="GET", path="/v1/secrets/{uuid}/payload")], ), base.APIRule( name="secret:get", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private) or rule:secret_acl_read)"), description="Retrieves a secrets metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/secrets/{secret-id}"}], + operations=[Operation(method="GET", path="/v1/secrets/{secret-id}")], ), base.APIRule( name="secret:put", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Add the payload to an existing metadata-only secret.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/secrets/{secret-id}"}], + operations=[Operation(method="PUT", path="/v1/secrets/{secret-id}")], ), base.APIRule( name="secret:delete", check_str=("True:%(enforce_new_defaults)s and (rule:secret_project_admin or (rule:secret_project_member and rule:secret_owner) or (rule:secret_project_member and rule:secret_is_not_private))"), description="Delete a secret by uuid.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/secrets/{secret-id}"}], + operations=[Operation(method="DELETE", path="/v1/secrets/{secret-id}")], ), base.APIRule( name="secrets:post", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Creates a Secret entity.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/secrets"}], + operations=[Operation(method="POST", path="/v1/secrets")], ), base.APIRule( name="secrets:get", check_str=("True:%(enforce_new_defaults)s and (role:member or role:_member_)"), description="Lists a projects secrets.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/secrets"}], + operations=[Operation(method="GET", path="/v1/secrets")], ), base.APIRule( name="secretstores:get", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get list of available secret store backends.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/secret-stores"}], + operations=[Operation(method="GET", path="/v1/secret-stores")], ), base.APIRule( name="secretstores:get_global_default", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get a reference to the secret store that is used as default secret store backend for the deployment.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/secret-stores/global-default"}], + operations=[Operation(method="GET", path="/v1/secret-stores/global-default")], ), base.APIRule( name="secretstores:get_preferred", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get a reference to the preferred secret store if assigned previously.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/secret-stores/preferred"}], + operations=[Operation(method="GET", path="/v1/secret-stores/preferred")], ), base.APIRule( name="secretstore_preferred:post", check_str=("True:%(enforce_new_defaults)s and role:admin"), description="Set a secret store backend to be preferred store backend for their project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/secret-stores/{ss-id}/preferred"}], + operations=[Operation(method="POST", path="/v1/secret-stores/{ss-id}/preferred")], ), base.APIRule( name="secretstore_preferred:delete", check_str=("True:%(enforce_new_defaults)s and role:admin"), description="Remove preferred secret store backend setting for their project.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/secret-stores/{ss-id}/preferred"}], + operations=[Operation(method="DELETE", path="/v1/secret-stores/{ss-id}/preferred")], ), base.APIRule( name="secretstore:get", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get details of secret store by its ID.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/secret-stores/{ss-id}"}], + operations=[Operation(method="GET", path="/v1/secret-stores/{ss-id}")], ), base.APIRule( name="transport_key:get", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get a specific transport key.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/transport_keys/{key-id}}"}], + operations=[Operation(method="GET", path="/v1/transport_keys/{key-id}}")], ), base.APIRule( name="transport_key:delete", check_str=("True:%(enforce_new_defaults)s and rule:system_admin"), description="Delete a specific transport key.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v1/transport_keys/{key-id}"}], + operations=[Operation(method="DELETE", path="/v1/transport_keys/{key-id}")], ), base.APIRule( name="transport_keys:get", check_str=("True:%(enforce_new_defaults)s and role:reader"), description="Get a list of all transport keys.", scope_types=["project", "system"], - operations=[{"method": "GET", "path": "/v1/transport_keys"}], + operations=[Operation(method="GET", path="/v1/transport_keys")], ), base.APIRule( name="transport_keys:post", check_str=("True:%(enforce_new_defaults)s and rule:system_admin"), description="Create a new transport key.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v1/transport_keys"}], + operations=[Operation(method="POST", path="/v1/transport_keys")], ), ) diff --git a/skyline_apiserver/policy/manager/base.py b/skyline_apiserver/policy/manager/base.py index fb1325b..68b85a6 100644 --- a/skyline_apiserver/policy/manager/base.py +++ b/skyline_apiserver/policy/manager/base.py @@ -14,10 +14,11 @@ from __future__ import annotations -from typing import List +from typing import Any, List, Optional, Sequence from oslo_policy import _parser from oslo_policy.policy import DocumentedRuleDefault, RuleDefault +from pydantic import BaseModel from skyline_apiserver import schemas @@ -68,7 +69,7 @@ class APIRule(Rule): check_str: str, description: str, scope_types: List[str], - operations: List[schemas.Operation], + operations: Optional[Sequence[Any]] = None, basic_check_str: str = "", ) -> None: super().__init__(name, check_str, description, basic_check_str) @@ -76,13 +77,16 @@ class APIRule(Rule): schemas.ScopeTypesSchema.parse_obj(scope_types) self.scope_types = scope_types - schemas.OperationsSchema.parse_obj(operations) - self.operations = operations + # for Pydantic 2.x, automatically convert Operation instances to dict + if operations and isinstance(operations[0], BaseModel): + operations = [op.model_dump() for op in operations] + self.operations: schemas.OperationsSchema = schemas.OperationsSchema.model_validate( + operations + ) def format_into_yaml(self) -> str: op_list = [ - f'# {operation.get("method"):8}{operation.get("path")}\n' - for operation in self.operations + f"# {operation.method:8}{operation.path}\n" for operation in self.operations.root ] op = "".join(op_list) scope = f"# Intended scope(s): {self.scope_types}\n" @@ -92,6 +96,17 @@ class APIRule(Rule): return text + def to_dict(self): + return { + "name": getattr(self, "name", None), + "description": getattr(self, "description", None), + "scope_types": getattr(self, "scope_types", None), + "operations": self.operations.model_dump() if hasattr(self, "operations") else None, + } + + def __repr__(self): + return f"APIRule({self.to_dict()})" + @classmethod def from_oslo(cls, rule: DocumentedRuleDefault): description = rule.description or "" diff --git a/skyline_apiserver/policy/manager/cinder.py b/skyline_apiserver/policy/manager/cinder.py index 0a883de..9911690 100644 --- a/skyline_apiserver/policy/manager/cinder.py +++ b/skyline_apiserver/policy/manager/cinder.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -58,1113 +60,1113 @@ list_rules = ( check_str=("rule:xena_system_admin_or_project_member"), description="Create attachment.", scope_types=["project"], - operations=[{"method": "POST", "path": "/attachments"}], + operations=[Operation(method="POST", path="/attachments")], ), base.APIRule( name="volume:attachment_update", check_str=("rule:xena_system_admin_or_project_member"), description="Update attachment.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/attachments/{attachment_id}"}], + operations=[Operation(method="PUT", path="/attachments/{attachment_id}")], ), base.APIRule( name="volume:attachment_delete", check_str=("rule:xena_system_admin_or_project_member"), description="Delete attachment.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/attachments/{attachment_id}"}], + operations=[Operation(method="DELETE", path="/attachments/{attachment_id}")], ), base.APIRule( name="volume:attachment_complete", check_str=("rule:xena_system_admin_or_project_member"), description="Mark a volume attachment process as completed (in-use)", scope_types=["project"], - operations=[{"method": "POST", "path": "/attachments/{attachment_id}/action (os-complete)"}], + operations=[Operation(method="POST", path="/attachments/{attachment_id}/action (os-complete)")], ), base.APIRule( name="volume:multiattach_bootable_volume", check_str=("rule:xena_system_admin_or_project_member"), description="Allow multiattach of bootable volumes.", scope_types=["project"], - operations=[{"method": "POST", "path": "/attachments"}], + operations=[Operation(method="POST", path="/attachments")], ), base.APIRule( name="message:get_all", check_str=("rule:xena_system_admin_or_project_reader"), description="List messages.", scope_types=["project"], - operations=[{"method": "GET", "path": "/messages"}], + operations=[Operation(method="GET", path="/messages")], ), base.APIRule( name="message:get", check_str=("rule:xena_system_admin_or_project_reader"), description="Show message.", scope_types=["project"], - operations=[{"method": "GET", "path": "/messages/{message_id}"}], + operations=[Operation(method="GET", path="/messages/{message_id}")], ), base.APIRule( name="message:delete", check_str=("rule:xena_system_admin_or_project_member"), description="Delete message.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/messages/{message_id}"}], + operations=[Operation(method="DELETE", path="/messages/{message_id}")], ), base.APIRule( name="clusters:get_all", check_str=("rule:admin_api"), description="List clusters.", scope_types=["project"], - operations=[{"method": "GET", "path": "/clusters"}, {"method": "GET", "path": "/clusters/detail"}], + operations=[Operation(method="GET", path="/clusters"), Operation(method="GET", path="/clusters/detail")], ), base.APIRule( name="clusters:get", check_str=("rule:admin_api"), description="Show cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/clusters/{cluster_id}"}], + operations=[Operation(method="GET", path="/clusters/{cluster_id}")], ), base.APIRule( name="clusters:update", check_str=("rule:admin_api"), description="Update cluster.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/clusters/{cluster_id}"}], + operations=[Operation(method="PUT", path="/clusters/{cluster_id}")], ), base.APIRule( name="workers:cleanup", check_str=("rule:admin_api"), description="Clean up workers.", scope_types=["project"], - operations=[{"method": "POST", "path": "/workers/cleanup"}], + operations=[Operation(method="POST", path="/workers/cleanup")], ), base.APIRule( name="volume:get_snapshot_metadata", check_str=("rule:xena_system_admin_or_project_reader"), description="Show snapshot's metadata or one specified metadata with a given key.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}/metadata"}, {"method": "GET", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/metadata"), Operation(method="GET", path="/snapshots/{snapshot_id}/metadata/{key}")], ), base.APIRule( name="volume:update_snapshot_metadata", check_str=("rule:xena_system_admin_or_project_member"), description="Update snapshot's metadata or one specified metadata with a given key.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/metadata"}, {"method": "PUT", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/metadata"), Operation(method="PUT", path="/snapshots/{snapshot_id}/metadata/{key}")], ), base.APIRule( name="volume:delete_snapshot_metadata", check_str=("rule:xena_system_admin_or_project_member"), description="Delete snapshot's specified metadata with a given key.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}/metadata/{key}")], ), base.APIRule( name="volume:get_all_snapshots", check_str=("rule:xena_system_admin_or_project_reader"), description="List snapshots.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots"}, {"method": "GET", "path": "/snapshots/detail"}], + operations=[Operation(method="GET", path="/snapshots"), Operation(method="GET", path="/snapshots/detail")], ), base.APIRule( name="volume_extension:extended_snapshot_attributes", check_str=("rule:xena_system_admin_or_project_reader"), description="List or show snapshots with extended attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}"}, {"method": "GET", "path": "/snapshots/detail"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}"), Operation(method="GET", path="/snapshots/detail")], ), base.APIRule( name="volume:create_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Create snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots"}], + operations=[Operation(method="POST", path="/snapshots")], ), base.APIRule( name="volume:get_snapshot", check_str=("rule:xena_system_admin_or_project_reader"), description="Show snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="volume:update_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Update snapshot.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="PUT", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="volume:delete_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Delete snapshot.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="volume_extension:snapshot_admin_actions:reset_status", check_str=("rule:admin_api"), description="Reset status of a snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-reset_status)"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action (os-reset_status)")], ), base.APIRule( name="snapshot_extension:snapshot_actions:update_snapshot_status", check_str=("rule:xena_system_admin_or_project_member"), description="Update database fields of snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action (update_snapshot_status)"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action (update_snapshot_status)")], ), base.APIRule( name="volume_extension:snapshot_admin_actions:force_delete", check_str=("rule:admin_api"), description="Force delete a snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-force_delete)"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action (os-force_delete)")], ), base.APIRule( name="snapshot_extension:list_manageable", check_str=("rule:admin_api"), description="List (in detail) of snapshots which are available to manage.", scope_types=["project"], - operations=[{"method": "GET", "path": "/manageable_snapshots"}, {"method": "GET", "path": "/manageable_snapshots/detail"}], + operations=[Operation(method="GET", path="/manageable_snapshots"), Operation(method="GET", path="/manageable_snapshots/detail")], ), base.APIRule( name="snapshot_extension:snapshot_manage", check_str=("rule:admin_api"), description="Manage an existing snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/manageable_snapshots"}], + operations=[Operation(method="POST", path="/manageable_snapshots")], ), base.APIRule( name="snapshot_extension:snapshot_unmanage", check_str=("rule:admin_api"), description="Stop managing a snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action (os-unmanage)"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action (os-unmanage)")], ), base.APIRule( name="backup:get_all", check_str=("rule:xena_system_admin_or_project_reader"), description="List backups.", scope_types=["project"], - operations=[{"method": "GET", "path": "/backups"}, {"method": "GET", "path": "/backups/detail"}], + operations=[Operation(method="GET", path="/backups"), Operation(method="GET", path="/backups/detail")], ), base.APIRule( name="backup:backup_project_attribute", check_str=("rule:admin_api"), description="List backups or show backup with project attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/backups/{backup_id}"}, {"method": "GET", "path": "/backups/detail"}], + operations=[Operation(method="GET", path="/backups/{backup_id}"), Operation(method="GET", path="/backups/detail")], ), base.APIRule( name="backup:create", check_str=("rule:xena_system_admin_or_project_member"), description="Create backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups"}], + operations=[Operation(method="POST", path="/backups")], ), base.APIRule( name="backup:get", check_str=("rule:xena_system_admin_or_project_reader"), description="Show backup.", scope_types=["project"], - operations=[{"method": "GET", "path": "/backups/{backup_id}"}], + operations=[Operation(method="GET", path="/backups/{backup_id}")], ), base.APIRule( name="backup:update", check_str=("rule:xena_system_admin_or_project_member"), description="Update backup.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/backups/{backup_id}"}], + operations=[Operation(method="PUT", path="/backups/{backup_id}")], ), base.APIRule( name="backup:delete", check_str=("rule:xena_system_admin_or_project_member"), description="Delete backup.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/backups/{backup_id}"}], + operations=[Operation(method="DELETE", path="/backups/{backup_id}")], ), base.APIRule( name="backup:restore", check_str=("rule:xena_system_admin_or_project_member"), description="Restore backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups/{backup_id}/restore"}], + operations=[Operation(method="POST", path="/backups/{backup_id}/restore")], ), base.APIRule( name="backup:backup-import", check_str=("rule:admin_api"), description="Import backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups/{backup_id}/import_record"}], + operations=[Operation(method="POST", path="/backups/{backup_id}/import_record")], ), base.APIRule( name="backup:export-import", check_str=("rule:admin_api"), description="Export backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups/{backup_id}/export_record"}], + operations=[Operation(method="POST", path="/backups/{backup_id}/export_record")], ), base.APIRule( name="volume_extension:backup_admin_actions:reset_status", check_str=("rule:admin_api"), description="Reset status of a backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups/{backup_id}/action (os-reset_status)"}], + operations=[Operation(method="POST", path="/backups/{backup_id}/action (os-reset_status)")], ), base.APIRule( name="volume_extension:backup_admin_actions:force_delete", check_str=("rule:admin_api"), description="Force delete a backup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/backups/{backup_id}/action (os-force_delete)"}], + operations=[Operation(method="POST", path="/backups/{backup_id}/action (os-force_delete)")], ), base.APIRule( name="group:get_all", check_str=("rule:xena_system_admin_or_project_reader"), description="List groups.", scope_types=["project"], - operations=[{"method": "GET", "path": "/groups"}, {"method": "GET", "path": "/groups/detail"}], + operations=[Operation(method="GET", path="/groups"), Operation(method="GET", path="/groups/detail")], ), base.APIRule( name="group:create", check_str=("rule:xena_system_admin_or_project_member"), description="Create group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups"}], + operations=[Operation(method="POST", path="/groups")], ), base.APIRule( name="group:get", check_str=("rule:xena_system_admin_or_project_reader"), description="Show group.", scope_types=["project"], - operations=[{"method": "GET", "path": "/groups/{group_id}"}], + operations=[Operation(method="GET", path="/groups/{group_id}")], ), base.APIRule( name="group:update", check_str=("rule:xena_system_admin_or_project_member"), description="Update group.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/groups/{group_id}"}], + operations=[Operation(method="PUT", path="/groups/{group_id}")], ), base.APIRule( name="group:group_project_attribute", check_str=("rule:admin_api"), description="List groups or show group with project attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/groups/{group_id}"}, {"method": "GET", "path": "/groups/detail"}], + operations=[Operation(method="GET", path="/groups/{group_id}"), Operation(method="GET", path="/groups/detail")], ), base.APIRule( name="group:group_types:create", check_str=("rule:admin_api"), description="Create a group type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/group_types/"}], + operations=[Operation(method="POST", path="/group_types/")], ), base.APIRule( name="group:group_types:update", check_str=("rule:admin_api"), description="Update a group type.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/group_types/{group_type_id}"}], + operations=[Operation(method="PUT", path="/group_types/{group_type_id}")], ), base.APIRule( name="group:group_types:delete", check_str=("rule:admin_api"), description="Delete a group type.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/group_types/{group_type_id}"}], + operations=[Operation(method="DELETE", path="/group_types/{group_type_id}")], ), base.APIRule( name="group:access_group_types_specs", check_str=("rule:admin_api"), description="Show group type with type specs attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_types/{group_type_id}"}], + operations=[Operation(method="GET", path="/group_types/{group_type_id}")], ), base.APIRule( name="group:group_types_specs:get", check_str=("rule:admin_api"), description="Show a group type spec.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_types/{group_type_id}/group_specs/{g_spec_id}"}], + operations=[Operation(method="GET", path="/group_types/{group_type_id}/group_specs/{g_spec_id}")], ), base.APIRule( name="group:group_types_specs:get_all", check_str=("rule:admin_api"), description="List group type specs.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_types/{group_type_id}/group_specs"}], + operations=[Operation(method="GET", path="/group_types/{group_type_id}/group_specs")], ), base.APIRule( name="group:group_types_specs:create", check_str=("rule:admin_api"), description="Create a group type spec.", scope_types=["project"], - operations=[{"method": "POST", "path": "/group_types/{group_type_id}/group_specs"}], + operations=[Operation(method="POST", path="/group_types/{group_type_id}/group_specs")], ), base.APIRule( name="group:group_types_specs:update", check_str=("rule:admin_api"), description="Update a group type spec.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/group_types/{group_type_id}/group_specs/{g_spec_id}"}], + operations=[Operation(method="PUT", path="/group_types/{group_type_id}/group_specs/{g_spec_id}")], ), base.APIRule( name="group:group_types_specs:delete", check_str=("rule:admin_api"), description="Delete a group type spec.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/group_types/{group_type_id}/group_specs/{g_spec_id}"}], + operations=[Operation(method="DELETE", path="/group_types/{group_type_id}/group_specs/{g_spec_id}")], ), base.APIRule( name="group:get_all_group_snapshots", check_str=("rule:xena_system_admin_or_project_reader"), description="List group snapshots.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_snapshots"}, {"method": "GET", "path": "/group_snapshots/detail"}], + operations=[Operation(method="GET", path="/group_snapshots"), Operation(method="GET", path="/group_snapshots/detail")], ), base.APIRule( name="group:create_group_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Create group snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/group_snapshots"}], + operations=[Operation(method="POST", path="/group_snapshots")], ), base.APIRule( name="group:get_group_snapshot", check_str=("rule:xena_system_admin_or_project_reader"), description="Show group snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_snapshots/{group_snapshot_id}"}], + operations=[Operation(method="GET", path="/group_snapshots/{group_snapshot_id}")], ), base.APIRule( name="group:delete_group_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Delete group snapshot.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/group_snapshots/{group_snapshot_id}"}], + operations=[Operation(method="DELETE", path="/group_snapshots/{group_snapshot_id}")], ), base.APIRule( name="group:update_group_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Update group snapshot.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/group_snapshots/{group_snapshot_id}"}], + operations=[Operation(method="PUT", path="/group_snapshots/{group_snapshot_id}")], ), base.APIRule( name="group:group_snapshot_project_attribute", check_str=("rule:admin_api"), description="List group snapshots or show group snapshot with project attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/group_snapshots/{group_snapshot_id}"}, {"method": "GET", "path": "/group_snapshots/detail"}], + operations=[Operation(method="GET", path="/group_snapshots/{group_snapshot_id}"), Operation(method="GET", path="/group_snapshots/detail")], ), base.APIRule( name="group:reset_group_snapshot_status", check_str=("rule:admin_api"), description="Reset status of group snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/group_snapshots/{g_snapshot_id}/action (reset_status)"}], + operations=[Operation(method="POST", path="/group_snapshots/{g_snapshot_id}/action (reset_status)")], ), base.APIRule( name="group:delete", check_str=("rule:xena_system_admin_or_project_member"), description="Delete group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (delete)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (delete)")], ), base.APIRule( name="group:reset_status", check_str=("rule:admin_api"), description="Reset status of group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (reset_status)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (reset_status)")], ), base.APIRule( name="group:enable_replication", check_str=("rule:xena_system_admin_or_project_member"), description="Enable replication.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (enable_replication)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (enable_replication)")], ), base.APIRule( name="group:disable_replication", check_str=("rule:xena_system_admin_or_project_member"), description="Disable replication.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (disable_replication)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (disable_replication)")], ), base.APIRule( name="group:failover_replication", check_str=("rule:xena_system_admin_or_project_member"), description="Fail over replication.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (failover_replication)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (failover_replication)")], ), base.APIRule( name="group:list_replication_targets", check_str=("rule:xena_system_admin_or_project_member"), description="List failover replication.", scope_types=["project"], - operations=[{"method": "POST", "path": "/groups/{group_id}/action (list_replication_targets)"}], + operations=[Operation(method="POST", path="/groups/{group_id}/action (list_replication_targets)")], ), base.APIRule( name="volume_extension:qos_specs_manage:get_all", check_str=("rule:admin_api"), description="List qos specs or list all associations.", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos-specs"}, {"method": "GET", "path": "/qos-specs/{qos_id}/associations"}], + operations=[Operation(method="GET", path="/qos-specs"), Operation(method="GET", path="/qos-specs/{qos_id}/associations")], ), base.APIRule( name="volume_extension:qos_specs_manage:get", check_str=("rule:admin_api"), description="Show qos specs.", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos-specs/{qos_id}"}], + operations=[Operation(method="GET", path="/qos-specs/{qos_id}")], ), base.APIRule( name="volume_extension:qos_specs_manage:create", check_str=("rule:admin_api"), description="Create qos specs.", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos-specs"}], + operations=[Operation(method="POST", path="/qos-specs")], ), base.APIRule( name="volume_extension:qos_specs_manage:update", check_str=("rule:admin_api"), description="Update qos specs (including updating association).", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos-specs/{qos_id}"}, {"method": "GET", "path": "/qos-specs/{qos_id}/disassociate_all"}, {"method": "GET", "path": "/qos-specs/{qos_id}/associate"}, {"method": "GET", "path": "/qos-specs/{qos_id}/disassociate"}], + operations=[Operation(method="PUT", path="/qos-specs/{qos_id}"), Operation(method="GET", path="/qos-specs/{qos_id}/disassociate_all"), Operation(method="GET", path="/qos-specs/{qos_id}/associate"), Operation(method="GET", path="/qos-specs/{qos_id}/disassociate")], ), base.APIRule( name="volume_extension:qos_specs_manage:delete", check_str=("rule:admin_api"), description="delete qos specs or unset one specified qos key.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos-specs/{qos_id}"}, {"method": "PUT", "path": "/qos-specs/{qos_id}/delete_keys"}], + operations=[Operation(method="DELETE", path="/qos-specs/{qos_id}"), Operation(method="PUT", path="/qos-specs/{qos_id}/delete_keys")], ), base.APIRule( name="volume_extension:quota_classes:get", check_str=("rule:admin_api"), description="Show project quota class.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-class-sets/{project_id}"}], + operations=[Operation(method="GET", path="/os-quota-class-sets/{project_id}")], ), base.APIRule( name="volume_extension:quota_classes:update", check_str=("rule:admin_api"), description="Update project quota class.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-quota-class-sets/{project_id}"}], + operations=[Operation(method="PUT", path="/os-quota-class-sets/{project_id}")], ), base.APIRule( name="volume_extension:quotas:show", check_str=("rule:xena_system_admin_or_project_reader"), description="Show project quota (including usage and default).", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-sets/{project_id}"}, {"method": "GET", "path": "/os-quota-sets/{project_id}/default"}, {"method": "GET", "path": "/os-quota-sets/{project_id}?usage=True"}], + operations=[Operation(method="GET", path="/os-quota-sets/{project_id}"), Operation(method="GET", path="/os-quota-sets/{project_id}/default"), Operation(method="GET", path="/os-quota-sets/{project_id}?usage=True")], ), base.APIRule( name="volume_extension:quotas:update", check_str=("rule:admin_api"), description="Update project quota.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-quota-sets/{project_id}"}], + operations=[Operation(method="PUT", path="/os-quota-sets/{project_id}")], ), base.APIRule( name="volume_extension:quotas:delete", check_str=("rule:admin_api"), description="Delete project quota.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-quota-sets/{project_id}"}], + operations=[Operation(method="DELETE", path="/os-quota-sets/{project_id}")], ), base.APIRule( name="volume_extension:capabilities", check_str=("rule:admin_api"), description="Show backend capabilities.", scope_types=["project"], - operations=[{"method": "GET", "path": "/capabilities/{host_name}"}], + operations=[Operation(method="GET", path="/capabilities/{host_name}")], ), base.APIRule( name="volume_extension:services:index", check_str=("rule:admin_api"), description="List all services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-services"}], + operations=[Operation(method="GET", path="/os-services")], ), base.APIRule( name="volume_extension:services:update", check_str=("rule:admin_api"), description="Update service, including failover_host, thaw, freeze, disable, enable, set-log and get-log actions.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/{action}"}], + operations=[Operation(method="PUT", path="/os-services/{action}")], ), base.APIRule( name="volume:freeze_host", check_str=("rule:admin_api"), description="Freeze a backend host.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/freeze"}], + operations=[Operation(method="PUT", path="/os-services/freeze")], ), base.APIRule( name="volume:thaw_host", check_str=("rule:admin_api"), description="Thaw a backend host.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/thaw"}], + operations=[Operation(method="PUT", path="/os-services/thaw")], ), base.APIRule( name="volume:failover_host", check_str=("rule:admin_api"), description="Failover a backend host.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/failover_host"}], + operations=[Operation(method="PUT", path="/os-services/failover_host")], ), base.APIRule( name="scheduler_extension:scheduler_stats:get_pools", check_str=("rule:admin_api"), description="List all backend pools.", scope_types=["project"], - operations=[{"method": "GET", "path": "/scheduler-stats/get_pools"}], + operations=[Operation(method="GET", path="/scheduler-stats/get_pools")], ), base.APIRule( name="volume_extension:hosts", check_str=("rule:admin_api"), description="List, update or show hosts for a project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts"}, {"method": "PUT", "path": "/os-hosts/{host_name}"}, {"method": "GET", "path": "/os-hosts/{host_id}"}], + operations=[Operation(method="GET", path="/os-hosts"), Operation(method="PUT", path="/os-hosts/{host_name}"), Operation(method="GET", path="/os-hosts/{host_id}")], ), base.APIRule( name="limits_extension:used_limits", check_str=("rule:xena_system_admin_or_project_reader"), description="Show limits with used limit attributes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/limits"}], + operations=[Operation(method="GET", path="/limits")], ), base.APIRule( name="volume_extension:list_manageable", check_str=("rule:admin_api"), description="List (in detail) of volumes which are available to manage.", scope_types=["project"], - operations=[{"method": "GET", "path": "/manageable_volumes"}, {"method": "GET", "path": "/manageable_volumes/detail"}], + operations=[Operation(method="GET", path="/manageable_volumes"), Operation(method="GET", path="/manageable_volumes/detail")], ), base.APIRule( name="volume_extension:volume_manage", check_str=("rule:admin_api"), description="Manage existing volumes.", scope_types=["project"], - operations=[{"method": "POST", "path": "/manageable_volumes"}], + operations=[Operation(method="POST", path="/manageable_volumes")], ), base.APIRule( name="volume_extension:volume_unmanage", check_str=("rule:admin_api"), description="Stop managing a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-unmanage)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-unmanage)")], ), base.APIRule( name="volume_extension:type_create", check_str=("rule:admin_api"), description="Create volume type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types"}], + operations=[Operation(method="POST", path="/types")], ), base.APIRule( name="volume_extension:type_update", check_str=("rule:admin_api"), description="Update volume type.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/types"}], + operations=[Operation(method="PUT", path="/types")], ), base.APIRule( name="volume_extension:type_delete", check_str=("rule:admin_api"), description="Delete volume type.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/types"}], + operations=[Operation(method="DELETE", path="/types")], ), base.APIRule( name="volume_extension:type_get", check_str=("rule:xena_system_admin_or_project_reader"), description="Get one specific volume type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}"}], + operations=[Operation(method="GET", path="/types/{type_id}")], ), base.APIRule( name="volume_extension:type_get_all", check_str=("rule:xena_system_admin_or_project_reader"), description="List volume types.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/"}], + operations=[Operation(method="GET", path="/types/")], ), base.APIRule( name="volume_extension:access_types_extra_specs", check_str=("rule:xena_system_admin_or_project_reader"), description="Include the volume type's extra_specs attribute in the volume type list or show requests. The ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}"}, {"method": "GET", "path": "/types"}], + operations=[Operation(method="GET", path="/types/{type_id}"), Operation(method="GET", path="/types")], ), base.APIRule( name="volume_extension:access_types_qos_specs_id", check_str=("rule:admin_api"), description="Include the volume type's QoS specifications ID attribute in the volume type list or show requests. The ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}"}, {"method": "GET", "path": "/types"}], + operations=[Operation(method="GET", path="/types/{type_id}"), Operation(method="GET", path="/types")], ), base.APIRule( name="volume_extension:volume_type_encryption:create", check_str=("rule:admin_api"), description="Create volume type encryption.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{type_id}/encryption"}], + operations=[Operation(method="POST", path="/types/{type_id}/encryption")], ), base.APIRule( name="volume_extension:volume_type_encryption:get", check_str=("rule:admin_api"), description="Show a volume type's encryption type, show an encryption specs item.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}/encryption"}, {"method": "GET", "path": "/types/{type_id}/encryption/{key}"}], + operations=[Operation(method="GET", path="/types/{type_id}/encryption"), Operation(method="GET", path="/types/{type_id}/encryption/{key}")], ), base.APIRule( name="volume_extension:volume_type_encryption:update", check_str=("rule:admin_api"), description="Update volume type encryption.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/types/{type_id}/encryption/{encryption_id}"}], + operations=[Operation(method="PUT", path="/types/{type_id}/encryption/{encryption_id}")], ), base.APIRule( name="volume_extension:volume_type_encryption:delete", check_str=("rule:admin_api"), description="Delete volume type encryption.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/types/{type_id}/encryption/{encryption_id}"}], + operations=[Operation(method="DELETE", path="/types/{type_id}/encryption/{encryption_id}")], ), base.APIRule( name="volume_extension:volume_type_access", check_str=("rule:xena_system_admin_or_project_member"), description="Adds the boolean field 'os-volume-type-access:is_public' to the responses for these API calls. The ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types"}, {"method": "GET", "path": "/types/{type_id}"}, {"method": "POST", "path": "/types"}], + operations=[Operation(method="GET", path="/types"), Operation(method="GET", path="/types/{type_id}"), Operation(method="POST", path="/types")], ), base.APIRule( name="volume_extension:volume_type_access:addProjectAccess", check_str=("rule:admin_api"), description="Add volume type access for project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{type_id}/action (addProjectAccess)"}], + operations=[Operation(method="POST", path="/types/{type_id}/action (addProjectAccess)")], ), base.APIRule( name="volume_extension:volume_type_access:removeProjectAccess", check_str=("rule:admin_api"), description="Remove volume type access for project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{type_id}/action (removeProjectAccess)"}], + operations=[Operation(method="POST", path="/types/{type_id}/action (removeProjectAccess)")], ), base.APIRule( name="volume_extension:volume_type_access:get_all_for_type", check_str=("rule:admin_api"), description="List private volume type access detail, that is, list the projects that have access to this volume type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}/os-volume-type-access"}], + operations=[Operation(method="GET", path="/types/{type_id}/os-volume-type-access")], ), base.APIRule( name="volume:extend", check_str=("rule:xena_system_admin_or_project_member"), description="Extend a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-extend)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-extend)")], ), base.APIRule( name="volume:extend_attached_volume", check_str=("rule:xena_system_admin_or_project_member"), description="Extend a attached volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-extend)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-extend)")], ), base.APIRule( name="volume:revert_to_snapshot", check_str=("rule:xena_system_admin_or_project_member"), description="Revert a volume to a snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (revert)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (revert)")], ), base.APIRule( name="volume_extension:volume_admin_actions:reset_status", check_str=("rule:admin_api"), description="Reset status of a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reset_status)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-reset_status)")], ), base.APIRule( name="volume:retype", check_str=("rule:xena_system_admin_or_project_member"), description="Retype a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-retype)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-retype)")], ), base.APIRule( name="volume:update_readonly_flag", check_str=("rule:xena_system_admin_or_project_member"), description="Update a volume's readonly flag.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-update_readonly_flag)")], ), base.APIRule( name="volume_extension:volume_admin_actions:force_delete", check_str=("rule:admin_api"), description="Force delete a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-force_delete)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-force_delete)")], ), base.APIRule( name="volume_extension:volume_actions:upload_public", check_str=("rule:admin_api"), description="Upload a volume to image with public visibility.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-volume_upload_image)")], ), base.APIRule( name="volume_extension:volume_actions:upload_image", check_str=("rule:xena_system_admin_or_project_member"), description="Upload a volume to image.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-volume_upload_image)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-volume_upload_image)")], ), base.APIRule( name="volume_extension:volume_admin_actions:force_detach", check_str=("rule:admin_api"), description="Force detach a volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-force_detach)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-force_detach)")], ), base.APIRule( name="volume_extension:volume_admin_actions:migrate_volume", check_str=("rule:admin_api"), description="migrate a volume to a specified host.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-migrate_volume)")], ), base.APIRule( name="volume_extension:volume_admin_actions:migrate_volume_completion", check_str=("rule:admin_api"), description="Complete a volume migration.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-migrate_volume_completion)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-migrate_volume_completion)")], ), base.APIRule( name="volume_extension:volume_actions:initialize_connection", check_str=("rule:xena_system_admin_or_project_member"), description="Initialize volume attachment.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-initialize_connection)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-initialize_connection)")], ), base.APIRule( name="volume_extension:volume_actions:terminate_connection", check_str=("rule:xena_system_admin_or_project_member"), description="Terminate volume attachment.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-terminate_connection)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-terminate_connection)")], ), base.APIRule( name="volume_extension:volume_actions:roll_detaching", check_str=("rule:xena_system_admin_or_project_member"), description="Roll back volume status to 'in-use'.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-roll_detaching)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-roll_detaching)")], ), base.APIRule( name="volume_extension:volume_actions:reserve", check_str=("rule:xena_system_admin_or_project_member"), description="Mark volume as reserved.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reserve)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-reserve)")], ), base.APIRule( name="volume_extension:volume_actions:unreserve", check_str=("rule:xena_system_admin_or_project_member"), description="Unmark volume as reserved.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-unreserve)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-unreserve)")], ), base.APIRule( name="volume_extension:volume_actions:begin_detaching", check_str=("rule:xena_system_admin_or_project_member"), description="Begin detach volumes.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-begin_detaching)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-begin_detaching)")], ), base.APIRule( name="volume_extension:volume_actions:attach", check_str=("rule:xena_system_admin_or_project_member"), description="Add attachment metadata.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-attach)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-attach)")], ), base.APIRule( name="volume_extension:volume_actions:detach", check_str=("rule:xena_system_admin_or_project_member"), description="Clear attachment metadata.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-detach)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-detach)")], ), base.APIRule( name="volume:reimage", check_str=("rule:xena_system_admin_or_project_member"), description="Reimage a volume in 'available' or 'error' status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reimage)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-reimage)")], ), base.APIRule( name="volume:reimage_reserved", check_str=("rule:xena_system_admin_or_project_member"), description="Reimage a volume in 'reserved' status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-reimage)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-reimage)")], ), base.APIRule( name="volume:get_all_transfers", check_str=("rule:xena_system_admin_or_project_reader"), description="List volume transfer.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-volume-transfer"}, {"method": "GET", "path": "/os-volume-transfer/detail"}, {"method": "GET", "path": "/volume_transfers"}, {"method": "GET", "path": "/volume-transfers/detail"}], + operations=[Operation(method="GET", path="/os-volume-transfer"), Operation(method="GET", path="/os-volume-transfer/detail"), Operation(method="GET", path="/volume_transfers"), Operation(method="GET", path="/volume-transfers/detail")], ), base.APIRule( name="volume:create_transfer", check_str=("rule:xena_system_admin_or_project_member"), description="Create a volume transfer.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-volume-transfer"}, {"method": "POST", "path": "/volume_transfers"}], + operations=[Operation(method="POST", path="/os-volume-transfer"), Operation(method="POST", path="/volume_transfers")], ), base.APIRule( name="volume:get_transfer", check_str=("rule:xena_system_admin_or_project_reader"), description="Show one specified volume transfer.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-volume-transfer/{transfer_id}"}, {"method": "GET", "path": "/volume-transfers/{transfer_id}"}], + operations=[Operation(method="GET", path="/os-volume-transfer/{transfer_id}"), Operation(method="GET", path="/volume-transfers/{transfer_id}")], ), base.APIRule( name="volume:accept_transfer", check_str=("rule:xena_system_admin_or_project_member"), description="Accept a volume transfer.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-volume-transfer/{transfer_id}/accept"}, {"method": "POST", "path": "/volume-transfers/{transfer_id}/accept"}], + operations=[Operation(method="POST", path="/os-volume-transfer/{transfer_id}/accept"), Operation(method="POST", path="/volume-transfers/{transfer_id}/accept")], ), base.APIRule( name="volume:delete_transfer", check_str=("rule:xena_system_admin_or_project_member"), description="Delete volume transfer.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-volume-transfer/{transfer_id}"}, {"method": "DELETE", "path": "/volume-transfers/{transfer_id}"}], + operations=[Operation(method="DELETE", path="/os-volume-transfer/{transfer_id}"), Operation(method="DELETE", path="/volume-transfers/{transfer_id}")], ), base.APIRule( name="volume:get_volume_metadata", check_str=("rule:xena_system_admin_or_project_reader"), description="Show volume's metadata or one specified metadata with a given key.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}/metadata"}, {"method": "GET", "path": "/volumes/{volume_id}/metadata/{key}"}, {"method": "POST", "path": "/volumes/{volume_id}/action (os-show_image_metadata)"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}/metadata"), Operation(method="GET", path="/volumes/{volume_id}/metadata/{key}"), Operation(method="POST", path="/volumes/{volume_id}/action (os-show_image_metadata)")], ), base.APIRule( name="volume:create_volume_metadata", check_str=("rule:xena_system_admin_or_project_member"), description="Create volume metadata.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/metadata"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/metadata")], ), base.APIRule( name="volume:update_volume_metadata", check_str=("rule:xena_system_admin_or_project_member"), description="Replace a volume's metadata dictionary or update a single metadatum with a given key.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/volumes/{volume_id}/metadata"}, {"method": "PUT", "path": "/volumes/{volume_id}/metadata/{key}"}], + operations=[Operation(method="PUT", path="/volumes/{volume_id}/metadata"), Operation(method="PUT", path="/volumes/{volume_id}/metadata/{key}")], ), base.APIRule( name="volume:delete_volume_metadata", check_str=("rule:xena_system_admin_or_project_member"), description="Delete a volume's metadatum with the given key.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/volumes/{volume_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/volumes/{volume_id}/metadata/{key}")], ), base.APIRule( name="volume_extension:volume_image_metadata:show", check_str=("rule:xena_system_admin_or_project_reader"), description="Include a volume's image metadata in volume detail responses. The ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/detail"}, {"method": "GET", "path": "/volumes/{volume_id}"}], + operations=[Operation(method="GET", path="/volumes/detail"), Operation(method="GET", path="/volumes/{volume_id}")], ), base.APIRule( name="volume_extension:volume_image_metadata:set", check_str=("rule:xena_system_admin_or_project_member"), description="Set image metadata for a volume", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-set_image_metadata)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-set_image_metadata)")], ), base.APIRule( name="volume_extension:volume_image_metadata:remove", check_str=("rule:xena_system_admin_or_project_member"), description="Remove specific image metadata from a volume", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-unset_image_metadata)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-unset_image_metadata)")], ), base.APIRule( name="volume:update_volume_admin_metadata", check_str=("rule:admin_api"), description="Update volume admin metadata. This permission is required to complete these API calls, though the ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes/{volume_id}/action (os-update_readonly_flag)"}, {"method": "POST", "path": "/volumes/{volume_id}/action (os-attach)"}], + operations=[Operation(method="POST", path="/volumes/{volume_id}/action (os-update_readonly_flag)"), Operation(method="POST", path="/volumes/{volume_id}/action (os-attach)")], ), base.APIRule( name="volume_extension:types_extra_specs:index", check_str=("rule:xena_system_admin_or_project_reader"), description="List type extra specs.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}/extra_specs"}], + operations=[Operation(method="GET", path="/types/{type_id}/extra_specs")], ), base.APIRule( name="volume_extension:types_extra_specs:create", check_str=("rule:admin_api"), description="Create type extra specs.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{type_id}/extra_specs"}], + operations=[Operation(method="POST", path="/types/{type_id}/extra_specs")], ), base.APIRule( name="volume_extension:types_extra_specs:show", check_str=("rule:xena_system_admin_or_project_reader"), description="Show one specified type extra specs.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], + operations=[Operation(method="GET", path="/types/{type_id}/extra_specs/{extra_spec_key}")], ), base.APIRule( name="volume_extension:types_extra_specs:read_sensitive", check_str=("rule:admin_api"), description="Include extra_specs fields that may reveal sensitive information about the deployment that should not be exposed to end users in various volume-type responses that show extra_specs. The ability to make these calls is governed by other policies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types"}, {"method": "GET", "path": "/types/{type_id}"}, {"method": "GET", "path": "/types/{type_id}/extra_specs"}, {"method": "GET", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], + operations=[Operation(method="GET", path="/types"), Operation(method="GET", path="/types/{type_id}"), Operation(method="GET", path="/types/{type_id}/extra_specs"), Operation(method="GET", path="/types/{type_id}/extra_specs/{extra_spec_key}")], ), base.APIRule( name="volume_extension:types_extra_specs:update", check_str=("rule:admin_api"), description="Update type extra specs.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], + operations=[Operation(method="PUT", path="/types/{type_id}/extra_specs/{extra_spec_key}")], ), base.APIRule( name="volume_extension:types_extra_specs:delete", check_str=("rule:admin_api"), description="Delete type extra specs.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/types/{type_id}/extra_specs/{extra_spec_key}"}], + operations=[Operation(method="DELETE", path="/types/{type_id}/extra_specs/{extra_spec_key}")], ), base.APIRule( name="volume:create", check_str=("rule:xena_system_admin_or_project_member"), description="Create volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes"}], + operations=[Operation(method="POST", path="/volumes")], ), base.APIRule( name="volume:create_from_image", check_str=("rule:xena_system_admin_or_project_member"), description="Create volume from image.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes"}], + operations=[Operation(method="POST", path="/volumes")], ), base.APIRule( name="volume:get", check_str=("rule:xena_system_admin_or_project_reader"), description="Show volume.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}")], ), base.APIRule( name="volume:get_all", check_str=("rule:xena_system_admin_or_project_reader"), description="List volumes or get summary of volumes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes"}, {"method": "GET", "path": "/volumes/detail"}, {"method": "GET", "path": "/volumes/summary"}], + operations=[Operation(method="GET", path="/volumes"), Operation(method="GET", path="/volumes/detail"), Operation(method="GET", path="/volumes/summary")], ), base.APIRule( name="volume:update", check_str=("rule:xena_system_admin_or_project_member"), description="Update volume or update a volume's bootable status.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/volumes"}, {"method": "POST", "path": "/volumes/{volume_id}/action (os-set_bootable)"}], + operations=[Operation(method="PUT", path="/volumes"), Operation(method="POST", path="/volumes/{volume_id}/action (os-set_bootable)")], ), base.APIRule( name="volume:delete", check_str=("rule:xena_system_admin_or_project_member"), description="Delete volume.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/volumes/{volume_id}"}], + operations=[Operation(method="DELETE", path="/volumes/{volume_id}")], ), base.APIRule( name="volume:force_delete", check_str=("rule:admin_api"), description="Force Delete a volume.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/volumes/{volume_id}"}], + operations=[Operation(method="DELETE", path="/volumes/{volume_id}")], ), base.APIRule( name="volume_extension:volume_host_attribute", check_str=("rule:admin_api"), description="List or show volume with host attribute.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}"}, {"method": "GET", "path": "/volumes/detail"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}"), Operation(method="GET", path="/volumes/detail")], ), base.APIRule( name="volume_extension:volume_tenant_attribute", check_str=("rule:xena_system_admin_or_project_reader"), description="List or show volume with tenant attribute.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}"}, {"method": "GET", "path": "/volumes/detail"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}"), Operation(method="GET", path="/volumes/detail")], ), base.APIRule( name="volume_extension:volume_mig_status_attribute", check_str=("rule:admin_api"), description="List or show volume with migration status attribute.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}"}, {"method": "GET", "path": "/volumes/detail"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}"), Operation(method="GET", path="/volumes/detail")], ), base.APIRule( name="volume_extension:volume_encryption_metadata", check_str=("rule:xena_system_admin_or_project_reader"), description="Show volume's encryption metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/volumes/{volume_id}/encryption"}, {"method": "GET", "path": "/volumes/{volume_id}/encryption/{encryption_key}"}], + operations=[Operation(method="GET", path="/volumes/{volume_id}/encryption"), Operation(method="GET", path="/volumes/{volume_id}/encryption/{encryption_key}")], ), base.APIRule( name="volume:multiattach", check_str=("rule:xena_system_admin_or_project_member"), description="Create multiattach capable volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/volumes"}], + operations=[Operation(method="POST", path="/volumes")], ), base.APIRule( name="volume_extension:default_set_or_update", check_str=("rule:admin_api"), description="Set or update default volume type.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/default-types"}], + operations=[Operation(method="PUT", path="/default-types")], ), base.APIRule( name="volume_extension:default_get", check_str=("rule:admin_api"), description="Get default types.", scope_types=["project"], - operations=[{"method": "GET", "path": "/default-types/{project-id}"}], + operations=[Operation(method="GET", path="/default-types/{project-id}")], ), base.APIRule( name="volume_extension:default_get_all", check_str=("rule:admin_api"), description="Get all default types. WARNING: Changing this might open up too much information regarding cloud deployment.", scope_types=["project"], - operations=[{"method": "GET", "path": "/default-types/"}], + operations=[Operation(method="GET", path="/default-types/")], ), base.APIRule( name="volume_extension:default_unset", check_str=("rule:admin_api"), description="Unset default type.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/default-types/{project-id}"}], + operations=[Operation(method="DELETE", path="/default-types/{project-id}")], ), ) diff --git a/skyline_apiserver/policy/manager/designate.py b/skyline_apiserver/policy/manager/designate.py index 8e99686..640bb8a 100644 --- a/skyline_apiserver/policy/manager/designate.py +++ b/skyline_apiserver/policy/manager/designate.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -158,434 +160,434 @@ list_rules = ( check_str=("role:admin"), description="Create blacklist.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/blacklists"}], + operations=[Operation(method="POST", path="/v2/blacklists")], ), base.APIRule( name="find_blacklists", check_str=("role:admin"), description="Find blacklists.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/blacklists"}], + operations=[Operation(method="GET", path="/v2/blacklists")], ), base.APIRule( name="get_blacklist", check_str=("role:admin"), description="Get blacklist.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/blacklists/{blacklist_id}"}], + operations=[Operation(method="GET", path="/v2/blacklists/{blacklist_id}")], ), base.APIRule( name="update_blacklist", check_str=("role:admin"), description="Update blacklist.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/blacklists/{blacklist_id}"}], + operations=[Operation(method="PATCH", path="/v2/blacklists/{blacklist_id}")], ), base.APIRule( name="delete_blacklist", check_str=("role:admin"), description="Delete blacklist.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/blacklists/{blacklist_id}"}], + operations=[Operation(method="DELETE", path="/v2/blacklists/{blacklist_id}")], ), base.APIRule( name="use_blacklisted_zone", check_str=("role:admin"), description="Allowed bypass the blacklist.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones"}], + operations=[Operation(method="POST", path="/v2/zones")], ), base.APIRule( name="find_pools", check_str=("role:admin"), description="Find pool.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/pools"}], + operations=[Operation(method="GET", path="/v2/pools")], ), base.APIRule( name="find_pool", check_str=("role:admin"), description="Find pools.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/pools"}], + operations=[Operation(method="GET", path="/v2/pools")], ), base.APIRule( name="get_pool", check_str=("role:admin"), description="Get pool.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/pools/{pool_id}"}], + operations=[Operation(method="GET", path="/v2/pools/{pool_id}")], ), base.APIRule( name="zone_create_forced_pool", check_str=("role:admin"), description="load and set the pool to the one provided in the Zone attributes.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones"}], + operations=[Operation(method="POST", path="/v2/zones")], ), base.APIRule( name="get_quotas", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (True:%(all_tenants)s and role:reader)"), description="View Current Project's Quotas.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/quotas"}], + operations=[Operation(method="GET", path="/v2/quotas")], ), base.APIRule( name="set_quota", check_str=("role:admin"), description="Set Quotas.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/quotas/{project_id}"}], + operations=[Operation(method="PATCH", path="/v2/quotas/{project_id}")], ), base.APIRule( name="reset_quotas", check_str=("role:admin"), description="Reset Quotas.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/quotas/{project_id}"}], + operations=[Operation(method="DELETE", path="/v2/quotas/{project_id}")], ), base.APIRule( name="find_records", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="Find records.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/reverse/floatingips/{region}:{floatingip_id}"}, {"method": "GET", "path": "/v2/reverse/floatingips"}], + operations=[Operation(method="GET", path="/v2/reverse/floatingips/{region}:{floatingip_id}"), Operation(method="GET", path="/v2/reverse/floatingips")], ), base.APIRule( name="create_recordset", check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or (\"True\":%(zone_shared)s) and ('PRIMARY':%(zone_type)s)"), description="Create Recordset", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/recordsets"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/recordsets")], ), base.APIRule( name="get_recordset", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"), description="Get recordset", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}/recordsets/{recordset_id}")], ), base.APIRule( name="find_recordsets", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="List Recordsets in a Zone", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/recordsets"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}/recordsets")], ), base.APIRule( name="update_recordset", check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"), description="Update recordset", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + operations=[Operation(method="PUT", path="/v2/zones/{zone_id}/recordsets/{recordset_id}")], ), base.APIRule( name="delete_recordset", check_str=("(role:member and project_id:%(project_id)s) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('PRIMARY':%(zone_type)s) or (role:admin) and ('SECONDARY':%(zone_type)s) or role:member and (project_id:%(recordset_project_id)s) and ('PRIMARY':%(zone_type)s)"), description="Delete RecordSet", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/recordsets/{recordset_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/{zone_id}/recordsets/{recordset_id}")], ), base.APIRule( name="find_service_status", check_str=("role:admin"), description="Find a single Service Status", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/service_status/{service_id}"}], + operations=[Operation(method="GET", path="/v2/service_status/{service_id}")], ), base.APIRule( name="find_service_statuses", check_str=("role:admin"), description="List service statuses.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/service_status"}], + operations=[Operation(method="GET", path="/v2/service_status")], ), base.APIRule( name="get_zone_share", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Get a Zone Share", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares/{zone_share_id}"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}/shares/{zone_share_id}")], ), base.APIRule( name="share_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Share a Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/shares"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/shares")], ), base.APIRule( name="find_zone_shares", check_str=("@"), description="List Shared Zones", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/shares"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}/shares")], ), base.APIRule( name="unshare_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Unshare Zone", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}/shares/{shared_zone_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/{zone_id}/shares/{shared_zone_id}")], ), base.APIRule( name="create_tld", check_str=("role:admin"), description="Create Tld", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/tlds"}], + operations=[Operation(method="POST", path="/v2/tlds")], ), base.APIRule( name="find_tlds", check_str=("role:admin"), description="List Tlds", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tlds"}], + operations=[Operation(method="GET", path="/v2/tlds")], ), base.APIRule( name="get_tld", check_str=("role:admin"), description="Show Tld", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tlds/{tld_id}"}], + operations=[Operation(method="GET", path="/v2/tlds/{tld_id}")], ), base.APIRule( name="update_tld", check_str=("role:admin"), description="Update Tld", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/tlds/{tld_id}"}], + operations=[Operation(method="PATCH", path="/v2/tlds/{tld_id}")], ), base.APIRule( name="delete_tld", check_str=("role:admin"), description="Delete Tld", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/tlds/{tld_id}"}], + operations=[Operation(method="DELETE", path="/v2/tlds/{tld_id}")], ), base.APIRule( name="create_tsigkey", check_str=("role:admin"), description="Create Tsigkey", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/tsigkeys"}], + operations=[Operation(method="POST", path="/v2/tsigkeys")], ), base.APIRule( name="find_tsigkeys", check_str=("role:admin"), description="List Tsigkeys", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tsigkeys"}], + operations=[Operation(method="GET", path="/v2/tsigkeys")], ), base.APIRule( name="get_tsigkey", check_str=("role:admin"), description="Show a Tsigkey", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tsigkeys/{tsigkey_id}"}], + operations=[Operation(method="GET", path="/v2/tsigkeys/{tsigkey_id}")], ), base.APIRule( name="update_tsigkey", check_str=("role:admin"), description="Update Tsigkey", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/tsigkeys/{tsigkey_id}"}], + operations=[Operation(method="PATCH", path="/v2/tsigkeys/{tsigkey_id}")], ), base.APIRule( name="delete_tsigkey", check_str=("role:admin"), description="Delete a Tsigkey", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/tsigkeys/{tsigkey_id}"}], + operations=[Operation(method="DELETE", path="/v2/tsigkeys/{tsigkey_id}")], ), base.APIRule( name="create_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Create Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones"}], + operations=[Operation(method="POST", path="/v2/zones")], ), base.APIRule( name="get_zone", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s) or (\"True\":%(zone_shared)s)"), description="Get Zone", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}")], ), base.APIRule( name="get_zone_ns_records", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="Get the Name Servers for a Zone", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/{zone_id}/nameservers"}], + operations=[Operation(method="GET", path="/v2/zones/{zone_id}/nameservers")], ), base.APIRule( name="find_zones", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="List existing zones", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones"}], + operations=[Operation(method="GET", path="/v2/zones")], ), base.APIRule( name="update_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Update Zone", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/zones/{zone_id}"}], + operations=[Operation(method="PATCH", path="/v2/zones/{zone_id}")], ), base.APIRule( name="delete_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Delete Zone", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/{zone_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/{zone_id}")], ), base.APIRule( name="xfr_zone", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Manually Trigger an Update of a Secondary Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/xfr"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/tasks/xfr")], ), base.APIRule( name="abandon_zone", check_str=("role:admin"), description="Abandon Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/abandon"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/tasks/abandon")], ), base.APIRule( name="zone_export", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Retrive a Zone Export from the Designate Datastore", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}/export"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/exports/{zone_export_id}/export")], ), base.APIRule( name="create_zone_export", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Create Zone Export", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/tasks/export")], ), base.APIRule( name="find_zone_exports", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="List Zone Exports", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/exports"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/exports")], ), base.APIRule( name="get_zone_export", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="Get Zone Exports", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/exports/{zone_export_id}"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/exports/{zone_export_id}")], ), base.APIRule( name="update_zone_export", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Update Zone Exports", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/export"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/tasks/export")], ), base.APIRule( name="delete_zone_export", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Delete a zone export", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/tasks/exports/{zone_export_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/tasks/exports/{zone_export_id}")], ), base.APIRule( name="create_zone_import", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Create Zone Import", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}], + operations=[Operation(method="POST", path="/v2/zones/tasks/imports")], ), base.APIRule( name="find_zone_imports", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="List all Zone Imports", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/imports"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/imports")], ), base.APIRule( name="get_zone_import", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="Get Zone Imports", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/imports/{zone_import_id}"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/imports/{zone_import_id}")], ), base.APIRule( name="update_zone_import", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Update Zone Imports", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/tasks/imports"}], + operations=[Operation(method="POST", path="/v2/zones/tasks/imports")], ), base.APIRule( name="delete_zone_import", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Delete a Zone Import", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/tasks/imports/{zone_import_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/tasks/imports/{zone_import_id}")], ), base.APIRule( name="create_zone_transfer_accept", check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"), description="Create Zone Transfer Accept", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/tasks/transfer_accepts"}], + operations=[Operation(method="POST", path="/v2/zones/tasks/transfer_accepts")], ), base.APIRule( name="get_zone_transfer_accept", check_str=("(role:admin) or (role:reader and project_id:%(project_id)s)"), description="Get Zone Transfer Accept", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_accept_id}"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/transfer_requests/{zone_transfer_accept_id}")], ), base.APIRule( name="find_zone_transfer_accepts", check_str=("role:admin"), description="List Zone Transfer Accepts", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_accepts"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/transfer_accepts")], ), base.APIRule( name="create_zone_transfer_request", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Create Zone Transfer Accept", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/zones/{zone_id}/tasks/transfer_requests"}], + operations=[Operation(method="POST", path="/v2/zones/{zone_id}/tasks/transfer_requests")], ), base.APIRule( name="get_zone_transfer_request", check_str=("((role:admin) or (role:member and project_id:%(project_id)s)) or project_id:%(target_project_id)s or None:%(target_project_id)s"), description="Show a Zone Transfer Request", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}")], ), base.APIRule( name="find_zone_transfer_requests", check_str=("@"), description="List Zone Transfer Requests", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/zones/tasks/transfer_requests"}], + operations=[Operation(method="GET", path="/v2/zones/tasks/transfer_requests")], ), base.APIRule( name="update_zone_transfer_request", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Update a Zone Transfer Request", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + operations=[Operation(method="PATCH", path="/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}")], ), base.APIRule( name="delete_zone_transfer_request", check_str=("(role:admin) or (role:member and project_id:%(project_id)s)"), description="Delete a Zone Transfer Request", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}"}], + operations=[Operation(method="DELETE", path="/v2/zones/tasks/transfer_requests/{zone_transfer_request_id}")], ), ) diff --git a/skyline_apiserver/policy/manager/glance.py b/skyline_apiserver/policy/manager/glance.py index d3faa73..c5cc8fa 100644 --- a/skyline_apiserver/policy/manager/glance.py +++ b/skyline_apiserver/policy/manager/glance.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -48,385 +50,385 @@ list_rules = ( check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s and project_id:%(owner)s)"), description="Create new image", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/images"}], + operations=[Operation(method="POST", path="/v2/images")], ), base.APIRule( name="delete_image", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Deletes the image", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="DELETE", path="/v2/images/{image_id}")], ), base.APIRule( name="get_image", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"), description="Get specified image", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="GET", path="/v2/images/{image_id}")], ), base.APIRule( name="get_images", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), description="Get all available images", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images"}], + operations=[Operation(method="GET", path="/v2/images")], ), base.APIRule( name="modify_image", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Updates given image", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="PATCH", path="/v2/images/{image_id}")], ), base.APIRule( name="publicize_image", check_str=("role:admin"), description="Publicize given image", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="PATCH", path="/v2/images/{image_id}")], ), base.APIRule( name="communitize_image", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Communitize given image", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="PATCH", path="/v2/images/{image_id}")], ), base.APIRule( name="download_image", check_str=("role:admin or ((role:member or role:_member_) and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"), description="Downloads given image", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images/{image_id}/file"}], + operations=[Operation(method="GET", path="/v2/images/{image_id}/file")], ), base.APIRule( name="upload_image", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Uploads data to specified image", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/images/{image_id}/file"}], + operations=[Operation(method="PUT", path="/v2/images/{image_id}/file")], ), base.APIRule( name="delete_image_location", check_str=("role:admin"), description="Deletes the location of given image", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="PATCH", path="/v2/images/{image_id}")], ), base.APIRule( name="get_image_location", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), description="Reads the location of the image", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="GET", path="/v2/images/{image_id}")], ), base.APIRule( name="set_image_location", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Sets location URI to given image", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v2/images/{image_id}"}], + operations=[Operation(method="PATCH", path="/v2/images/{image_id}")], ), base.APIRule( name="add_member", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Create image member", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/images/{image_id}/members"}], + operations=[Operation(method="POST", path="/v2/images/{image_id}/members")], ), base.APIRule( name="delete_member", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Delete image member", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/images/{image_id}/members/{member_id}"}], + operations=[Operation(method="DELETE", path="/v2/images/{image_id}/members/{member_id}")], ), base.APIRule( name="get_member", check_str=("role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"), description="Show image member details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images/{image_id}/members/{member_id}"}], + operations=[Operation(method="GET", path="/v2/images/{image_id}/members/{member_id}")], ), base.APIRule( name="get_members", check_str=("role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"), description="List image members", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/images/{image_id}/members"}], + operations=[Operation(method="GET", path="/v2/images/{image_id}/members")], ), base.APIRule( name="modify_member", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(member_id)s)"), description="Update image member", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/images/{image_id}/members/{member_id}"}], + operations=[Operation(method="PUT", path="/v2/images/{image_id}/members/{member_id}")], ), base.APIRule( name="deactivate", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Deactivate image", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/images/{image_id}/actions/deactivate"}], + operations=[Operation(method="POST", path="/v2/images/{image_id}/actions/deactivate")], ), base.APIRule( name="reactivate", check_str=("role:admin or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Reactivate image", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/images/{image_id}/actions/reactivate"}], + operations=[Operation(method="POST", path="/v2/images/{image_id}/actions/reactivate")], ), base.APIRule( name="copy_image", check_str=("role:admin"), description="Copy existing image to other stores", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/images/{image_id}/import"}], + operations=[Operation(method="POST", path="/v2/images/{image_id}/import")], ), base.APIRule( name="get_task", check_str=("rule:default"), description="Get an image task.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}], + operations=[Operation(method="GET", path="/v2/tasks/{task_id}")], ), base.APIRule( name="get_tasks", check_str=("rule:default"), description="List tasks for all images.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tasks"}], + operations=[Operation(method="GET", path="/v2/tasks")], ), base.APIRule( name="add_task", check_str=("rule:default"), description="List tasks for all images.\n#\n#This granular policy controls access to tasks, both from the tasks API as well\n#as internal locations in Glance that use tasks (like import). Practically this\n#cannot be more restrictive than the policy that controls import or things will\n#break, and changing it from the default is almost certainly not what you want.\n#Access to the external tasks API should be restricted as desired by the\n#tasks_api_access policy. This may change in the future.\n#", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/tasks"}], + operations=[Operation(method="POST", path="/v2/tasks")], ), base.APIRule( name="modify_task", check_str=("rule:default"), description="This policy is not used.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/tasks/{task_id}"}], + operations=[Operation(method="DELETE", path="/v2/tasks/{task_id}")], ), base.APIRule( name="tasks_api_access", check_str=("role:admin"), description="\n#This is a generic blanket policy for protecting all task APIs. It is not\n#granular and will not allow you to separate writable and readable task\n#operations into different roles.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/tasks/{task_id}"}, {"method": "GET", "path": "/v2/tasks"}, {"method": "POST", "path": "/v2/tasks"}, {"method": "DELETE", "path": "/v2/tasks/{task_id}"}], + operations=[Operation(method="GET", path="/v2/tasks/{task_id}"), Operation(method="GET", path="/v2/tasks"), Operation(method="POST", path="/v2/tasks"), Operation(method="DELETE", path="/v2/tasks/{task_id}")], ), base.APIRule( name="get_metadef_namespace", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get a specific namespace.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}")], ), base.APIRule( name="get_metadef_namespaces", check_str=("role:admin or (role:reader and project_id:%(project_id)s)"), description="List namespace.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces")], ), base.APIRule( name="modify_metadef_namespace", check_str=("rule:metadef_admin"), description="Modify an existing namespace.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/metadefs/namespaces/{namespace_name}"}], + operations=[Operation(method="PUT", path="/v2/metadefs/namespaces/{namespace_name}")], ), base.APIRule( name="add_metadef_namespace", check_str=("rule:metadef_admin"), description="Create a namespace.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces")], ), base.APIRule( name="delete_metadef_namespace", check_str=("rule:metadef_admin"), description="Delete a namespace.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/metadefs/namespaces/{namespace_name}"}], + operations=[Operation(method="DELETE", path="/v2/metadefs/namespaces/{namespace_name}")], ), base.APIRule( name="get_metadef_object", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get a specific object from a namespace.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}")], ), base.APIRule( name="get_metadef_objects", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get objects from a namespace.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/objects"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/objects")], ), base.APIRule( name="modify_metadef_object", check_str=("rule:metadef_admin"), description="Update an object within a namespace.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}"}], + operations=[Operation(method="PUT", path="/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}")], ), base.APIRule( name="add_metadef_object", check_str=("rule:metadef_admin"), description="Create an object within a namespace.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/objects"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/objects")], ), base.APIRule( name="delete_metadef_object", check_str=("rule:metadef_admin"), description="Delete an object within a namespace.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}"}], + operations=[Operation(method="DELETE", path="/v2/metadefs/namespaces/{namespace_name}/objects/{object_name}")], ), base.APIRule( name="list_metadef_resource_types", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="List meta definition resource types.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/resource_types"}], + operations=[Operation(method="GET", path="/v2/metadefs/resource_types")], ), base.APIRule( name="get_metadef_resource_type", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get meta definition resource types associations.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/resource_types"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/resource_types")], ), base.APIRule( name="add_metadef_resource_type_association", check_str=("rule:metadef_admin"), description="Create meta definition resource types association.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/resource_types"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/resource_types")], ), base.APIRule( name="remove_metadef_resource_type_association", check_str=("rule:metadef_admin"), description="Delete meta definition resource types association.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/resource_types/{name}"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/resource_types/{name}")], ), base.APIRule( name="get_metadef_property", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get a specific meta definition property.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}")], ), base.APIRule( name="get_metadef_properties", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="List meta definition properties.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/properties"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/properties")], ), base.APIRule( name="modify_metadef_property", check_str=("rule:metadef_admin"), description="Update meta definition property.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}")], ), base.APIRule( name="add_metadef_property", check_str=("rule:metadef_admin"), description="Create meta definition property.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/properties"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/properties")], ), base.APIRule( name="remove_metadef_property", check_str=("rule:metadef_admin"), description="Delete meta definition property.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}"}], + operations=[Operation(method="DELETE", path="/v2/metadefs/namespaces/{namespace_name}/properties/{property_name}")], ), base.APIRule( name="get_metadef_tag", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="Get tag definition.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}")], ), base.APIRule( name="get_metadef_tags", check_str=("role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"), description="List tag definitions.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/metadefs/namespaces/{namespace_name}/tags"}], + operations=[Operation(method="GET", path="/v2/metadefs/namespaces/{namespace_name}/tags")], ), base.APIRule( name="modify_metadef_tag", check_str=("rule:metadef_admin"), description="Update tag definition.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}"}], + operations=[Operation(method="PUT", path="/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}")], ), base.APIRule( name="add_metadef_tag", check_str=("rule:metadef_admin"), description="Add tag definition.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}")], ), base.APIRule( name="add_metadef_tags", check_str=("rule:metadef_admin"), description="Create tag definitions.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/metadefs/namespaces/{namespace_name}/tags"}], + operations=[Operation(method="POST", path="/v2/metadefs/namespaces/{namespace_name}/tags")], ), base.APIRule( name="delete_metadef_tag", check_str=("rule:metadef_admin"), description="Delete tag definition.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}"}], + operations=[Operation(method="DELETE", path="/v2/metadefs/namespaces/{namespace_name}/tags/{tag_name}")], ), base.APIRule( name="delete_metadef_tags", check_str=("rule:metadef_admin"), description="Delete tag definitions.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/metadefs/namespaces/{namespace_name}/tags"}], + operations=[Operation(method="DELETE", path="/v2/metadefs/namespaces/{namespace_name}/tags")], ), base.APIRule( name="cache_image", check_str=("role:admin"), description="Queue image for caching", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/cache/{image_id}"}], + operations=[Operation(method="PUT", path="/v2/cache/{image_id}")], ), base.APIRule( name="cache_list", check_str=("role:admin"), description="List cache status", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/cache"}], + operations=[Operation(method="GET", path="/v2/cache")], ), base.APIRule( name="cache_delete", check_str=("role:admin"), description="Delete image(s) from cache and/or queue", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/cache"}, {"method": "DELETE", "path": "/v2/cache/{image_id}"}], + operations=[Operation(method="DELETE", path="/v2/cache"), Operation(method="DELETE", path="/v2/cache/{image_id}")], ), base.APIRule( name="stores_info_detail", check_str=("role:admin"), description="Expose store specific information", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/info/stores/detail"}], + operations=[Operation(method="GET", path="/v2/info/stores/detail")], ), ) diff --git a/skyline_apiserver/policy/manager/heat.py b/skyline_apiserver/policy/manager/heat.py index ad6e15d..bf076fa 100644 --- a/skyline_apiserver/policy/manager/heat.py +++ b/skyline_apiserver/policy/manager/heat.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -228,399 +230,399 @@ list_rules = ( check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Performs non-lifecycle operations on the stack (Snapshot, Resume, Cancel update, or check stack resources). This is the default for all actions but can be overridden by more specific policies for individual actions.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:snapshot", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Create stack snapshot", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:suspend", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Suspend a stack.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:resume", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Resume a suspended stack.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:check", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Check stack resources.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:cancel_update", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Cancel stack operation and roll back.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="actions:cancel_without_rollback", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Cancel stack operation without rolling back.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/actions")], ), base.APIRule( name="build_info:build_info", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show build information.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/build_info"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/build_info")], ), base.APIRule( name="events:index", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List events.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events")], ), base.APIRule( name="events:show", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show event.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}")], ), base.APIRule( name="resource:index", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List resources.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources")], ), base.APIRule( name="resource:metadata", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), description="Show resource metadata.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/metadata"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/metadata")], ), base.APIRule( name="resource:signal", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), description="Signal resource.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/signal"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/signal")], ), base.APIRule( name="resource:mark_unhealthy", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Mark resource as unhealthy.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name_or_physical_id}"}], + operations=[Operation(method="PATCH", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name_or_physical_id}")], ), base.APIRule( name="resource:show", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show resource.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}")], ), base.APIRule( name="software_configs:global_index", check_str=("role:reader and system_scope:all"), description="List configs globally.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_configs")], ), base.APIRule( name="software_configs:index", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List configs.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_configs")], ), base.APIRule( name="software_configs:create", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Create config.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_configs"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/software_configs")], ), base.APIRule( name="software_configs:show", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show config details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_configs/{config_id}")], ), base.APIRule( name="software_configs:delete", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Delete config.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/software_configs/{config_id}"}], + operations=[Operation(method="DELETE", path="/v1/{tenant_id}/software_configs/{config_id}")], ), base.APIRule( name="software_deployments:index", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List deployments.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_deployments")], ), base.APIRule( name="software_deployments:create", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Create deployment.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/software_deployments"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/software_deployments")], ), base.APIRule( name="software_deployments:show", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show deployment details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_deployments/{deployment_id}")], ), base.APIRule( name="software_deployments:update", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Update deployment.", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + operations=[Operation(method="PUT", path="/v1/{tenant_id}/software_deployments/{deployment_id}")], ), base.APIRule( name="software_deployments:delete", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Delete deployment.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/software_deployments/{deployment_id}"}], + operations=[Operation(method="DELETE", path="/v1/{tenant_id}/software_deployments/{deployment_id}")], ), base.APIRule( name="software_deployments:metadata", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), description="Show server configuration metadata.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/software_deployments/metadata/{server_id}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/software_deployments/metadata/{server_id}")], ), base.APIRule( name="stacks:abandon", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Abandon stack.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon"}], + operations=[Operation(method="DELETE", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon")], ), base.APIRule( name="stacks:create", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Create stack.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks")], ), base.APIRule( name="stacks:delete", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Delete stack.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + operations=[Operation(method="DELETE", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}")], ), base.APIRule( name="stacks:detail", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List stacks in detail.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks")], ), base.APIRule( name="stacks:export", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Export stack.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/export")], ), base.APIRule( name="stacks:generate_template", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Generate stack template.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template")], ), base.APIRule( name="stacks:global_index", check_str=("role:reader and system_scope:all"), description="List stacks globally.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks")], ), base.APIRule( name="stacks:index", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List stacks.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks")], ), base.APIRule( name="stacks:list_resource_types", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List resource types.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/resource_types")], ), base.APIRule( name="stacks:list_template_versions", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List template versions.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/template_versions"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/template_versions")], ), base.APIRule( name="stacks:list_template_functions", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List template functions.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/template_versions/{template_version}/functions"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/template_versions/{template_version}/functions")], ), base.APIRule( name="stacks:lookup", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s) or (role:heat_stack_user and project_id:%(project_id)s)"), description="Find stack.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_identity}")], ), base.APIRule( name="stacks:preview", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Preview stack.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/preview"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/preview")], ), base.APIRule( name="stacks:resource_schema", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show resource type schema.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/resource_types/{type_name}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/resource_types/{type_name}")], ), base.APIRule( name="stacks:show", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show stack.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_identity}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_identity}")], ), base.APIRule( name="stacks:template", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Get stack template.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template")], ), base.APIRule( name="stacks:environment", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Get stack environment.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/environment"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/environment")], ), base.APIRule( name="stacks:files", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Get stack files.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/files"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/files")], ), base.APIRule( name="stacks:update", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Update stack.", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + operations=[Operation(method="PUT", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}")], ), base.APIRule( name="stacks:update_patch", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Update stack (PATCH).", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + operations=[Operation(method="PATCH", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}")], ), base.APIRule( name="stacks:update_no_change", check_str=("rule:stacks:update_patch"), description="Update stack (PATCH) with no changes.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}"}], + operations=[Operation(method="PATCH", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}")], ), base.APIRule( name="stacks:preview_update", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Preview update stack.", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}], + operations=[Operation(method="PUT", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview")], ), base.APIRule( name="stacks:preview_update_patch", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Preview update stack (PATCH).", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview"}], + operations=[Operation(method="PATCH", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/preview")], ), base.APIRule( name="stacks:validate_template", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Validate template.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/validate"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/validate")], ), base.APIRule( name="stacks:snapshot", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Snapshot Stack.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots")], ), base.APIRule( name="stacks:show_snapshot", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show snapshot.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}")], ), base.APIRule( name="stacks:delete_snapshot", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Delete snapshot.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}")], ), base.APIRule( name="stacks:list_snapshots", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List snapshots.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots")], ), base.APIRule( name="stacks:restore_snapshot", check_str=("(role:admin and system_scope:all) or ((role:member or role:_member_) and project_id:%(project_id)s)"), description="Restore snapshot.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}/restore"}], + operations=[Operation(method="POST", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/snapshots/{snapshot_id}/restore")], ), base.APIRule( name="stacks:list_outputs", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="List outputs.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs")], ), base.APIRule( name="stacks:show_output", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(project_id)s)"), description="Show outputs.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs/{output_key}"}], + operations=[Operation(method="GET", path="/v1/{tenant_id}/stacks/{stack_name}/{stack_id}/outputs/{output_key}")], ), ) diff --git a/skyline_apiserver/policy/manager/ironic.py b/skyline_apiserver/policy/manager/ironic.py index 79a72f9..d68f3bc 100644 --- a/skyline_apiserver/policy/manager/ironic.py +++ b/skyline_apiserver/policy/manager/ironic.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -73,672 +75,672 @@ list_rules = ( check_str=("role:admin and system_scope:all"), description="Create Node records", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/nodes"}], + operations=[Operation(method="POST", path="/nodes")], ), base.APIRule( name="baremetal:node:create:self_owned_node", check_str=("role:admin"), description="Create node records which will be tracked as owned by the associated user project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/nodes"}], + operations=[Operation(method="POST", path="/nodes")], ), base.APIRule( name="baremetal:node:list", check_str=("role:reader"), description="Retrieve multiple Node records, filtered by an explicit owner or the client project_id", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], + operations=[Operation(method="GET", path="/nodes"), Operation(method="GET", path="/nodes/detail")], ), base.APIRule( name="baremetal:node:list_all", check_str=("role:reader and system_scope:all"), description="Retrieve multiple Node records", scope_types=["system"], - operations=[{"method": "GET", "path": "/nodes"}, {"method": "GET", "path": "/nodes/detail"}], + operations=[Operation(method="GET", path="/nodes"), Operation(method="GET", path="/nodes/detail")], ), base.APIRule( name="baremetal:node:get", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve a single Node record", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:get:filter_threshold", check_str=("role:reader and system_scope:all"), description="Filter to allow operators to govern the threshold where information should be filtered. Non-authorized users will be subjected to additional API policy checks for API content response bodies.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:get:last_error", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), description="Governs if the node last_error field is masked from API clients with insufficient privileges.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:get:reservation", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), description="Governs if the node reservation field is masked from API clients with insufficient privileges.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:get:driver_internal_info", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), description="Governs if the node driver_internal_info field is masked from API clients with insufficient privileges.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:get:driver_info", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), description="Governs if the driver_info field is masked from API clients with insufficient privileges.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:driver_info", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node driver_info field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:properties", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node properties field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:chassis_uuid", check_str=("role:admin and system_scope:all"), description="Governs if node chassis_uuid field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:instance_uuid", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node instance_uuid field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:lessee", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node lessee field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:owner", check_str=("(role:member or role:_member_) and system_scope:all"), description="Governs if node owner field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:driver_interfaces", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Governs if node driver and driver interfaces field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:network_data", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node driver_info field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:conductor_group", check_str=("(role:member or role:_member_) and system_scope:all"), description="Governs if node conductor_group field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:name", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node name field can be updated via the API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update:retired", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Governs if node retired and retired reason can be updated by API clients.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Generalized update of node records", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update_extra", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Update Node extra field", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update_instance_info", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Update Node instance_info field", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:update_owner_provisioned", check_str=("role:admin and system_scope:all"), description="Update Node owner even when Node is provisioned", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:delete", check_str=("role:admin and system_scope:all"), description="Delete Node records", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="DELETE", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:delete:self_owned_node", check_str=("role:admin and project_id:%(node.owner)s"), description="Delete node records which are associated with the requesting project.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="DELETE", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:validate", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Request active validation of Nodes", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/validate"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/validate")], ), base.APIRule( name="baremetal:node:set_maintenance", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Set maintenance flag, taking a Node out of service", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/maintenance"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/maintenance")], ), base.APIRule( name="baremetal:node:clear_maintenance", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Clear maintenance flag, placing the Node into service again", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/maintenance"}], + operations=[Operation(method="DELETE", path="/nodes/{node_ident}/maintenance")], ), base.APIRule( name="baremetal:node:get_boot_device", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Retrieve Node boot device metadata", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/boot_device"}, {"method": "GET", "path": "/nodes/{node_ident}/management/boot_device/supported"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/management/boot_device"), Operation(method="GET", path="/nodes/{node_ident}/management/boot_device/supported")], ), base.APIRule( name="baremetal:node:set_boot_device", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Change Node boot device", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/boot_device"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/management/boot_device")], ), base.APIRule( name="baremetal:node:get_indicator_state", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve Node indicators and their states", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}, {"method": "GET", "path": "/nodes/{node_ident}/management/indicators"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/management/indicators/{component}/{indicator}"), Operation(method="GET", path="/nodes/{node_ident}/management/indicators")], ), base.APIRule( name="baremetal:node:set_indicator_state", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Change Node indicator state", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/indicators/{component}/{indicator}"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/management/indicators/{component}/{indicator}")], ), base.APIRule( name="baremetal:node:inject_nmi", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Inject NMI for a node", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/management/inject_nmi"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/management/inject_nmi")], ), base.APIRule( name="baremetal:node:get_states", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="View Node power and provision state", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/states"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/states")], ), base.APIRule( name="baremetal:node:set_power_state", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Change Node power status", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/power"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/power")], ), base.APIRule( name="baremetal:node:set_boot_mode", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Change Node boot mode", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/boot_mode"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/boot_mode")], ), base.APIRule( name="baremetal:node:set_secure_boot", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Change Node secure boot state", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/secure_boot"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/secure_boot")], ), base.APIRule( name="baremetal:node:set_provision_state", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Change Node provision status", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/provision"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/provision")], ), base.APIRule( name="baremetal:node:set_raid_state", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Change Node RAID status", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/raid"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/raid")], ), base.APIRule( name="baremetal:node:get_console", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Get Node console connection information", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/states/console"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/states/console")], ), base.APIRule( name="baremetal:node:set_console_state", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s)"), description="Change Node console status", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/states/console"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/states/console")], ), base.APIRule( name="baremetal:node:vif:list", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="List VIFs attached to node", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/vifs"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/vifs")], ), base.APIRule( name="baremetal:node:vif:attach", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Attach a VIF to a node", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/nodes/{node_ident}/vifs"}], + operations=[Operation(method="POST", path="/nodes/{node_ident}/vifs")], ), base.APIRule( name="baremetal:node:vif:detach", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Detach a VIF from a node", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/vifs/{node_vif_ident}"}], + operations=[Operation(method="DELETE", path="/nodes/{node_ident}/vifs/{node_vif_ident}")], ), base.APIRule( name="baremetal:node:traits:list", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="List node traits", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/traits"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/traits")], ), base.APIRule( name="baremetal:node:traits:set", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Add a trait to, or replace all traits of, a node", scope_types=["system", "project"], - operations=[{"method": "PUT", "path": "/nodes/{node_ident}/traits"}, {"method": "PUT", "path": "/nodes/{node_ident}/traits/{trait}"}], + operations=[Operation(method="PUT", path="/nodes/{node_ident}/traits"), Operation(method="PUT", path="/nodes/{node_ident}/traits/{trait}")], ), base.APIRule( name="baremetal:node:traits:delete", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Remove one or all traits from a node", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/nodes/{node_ident}/traits"}, {"method": "DELETE", "path": "/nodes/{node_ident}/traits/{trait}"}], + operations=[Operation(method="DELETE", path="/nodes/{node_ident}/traits"), Operation(method="DELETE", path="/nodes/{node_ident}/traits/{trait}")], ), base.APIRule( name="baremetal:node:bios:get", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve Node BIOS information", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/bios"}, {"method": "GET", "path": "/nodes/{node_ident}/bios/{setting}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/bios"), Operation(method="GET", path="/nodes/{node_ident}/bios/{setting}")], ), base.APIRule( name="baremetal:node:disable_cleaning", check_str=("role:admin and system_scope:all"), description="Disable Node disk cleaning", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/nodes/{node_ident}"}], + operations=[Operation(method="PATCH", path="/nodes/{node_ident}")], ), base.APIRule( name="baremetal:node:history:get", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(node.owner)s)"), description="Filter to allow operators to retreive history records for a node.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/nodes/{node_ident}/history"}, {"method": "GET", "path": "/nodes/{node_ident}/history/{event_ident}"}], + operations=[Operation(method="GET", path="/nodes/{node_ident}/history"), Operation(method="GET", path="/nodes/{node_ident}/history/{event_ident}")], ), base.APIRule( name="baremetal:port:get", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve Port records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/ports/{port_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/ports"}, {"method": "GET", "path": "/nodes/{node_ident}/ports/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}/ports/detail"}], + operations=[Operation(method="GET", path="/ports/{port_id}"), Operation(method="GET", path="/nodes/{node_ident}/ports"), Operation(method="GET", path="/nodes/{node_ident}/ports/detail"), Operation(method="GET", path="/portgroups/{portgroup_ident}/ports"), Operation(method="GET", path="/portgroups/{portgroup_ident}/ports/detail")], ), base.APIRule( name="baremetal:port:list", check_str=("role:reader"), description="Retrieve multiple Port records, filtered by owner", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/detail")], ), base.APIRule( name="baremetal:port:list_all", check_str=("role:reader and system_scope:all"), description="Retrieve multiple Port records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/detail"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/detail")], ), base.APIRule( name="baremetal:port:create", check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Create Port records", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="baremetal:port:delete", check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Delete Port records", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/ports/{port_id}"}], + operations=[Operation(method="DELETE", path="/ports/{port_id}")], ), base.APIRule( name="baremetal:port:update", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Update Port records", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/ports/{port_id}"}], + operations=[Operation(method="PATCH", path="/ports/{port_id}")], ), base.APIRule( name="baremetal:portgroup:get", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve Portgroup records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}, {"method": "GET", "path": "/portgroups/{portgroup_ident}"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups"}, {"method": "GET", "path": "/nodes/{node_ident}/portgroups/detail"}], + operations=[Operation(method="GET", path="/portgroups"), Operation(method="GET", path="/portgroups/detail"), Operation(method="GET", path="/portgroups/{portgroup_ident}"), Operation(method="GET", path="/nodes/{node_ident}/portgroups"), Operation(method="GET", path="/nodes/{node_ident}/portgroups/detail")], ), base.APIRule( name="baremetal:portgroup:create", check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Create Portgroup records", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/portgroups"}], + operations=[Operation(method="POST", path="/portgroups")], ), base.APIRule( name="baremetal:portgroup:delete", check_str=("(role:admin and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Delete Portgroup records", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/portgroups/{portgroup_ident}"}], + operations=[Operation(method="DELETE", path="/portgroups/{portgroup_ident}")], ), base.APIRule( name="baremetal:portgroup:update", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s)"), description="Update Portgroup records", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/portgroups/{portgroup_ident}"}], + operations=[Operation(method="PATCH", path="/portgroups/{portgroup_ident}")], ), base.APIRule( name="baremetal:portgroup:list", check_str=("role:reader"), description="Retrieve multiple Port records, filtered by owner", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], + operations=[Operation(method="GET", path="/portgroups"), Operation(method="GET", path="/portgroups/detail")], ), base.APIRule( name="baremetal:portgroup:list_all", check_str=("role:reader and system_scope:all"), description="Retrieve multiple Port records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/portgroups"}, {"method": "GET", "path": "/portgroups/detail"}], + operations=[Operation(method="GET", path="/portgroups"), Operation(method="GET", path="/portgroups/detail")], ), base.APIRule( name="baremetal:chassis:get", check_str=("role:reader and system_scope:all"), description="Retrieve Chassis records", scope_types=["system"], - operations=[{"method": "GET", "path": "/chassis"}, {"method": "GET", "path": "/chassis/detail"}, {"method": "GET", "path": "/chassis/{chassis_id}"}], + operations=[Operation(method="GET", path="/chassis"), Operation(method="GET", path="/chassis/detail"), Operation(method="GET", path="/chassis/{chassis_id}")], ), base.APIRule( name="baremetal:chassis:create", check_str=("role:admin and system_scope:all"), description="Create Chassis records", scope_types=["system"], - operations=[{"method": "POST", "path": "/chassis"}], + operations=[Operation(method="POST", path="/chassis")], ), base.APIRule( name="baremetal:chassis:delete", check_str=("role:admin and system_scope:all"), description="Delete Chassis records", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/chassis/{chassis_id}"}], + operations=[Operation(method="DELETE", path="/chassis/{chassis_id}")], ), base.APIRule( name="baremetal:chassis:update", check_str=("(role:member or role:_member_) and system_scope:all"), description="Update Chassis records", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/chassis/{chassis_id}"}], + operations=[Operation(method="PATCH", path="/chassis/{chassis_id}")], ), base.APIRule( name="baremetal:driver:get", check_str=("role:reader and system_scope:all"), description="View list of available drivers", scope_types=["system"], - operations=[{"method": "GET", "path": "/drivers"}, {"method": "GET", "path": "/drivers/{driver_name}"}], + operations=[Operation(method="GET", path="/drivers"), Operation(method="GET", path="/drivers/{driver_name}")], ), base.APIRule( name="baremetal:driver:get_properties", check_str=("role:reader and system_scope:all"), description="View driver-specific properties", scope_types=["system"], - operations=[{"method": "GET", "path": "/drivers/{driver_name}/properties"}], + operations=[Operation(method="GET", path="/drivers/{driver_name}/properties")], ), base.APIRule( name="baremetal:driver:get_raid_logical_disk_properties", check_str=("role:reader and system_scope:all"), description="View driver-specific RAID metadata", scope_types=["system"], - operations=[{"method": "GET", "path": "/drivers/{driver_name}/raid/logical_disk_properties"}], + operations=[Operation(method="GET", path="/drivers/{driver_name}/raid/logical_disk_properties")], ), base.APIRule( name="baremetal:node:vendor_passthru", check_str=("role:admin and system_scope:all"), description="Access vendor-specific Node functions", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "nodes/{node_ident}/vendor_passthru/methods"}, {"method": "GET", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "nodes/{node_ident}/vendor_passthru?method={method_name}"}], + operations=[Operation(method="GET", path="nodes/{node_ident}/vendor_passthru/methods"), Operation(method="GET", path="nodes/{node_ident}/vendor_passthru?method={method_name}"), Operation(method="PUT", path="nodes/{node_ident}/vendor_passthru?method={method_name}"), Operation(method="POST", path="nodes/{node_ident}/vendor_passthru?method={method_name}"), Operation(method="PATCH", path="nodes/{node_ident}/vendor_passthru?method={method_name}"), Operation(method="DELETE", path="nodes/{node_ident}/vendor_passthru?method={method_name}")], ), base.APIRule( name="baremetal:driver:vendor_passthru", check_str=("role:admin and system_scope:all"), description="Access vendor-specific Driver functions", scope_types=["system"], - operations=[{"method": "GET", "path": "drivers/{driver_name}/vendor_passthru/methods"}, {"method": "GET", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PUT", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "POST", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "PATCH", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}, {"method": "DELETE", "path": "drivers/{driver_name}/vendor_passthru?method={method_name}"}], + operations=[Operation(method="GET", path="drivers/{driver_name}/vendor_passthru/methods"), Operation(method="GET", path="drivers/{driver_name}/vendor_passthru?method={method_name}"), Operation(method="PUT", path="drivers/{driver_name}/vendor_passthru?method={method_name}"), Operation(method="POST", path="drivers/{driver_name}/vendor_passthru?method={method_name}"), Operation(method="PATCH", path="drivers/{driver_name}/vendor_passthru?method={method_name}"), Operation(method="DELETE", path="drivers/{driver_name}/vendor_passthru?method={method_name}")], ), base.APIRule( name="baremetal:node:ipa_heartbeat", check_str=(""), description="Receive heartbeats from IPA ramdisk", scope_types=["project"], - operations=[{"method": "POST", "path": "/heartbeat/{node_ident}"}], + operations=[Operation(method="POST", path="/heartbeat/{node_ident}")], ), base.APIRule( name="baremetal:driver:ipa_lookup", check_str=(""), description="Access IPA ramdisk functions", scope_types=["project"], - operations=[{"method": "GET", "path": "/lookup"}], + operations=[Operation(method="GET", path="/lookup")], ), base.APIRule( name="baremetal:volume:list_all", check_str=("role:reader and system_scope:all"), description="Retrieve a list of all Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], + operations=[Operation(method="GET", path="/volume/connectors"), Operation(method="GET", path="/volume/targets"), Operation(method="GET", path="/nodes/{node_ident}/volume/connectors"), Operation(method="GET", path="/nodes/{node_ident}/volume/targets")], ), base.APIRule( name="baremetal:volume:list", check_str=("role:reader"), description="Retrieve a list of Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], + operations=[Operation(method="GET", path="/volume/connectors"), Operation(method="GET", path="/volume/targets"), Operation(method="GET", path="/nodes/{node_ident}/volume/connectors"), Operation(method="GET", path="/nodes/{node_ident}/volume/targets")], ), base.APIRule( name="baremetal:volume:get", check_str=("(role:reader and system_scope:all) or (role:reader and (project_id:%(node.owner)s or project_id:%(node.lessee)s))"), description="Retrieve Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/volume"}, {"method": "GET", "path": "/volume/connectors"}, {"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/volume"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/connectors"}, {"method": "GET", "path": "/nodes/{node_ident}/volume/targets"}], + operations=[Operation(method="GET", path="/volume"), Operation(method="GET", path="/volume/connectors"), Operation(method="GET", path="/volume/connectors/{volume_connector_id}"), Operation(method="GET", path="/volume/targets"), Operation(method="GET", path="/volume/targets/{volume_target_id}"), Operation(method="GET", path="/nodes/{node_ident}/volume"), Operation(method="GET", path="/nodes/{node_ident}/volume/connectors"), Operation(method="GET", path="/nodes/{node_ident}/volume/targets")], ), base.APIRule( name="baremetal:volume:create", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Create Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/volume/connectors"}, {"method": "POST", "path": "/volume/targets"}], + operations=[Operation(method="POST", path="/volume/connectors"), Operation(method="POST", path="/volume/targets")], ), base.APIRule( name="baremetal:volume:delete", check_str=("((role:member or role:_member_) and system_scope:all) or (role:admin and project_id:%(node.owner)s) or (role:manager and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Delete Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "DELETE", "path": "/volume/targets/{volume_target_id}"}], + operations=[Operation(method="DELETE", path="/volume/connectors/{volume_connector_id}"), Operation(method="DELETE", path="/volume/targets/{volume_target_id}")], ), base.APIRule( name="baremetal:volume:update", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(node.owner)s) or (role:admin and project_id:%(node.lessee)s) or (role:manager and project_id:%(node.lessee)s)"), description="Update Volume connector and target records", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "PATCH", "path": "/volume/targets/{volume_target_id}"}], + operations=[Operation(method="PATCH", path="/volume/connectors/{volume_connector_id}"), Operation(method="PATCH", path="/volume/targets/{volume_target_id}")], ), base.APIRule( name="baremetal:volume:view_target_properties", check_str=("(role:reader and system_scope:all) or (role:admin)"), description="Ability to view volume target properties", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/volume/connectors/{volume_connector_id}"}, {"method": "GET", "path": "/volume/targets/{volume_target_id}"}], + operations=[Operation(method="GET", path="/volume/connectors/{volume_connector_id}"), Operation(method="GET", path="/volume/targets/{volume_target_id}")], ), base.APIRule( name="baremetal:conductor:get", check_str=("role:reader and system_scope:all"), description="Retrieve Conductor records", scope_types=["system"], - operations=[{"method": "GET", "path": "/conductors"}, {"method": "GET", "path": "/conductors/{hostname}"}], + operations=[Operation(method="GET", path="/conductors"), Operation(method="GET", path="/conductors/{hostname}")], ), base.APIRule( name="baremetal:allocation:get", check_str=("(role:reader and system_scope:all) or (role:reader and project_id:%(allocation.owner)s)"), description="Retrieve Allocation records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/allocations/{allocation_id}"}, {"method": "GET", "path": "/nodes/{node_ident}/allocation"}], + operations=[Operation(method="GET", path="/allocations/{allocation_id}"), Operation(method="GET", path="/nodes/{node_ident}/allocation")], ), base.APIRule( name="baremetal:allocation:list", check_str=("role:reader"), description="Retrieve multiple Allocation records, filtered by owner", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/allocations"}], + operations=[Operation(method="GET", path="/allocations")], ), base.APIRule( name="baremetal:allocation:list_all", check_str=("role:reader and system_scope:all"), description="Retrieve multiple Allocation records", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/allocations"}], + operations=[Operation(method="GET", path="/allocations")], ), base.APIRule( name="baremetal:allocation:create", check_str=("((role:member or role:_member_) and system_scope:all) or (role:member or role:_member_)"), description="Create Allocation records", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/allocations"}], + operations=[Operation(method="POST", path="/allocations")], ), base.APIRule( name="baremetal:allocation:create_restricted", check_str=("(role:member or role:_member_) and system_scope:all"), description="Create Allocation records with a specific owner.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/allocations"}], + operations=[Operation(method="POST", path="/allocations")], ), base.APIRule( name="baremetal:allocation:delete", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(allocation.owner)s)"), description="Delete Allocation records", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/allocations/{allocation_id}"}, {"method": "DELETE", "path": "/nodes/{node_ident}/allocation"}], + operations=[Operation(method="DELETE", path="/allocations/{allocation_id}"), Operation(method="DELETE", path="/nodes/{node_ident}/allocation")], ), base.APIRule( name="baremetal:allocation:update", check_str=("((role:member or role:_member_) and system_scope:all) or ((role:member or role:_member_) and project_id:%(allocation.owner)s)"), description="Change name and extra fields of an allocation", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/allocations/{allocation_id}"}], + operations=[Operation(method="PATCH", path="/allocations/{allocation_id}")], ), base.APIRule( name="baremetal:allocation:create_pre_rbac", check_str=("(rule:is_member and role:baremetal_admin) or (is_admin_project:True and role:admin)"), description="Logical restrictor to prevent legacy allocation rule missuse - Requires blank allocations to originate from the legacy baremetal_admin.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/allocations/{allocation_id}"}], + operations=[Operation(method="PATCH", path="/allocations/{allocation_id}")], ), base.APIRule( name="baremetal:events:post", check_str=("role:admin and system_scope:all"), description="Post events", scope_types=["system"], - operations=[{"method": "POST", "path": "/events"}], + operations=[Operation(method="POST", path="/events")], ), base.APIRule( name="baremetal:deploy_template:get", check_str=("role:reader and system_scope:all"), description="Retrieve Deploy Template records", scope_types=["system"], - operations=[{"method": "GET", "path": "/deploy_templates"}, {"method": "GET", "path": "/deploy_templates/{deploy_template_ident}"}], + operations=[Operation(method="GET", path="/deploy_templates"), Operation(method="GET", path="/deploy_templates/{deploy_template_ident}")], ), base.APIRule( name="baremetal:deploy_template:create", check_str=("role:admin and system_scope:all"), description="Create Deploy Template records", scope_types=["system"], - operations=[{"method": "POST", "path": "/deploy_templates"}], + operations=[Operation(method="POST", path="/deploy_templates")], ), base.APIRule( name="baremetal:deploy_template:delete", check_str=("role:admin and system_scope:all"), description="Delete Deploy Template records", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/deploy_templates/{deploy_template_ident}"}], + operations=[Operation(method="DELETE", path="/deploy_templates/{deploy_template_ident}")], ), base.APIRule( name="baremetal:deploy_template:update", check_str=("role:admin and system_scope:all"), description="Update Deploy Template records", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/deploy_templates/{deploy_template_ident}"}], + operations=[Operation(method="PATCH", path="/deploy_templates/{deploy_template_ident}")], ), ) diff --git a/skyline_apiserver/policy/manager/ironic_inspector.py b/skyline_apiserver/policy/manager/ironic_inspector.py index b9cfeaa..271a189 100644 --- a/skyline_apiserver/policy/manager/ironic_inspector.py +++ b/skyline_apiserver/policy/manager/ironic_inspector.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -43,77 +45,77 @@ list_rules = ( check_str=("rule:public_api"), description="Access the API root for available versions information", scope_types=["project"], - operations=[{"method": "GET", "path": "/"}], + operations=[Operation(method="GET", path="/")], ), base.APIRule( name="introspection:version", check_str=("rule:public_api"), description="Access the versioned API root for version information", scope_types=["project"], - operations=[{"method": "GET", "path": "/{version}"}], + operations=[Operation(method="GET", path="/{version}")], ), base.APIRule( name="introspection:continue", check_str=("rule:public_api"), description="Ramdisk callback to continue introspection", scope_types=["project"], - operations=[{"method": "POST", "path": "/continue"}], + operations=[Operation(method="POST", path="/continue")], ), base.APIRule( name="introspection:status", check_str=("role:reader and system_scope:all"), description="Get introspection status", scope_types=["project"], - operations=[{"method": "GET", "path": "/introspection"}, {"method": "GET", "path": "/introspection/{node_id}"}], + operations=[Operation(method="GET", path="/introspection"), Operation(method="GET", path="/introspection/{node_id}")], ), base.APIRule( name="introspection:start", check_str=("role:admin and system_scope:all"), description="Start introspection", scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}"}], + operations=[Operation(method="POST", path="/introspection/{node_id}")], ), base.APIRule( name="introspection:abort", check_str=("role:admin and system_scope:all"), description="Abort introspection", scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}/abort"}], + operations=[Operation(method="POST", path="/introspection/{node_id}/abort")], ), base.APIRule( name="introspection:data", check_str=("role:admin and system_scope:all"), description="Get introspection data", scope_types=["project"], - operations=[{"method": "GET", "path": "/introspection/{node_id}/data"}], + operations=[Operation(method="GET", path="/introspection/{node_id}/data")], ), base.APIRule( name="introspection:reapply", check_str=("role:admin and system_scope:all"), description="Reapply introspection on stored data", scope_types=["project"], - operations=[{"method": "POST", "path": "/introspection/{node_id}/data/unprocessed"}], + operations=[Operation(method="POST", path="/introspection/{node_id}/data/unprocessed")], ), base.APIRule( name="introspection:rule:get", check_str=("role:admin and system_scope:all"), description="Get introspection rule(s)", scope_types=["project"], - operations=[{"method": "GET", "path": "/rules"}, {"method": "GET", "path": "/rules/{rule_id}"}], + operations=[Operation(method="GET", path="/rules"), Operation(method="GET", path="/rules/{rule_id}")], ), base.APIRule( name="introspection:rule:delete", check_str=("role:admin and system_scope:all"), description="Delete introspection rule(s)", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/rules"}, {"method": "DELETE", "path": "/rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/rules"), Operation(method="DELETE", path="/rules/{rule_id}")], ), base.APIRule( name="introspection:rule:create", check_str=("role:admin and system_scope:all"), description="Create introspection rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/rules"}], + operations=[Operation(method="POST", path="/rules")], ), ) diff --git a/skyline_apiserver/policy/manager/keystone.py b/skyline_apiserver/policy/manager/keystone.py index 4bcc942..1bdc43b 100644 --- a/skyline_apiserver/policy/manager/keystone.py +++ b/skyline_apiserver/policy/manager/keystone.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -63,1344 +65,1344 @@ list_rules = ( check_str=("(role:reader and system_scope:all) or user_id:%(target.user.id)s"), description="Show access rule details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"}, {"method": "HEAD", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/access_rules/{access_rule_id}"), Operation(method="HEAD", path="/v3/users/{user_id}/access_rules/{access_rule_id}")], ), base.APIRule( name="identity:list_access_rules", check_str=("(role:reader and system_scope:all) or user_id:%(target.user.id)s"), description="List access rules for a user.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/access_rules"}, {"method": "HEAD", "path": "/v3/users/{user_id}/access_rules"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/access_rules"), Operation(method="HEAD", path="/v3/users/{user_id}/access_rules")], ), base.APIRule( name="identity:delete_access_rule", check_str=("(role:admin and system_scope:all) or user_id:%(target.user.id)s"), description="Delete an access_rule.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v3/users/{user_id}/access_rules/{access_rule_id}"}], + operations=[Operation(method="DELETE", path="/v3/users/{user_id}/access_rules/{access_rule_id}")], ), base.APIRule( name="identity:authorize_request_token", check_str=("rule:admin_required"), description="Authorize OAUTH1 request token.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v3/OS-OAUTH1/authorize/{request_token_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-OAUTH1/authorize/{request_token_id}")], ), base.APIRule( name="identity:get_access_token", check_str=("rule:admin_required"), description="Get OAUTH1 access token for user by access token ID.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}")], ), base.APIRule( name="identity:get_access_token_role", check_str=("rule:admin_required"), description="Get role for user OAUTH1 access token.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}")], ), base.APIRule( name="identity:list_access_tokens", check_str=("rule:admin_required"), description="List OAUTH1 access tokens for user.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/OS-OAUTH1/access_tokens")], ), base.APIRule( name="identity:list_access_token_roles", check_str=("rule:admin_required"), description="List OAUTH1 access token roles.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles")], ), base.APIRule( name="identity:delete_access_token", check_str=("rule:admin_required"), description="Delete OAUTH1 access token.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}"}], + operations=[Operation(method="DELETE", path="/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}")], ), base.APIRule( name="identity:get_application_credential", check_str=("(role:reader and system_scope:all) or rule:owner"), description="Show application credential details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}"}, {"method": "HEAD", "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/application_credentials/{application_credential_id}"), Operation(method="HEAD", path="/v3/users/{user_id}/application_credentials/{application_credential_id}")], ), base.APIRule( name="identity:list_application_credentials", check_str=("(role:reader and system_scope:all) or rule:owner"), description="List application credentials for a user.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/application_credentials"}, {"method": "HEAD", "path": "/v3/users/{user_id}/application_credentials"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/application_credentials"), Operation(method="HEAD", path="/v3/users/{user_id}/application_credentials")], ), base.APIRule( name="identity:create_application_credential", check_str=("user_id:%(user_id)s"), description="Create an application credential.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v3/users/{user_id}/application_credentials"}], + operations=[Operation(method="POST", path="/v3/users/{user_id}/application_credentials")], ), base.APIRule( name="identity:delete_application_credential", check_str=("(role:admin and system_scope:all) or rule:owner"), description="Delete an application credential.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v3/users/{user_id}/application_credentials/{application_credential_id}"}], + operations=[Operation(method="DELETE", path="/v3/users/{user_id}/application_credentials/{application_credential_id}")], ), base.APIRule( name="identity:get_auth_catalog", check_str=(""), description="Get service catalog.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/auth/catalog"}, {"method": "HEAD", "path": "/v3/auth/catalog"}], + operations=[Operation(method="GET", path="/v3/auth/catalog"), Operation(method="HEAD", path="/v3/auth/catalog")], ), base.APIRule( name="identity:get_auth_projects", check_str=(""), description="List all projects a user has access to via role assignments.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/auth/projects"}, {"method": "HEAD", "path": "/v3/auth/projects"}], + operations=[Operation(method="GET", path="/v3/auth/projects"), Operation(method="HEAD", path="/v3/auth/projects")], ), base.APIRule( name="identity:get_auth_domains", check_str=(""), description="List all domains a user has access to via role assignments.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/auth/domains"}, {"method": "HEAD", "path": "/v3/auth/domains"}], + operations=[Operation(method="GET", path="/v3/auth/domains"), Operation(method="HEAD", path="/v3/auth/domains")], ), base.APIRule( name="identity:get_auth_system", check_str=(""), description="List systems a user has access to via role assignments.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/auth/system"}, {"method": "HEAD", "path": "/v3/auth/system"}], + operations=[Operation(method="GET", path="/v3/auth/system"), Operation(method="HEAD", path="/v3/auth/system")], ), base.APIRule( name="identity:get_consumer", check_str=("role:reader and system_scope:all"), description="Show OAUTH1 consumer details.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], + operations=[Operation(method="GET", path="/v3/OS-OAUTH1/consumers/{consumer_id}")], ), base.APIRule( name="identity:list_consumers", check_str=("role:reader and system_scope:all"), description="List OAUTH1 consumers.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-OAUTH1/consumers"}], + operations=[Operation(method="GET", path="/v3/OS-OAUTH1/consumers")], ), base.APIRule( name="identity:create_consumer", check_str=("role:admin and system_scope:all"), description="Create OAUTH1 consumer.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/OS-OAUTH1/consumers"}], + operations=[Operation(method="POST", path="/v3/OS-OAUTH1/consumers")], ), base.APIRule( name="identity:update_consumer", check_str=("role:admin and system_scope:all"), description="Update OAUTH1 consumer.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-OAUTH1/consumers/{consumer_id}")], ), base.APIRule( name="identity:delete_consumer", check_str=("role:admin and system_scope:all"), description="Delete OAUTH1 consumer.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-OAUTH1/consumers/{consumer_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-OAUTH1/consumers/{consumer_id}")], ), base.APIRule( name="identity:get_credential", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Show credentials details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/credentials/{credential_id}"}], + operations=[Operation(method="GET", path="/v3/credentials/{credential_id}")], ), base.APIRule( name="identity:list_credentials", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), description="List credentials.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/credentials"}], + operations=[Operation(method="GET", path="/v3/credentials")], ), base.APIRule( name="identity:create_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Create credential.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v3/credentials"}], + operations=[Operation(method="POST", path="/v3/credentials")], ), base.APIRule( name="identity:update_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Update credential.", scope_types=["system", "project"], - operations=[{"method": "PATCH", "path": "/v3/credentials/{credential_id}"}], + operations=[Operation(method="PATCH", path="/v3/credentials/{credential_id}")], ), base.APIRule( name="identity:delete_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Delete credential.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v3/credentials/{credential_id}"}], + operations=[Operation(method="DELETE", path="/v3/credentials/{credential_id}")], ), base.APIRule( name="identity:get_domain", check_str=("(role:reader and system_scope:all) or token.domain.id:%(target.domain.id)s or token.project.domain.id:%(target.domain.id)s"), description="Show domain details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/domains/{domain_id}"}], + operations=[Operation(method="GET", path="/v3/domains/{domain_id}")], ), base.APIRule( name="identity:list_domains", check_str=("role:reader and system_scope:all"), description="List domains.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/domains"}], + operations=[Operation(method="GET", path="/v3/domains")], ), base.APIRule( name="identity:create_domain", check_str=("role:admin and system_scope:all"), description="Create domain.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/domains"}], + operations=[Operation(method="POST", path="/v3/domains")], ), base.APIRule( name="identity:update_domain", check_str=("role:admin and system_scope:all"), description="Update domain.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/domains/{domain_id}"}], + operations=[Operation(method="PATCH", path="/v3/domains/{domain_id}")], ), base.APIRule( name="identity:delete_domain", check_str=("role:admin and system_scope:all"), description="Delete domain.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/domains/{domain_id}"}], + operations=[Operation(method="DELETE", path="/v3/domains/{domain_id}")], ), base.APIRule( name="identity:create_domain_config", check_str=("role:admin and system_scope:all"), description="Create domain configuration.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/domains/{domain_id}/config"}], + operations=[Operation(method="PUT", path="/v3/domains/{domain_id}/config")], ), base.APIRule( name="identity:get_domain_config", check_str=("role:reader and system_scope:all"), description="Get the entire domain configuration for a domain, an option group within a domain, or a specific configuration option within a group for a domain.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/domains/{domain_id}/config"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/config"}, {"method": "GET", "path": "/v3/domains/{domain_id}/config/{group}"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/config/{group}"}, {"method": "GET", "path": "/v3/domains/{domain_id}/config/{group}/{option}"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/config/{group}/{option}"}], + operations=[Operation(method="GET", path="/v3/domains/{domain_id}/config"), Operation(method="HEAD", path="/v3/domains/{domain_id}/config"), Operation(method="GET", path="/v3/domains/{domain_id}/config/{group}"), Operation(method="HEAD", path="/v3/domains/{domain_id}/config/{group}"), Operation(method="GET", path="/v3/domains/{domain_id}/config/{group}/{option}"), Operation(method="HEAD", path="/v3/domains/{domain_id}/config/{group}/{option}")], ), base.APIRule( name="identity:get_security_compliance_domain_config", check_str=(""), description="Get security compliance domain configuration for either a domain or a specific option in a domain.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/domains/{domain_id}/config/security_compliance"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/config/security_compliance"}, {"method": "GET", "path": "/v3/domains/{domain_id}/config/security_compliance/{option}"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/config/security_compliance/{option}"}], + operations=[Operation(method="GET", path="/v3/domains/{domain_id}/config/security_compliance"), Operation(method="HEAD", path="/v3/domains/{domain_id}/config/security_compliance"), Operation(method="GET", path="/v3/domains/{domain_id}/config/security_compliance/{option}"), Operation(method="HEAD", path="/v3/domains/{domain_id}/config/security_compliance/{option}")], ), base.APIRule( name="identity:update_domain_config", check_str=("role:admin and system_scope:all"), description="Update domain configuration for either a domain, specific group or a specific option in a group.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/domains/{domain_id}/config"}, {"method": "PATCH", "path": "/v3/domains/{domain_id}/config/{group}"}, {"method": "PATCH", "path": "/v3/domains/{domain_id}/config/{group}/{option}"}], + operations=[Operation(method="PATCH", path="/v3/domains/{domain_id}/config"), Operation(method="PATCH", path="/v3/domains/{domain_id}/config/{group}"), Operation(method="PATCH", path="/v3/domains/{domain_id}/config/{group}/{option}")], ), base.APIRule( name="identity:delete_domain_config", check_str=("role:admin and system_scope:all"), description="Delete domain configuration for either a domain, specific group or a specific option in a group.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/domains/{domain_id}/config"}, {"method": "DELETE", "path": "/v3/domains/{domain_id}/config/{group}"}, {"method": "DELETE", "path": "/v3/domains/{domain_id}/config/{group}/{option}"}], + operations=[Operation(method="DELETE", path="/v3/domains/{domain_id}/config"), Operation(method="DELETE", path="/v3/domains/{domain_id}/config/{group}"), Operation(method="DELETE", path="/v3/domains/{domain_id}/config/{group}/{option}")], ), base.APIRule( name="identity:get_domain_config_default", check_str=("role:reader and system_scope:all"), description="Get domain configuration default for either a domain, specific group or a specific option in a group.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/domains/config/default"}, {"method": "HEAD", "path": "/v3/domains/config/default"}, {"method": "GET", "path": "/v3/domains/config/{group}/default"}, {"method": "HEAD", "path": "/v3/domains/config/{group}/default"}, {"method": "GET", "path": "/v3/domains/config/{group}/{option}/default"}, {"method": "HEAD", "path": "/v3/domains/config/{group}/{option}/default"}], + operations=[Operation(method="GET", path="/v3/domains/config/default"), Operation(method="HEAD", path="/v3/domains/config/default"), Operation(method="GET", path="/v3/domains/config/{group}/default"), Operation(method="HEAD", path="/v3/domains/config/{group}/default"), Operation(method="GET", path="/v3/domains/config/{group}/{option}/default"), Operation(method="HEAD", path="/v3/domains/config/{group}/{option}/default")], ), base.APIRule( name="identity:ec2_get_credential", check_str=("(role:reader and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Show ec2 credential details.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/credentials/OS-EC2/{credential_id}")], ), base.APIRule( name="identity:ec2_list_credentials", check_str=("(role:reader and system_scope:all) or rule:owner"), description="List ec2 credentials.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/credentials/OS-EC2"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/credentials/OS-EC2")], ), base.APIRule( name="identity:ec2_create_credential", check_str=("(role:admin and system_scope:all) or rule:owner"), description="Create ec2 credential.", scope_types=["system", "project"], - operations=[{"method": "POST", "path": "/v3/users/{user_id}/credentials/OS-EC2"}], + operations=[Operation(method="POST", path="/v3/users/{user_id}/credentials/OS-EC2")], ), base.APIRule( name="identity:ec2_delete_credential", check_str=("(role:admin and system_scope:all) or user_id:%(target.credential.user_id)s"), description="Delete ec2 credential.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v3/users/{user_id}/credentials/OS-EC2/{credential_id}"}], + operations=[Operation(method="DELETE", path="/v3/users/{user_id}/credentials/OS-EC2/{credential_id}")], ), base.APIRule( name="identity:get_endpoint", check_str=("role:reader and system_scope:all"), description="Show endpoint details.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/endpoints/{endpoint_id}"}], + operations=[Operation(method="GET", path="/v3/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:list_endpoints", check_str=("role:reader and system_scope:all"), description="List endpoints.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/endpoints"}], + operations=[Operation(method="GET", path="/v3/endpoints")], ), base.APIRule( name="identity:create_endpoint", check_str=("role:admin and system_scope:all"), description="Create endpoint.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/endpoints"}], + operations=[Operation(method="POST", path="/v3/endpoints")], ), base.APIRule( name="identity:update_endpoint", check_str=("role:admin and system_scope:all"), description="Update endpoint.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/endpoints/{endpoint_id}"}], + operations=[Operation(method="PATCH", path="/v3/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:delete_endpoint", check_str=("role:admin and system_scope:all"), description="Delete endpoint.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/endpoints/{endpoint_id}"}], + operations=[Operation(method="DELETE", path="/v3/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:create_endpoint_group", check_str=("role:admin and system_scope:all"), description="Create endpoint group.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/OS-EP-FILTER/endpoint_groups"}], + operations=[Operation(method="POST", path="/v3/OS-EP-FILTER/endpoint_groups")], ), base.APIRule( name="identity:list_endpoint_groups", check_str=("role:reader and system_scope:all"), description="List endpoint groups.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoint_groups")], ), base.APIRule( name="identity:get_endpoint_group", check_str=("role:reader and system_scope:all"), description="Get endpoint group.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}, {"method": "HEAD", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"), Operation(method="HEAD", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}")], ), base.APIRule( name="identity:update_endpoint_group", check_str=("role:admin and system_scope:all"), description="Update endpoint group.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}")], ), base.APIRule( name="identity:delete_endpoint_group", check_str=("role:admin and system_scope:all"), description="Delete endpoint group.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}")], ), base.APIRule( name="identity:list_projects_associated_with_endpoint_group", check_str=("role:reader and system_scope:all"), description="List all projects associated with a specific endpoint group.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects")], ), base.APIRule( name="identity:list_endpoints_associated_with_endpoint_group", check_str=("role:reader and system_scope:all"), description="List all endpoints associated with an endpoint group.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints")], ), base.APIRule( name="identity:get_endpoint_group_in_project", check_str=("role:reader and system_scope:all"), description="Check if an endpoint group is associated with a project.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}"}, {"method": "HEAD", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}"), Operation(method="HEAD", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}")], ), base.APIRule( name="identity:list_endpoint_groups_for_project", check_str=("role:reader and system_scope:all"), description="List endpoint groups associated with a specific project.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups")], ), base.APIRule( name="identity:add_endpoint_group_to_project", check_str=("role:admin and system_scope:all"), description="Allow a project to access an endpoint group.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}")], ), base.APIRule( name="identity:remove_endpoint_group_from_project", check_str=("role:admin and system_scope:all"), description="Remove endpoint group from project.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}")], ), base.APIRule( name="identity:check_grant", check_str=("(role:reader and system_scope:all) or ((role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"), description="Check a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable.", scope_types=["system", "domain"], - operations=[{"method": "HEAD", "path": "/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "GET", "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "HEAD", "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}, {"method": "GET", "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}, {"method": "HEAD", "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "GET", "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "HEAD", "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}, {"method": "GET", "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}], + operations=[Operation(method="HEAD", path="/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"), Operation(method="GET", path="/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"), Operation(method="HEAD", path="/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"), Operation(method="GET", path="/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"), Operation(method="HEAD", path="/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"), Operation(method="GET", path="/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"), Operation(method="HEAD", path="/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"), Operation(method="GET", path="/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"), Operation(method="HEAD", path="/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="GET", path="/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="HEAD", path="/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"), Operation(method="GET", path="/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"), Operation(method="HEAD", path="/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="GET", path="/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="HEAD", path="/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"), Operation(method="GET", path="/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects")], ), base.APIRule( name="identity:list_grants", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)"), description="List roles granted to an actor on a target. A target can be either a domain or a project. An actor can be either a user or a group. For the OS-INHERIT APIs, it is possible to list inherited role grants for actors on domains, where grants are inherited to all projects in the specified domain.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/projects/{project_id}/users/{user_id}/roles"}, {"method": "HEAD", "path": "/v3/projects/{project_id}/users/{user_id}/roles"}, {"method": "GET", "path": "/v3/projects/{project_id}/groups/{group_id}/roles"}, {"method": "HEAD", "path": "/v3/projects/{project_id}/groups/{group_id}/roles"}, {"method": "GET", "path": "/v3/domains/{domain_id}/users/{user_id}/roles"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/users/{user_id}/roles"}, {"method": "GET", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles"}, {"method": "HEAD", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles"}, {"method": "GET", "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects"}, {"method": "GET", "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects"}], + operations=[Operation(method="GET", path="/v3/projects/{project_id}/users/{user_id}/roles"), Operation(method="HEAD", path="/v3/projects/{project_id}/users/{user_id}/roles"), Operation(method="GET", path="/v3/projects/{project_id}/groups/{group_id}/roles"), Operation(method="HEAD", path="/v3/projects/{project_id}/groups/{group_id}/roles"), Operation(method="GET", path="/v3/domains/{domain_id}/users/{user_id}/roles"), Operation(method="HEAD", path="/v3/domains/{domain_id}/users/{user_id}/roles"), Operation(method="GET", path="/v3/domains/{domain_id}/groups/{group_id}/roles"), Operation(method="HEAD", path="/v3/domains/{domain_id}/groups/{group_id}/roles"), Operation(method="GET", path="/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects"), Operation(method="GET", path="/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects")], ), base.APIRule( name="identity:create_grant", check_str=("(role:admin and system_scope:all) or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"), description="Create a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable.", scope_types=["system", "domain"], - operations=[{"method": "PUT", "path": "/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"}, {"method": "PUT", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"}, {"method": "PUT", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, {"method": "PUT", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"}, {"method": "PUT", "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "PUT", "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}, {"method": "PUT", "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "PUT", "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}], + operations=[Operation(method="PUT", path="/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"), Operation(method="PUT", path="/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"), Operation(method="PUT", path="/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"), Operation(method="PUT", path="/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"), Operation(method="PUT", path="/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="PUT", path="/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"), Operation(method="PUT", path="/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="PUT", path="/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects")], ), base.APIRule( name="identity:revoke_grant", check_str=("(role:admin and system_scope:all) or ((role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.user.domain_id)s and domain_id:%(target.domain.id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.project.domain_id)s) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.domain.id)s)) and (domain_id:%(target.role.domain_id)s or None:%(target.role.domain_id)s)"), description="Revoke a role grant between a target and an actor. A target can be either a domain or a project. An actor can be either a user or a group. These terms also apply to the OS-INHERIT APIs, where grants on the target are inherited to all projects in the subtree, if applicable. In that case, revoking the role grant in the target would remove the logical effect of inheriting it to the target's projects subtree.", scope_types=["system", "domain"], - operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"}, {"method": "DELETE", "path": "/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"}, {"method": "DELETE", "path": "/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"}, {"method": "DELETE", "path": "/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"}, {"method": "DELETE", "path": "/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "DELETE", "path": "/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}, {"method": "DELETE", "path": "/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"}, {"method": "DELETE", "path": "/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"}], + operations=[Operation(method="DELETE", path="/v3/projects/{project_id}/users/{user_id}/roles/{role_id}"), Operation(method="DELETE", path="/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}"), Operation(method="DELETE", path="/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}"), Operation(method="DELETE", path="/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}"), Operation(method="DELETE", path="/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="DELETE", path="/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects"), Operation(method="DELETE", path="/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects"), Operation(method="DELETE", path="/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects")], ), base.APIRule( name="identity:list_system_grants_for_user", check_str=("role:reader and system_scope:all"), description="List all grants a specific user has on the system.", scope_types=["system"], - operations=[{"method": "HEAD", "path": "/v3/system/users/{user_id}/roles"}, {"method": "GET", "path": "/v3/system/users/{user_id}/roles"}], + operations=[Operation(method="HEAD", path="/v3/system/users/{user_id}/roles"), Operation(method="GET", path="/v3/system/users/{user_id}/roles")], ), base.APIRule( name="identity:check_system_grant_for_user", check_str=("role:reader and system_scope:all"), description="Check if a user has a role on the system.", scope_types=["system"], - operations=[{"method": "HEAD", "path": "/v3/system/users/{user_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/system/users/{user_id}/roles/{role_id}"}], + operations=[Operation(method="HEAD", path="/v3/system/users/{user_id}/roles/{role_id}"), Operation(method="GET", path="/v3/system/users/{user_id}/roles/{role_id}")], ), base.APIRule( name="identity:create_system_grant_for_user", check_str=("role:admin and system_scope:all"), description="Grant a user a role on the system.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/system/users/{user_id}/roles/{role_id}"}], + operations=[Operation(method="PUT", path="/v3/system/users/{user_id}/roles/{role_id}")], ), base.APIRule( name="identity:revoke_system_grant_for_user", check_str=("role:admin and system_scope:all"), description="Remove a role from a user on the system.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/system/users/{user_id}/roles/{role_id}"}], + operations=[Operation(method="DELETE", path="/v3/system/users/{user_id}/roles/{role_id}")], ), base.APIRule( name="identity:list_system_grants_for_group", check_str=("role:reader and system_scope:all"), description="List all grants a specific group has on the system.", scope_types=["system"], - operations=[{"method": "HEAD", "path": "/v3/system/groups/{group_id}/roles"}, {"method": "GET", "path": "/v3/system/groups/{group_id}/roles"}], + operations=[Operation(method="HEAD", path="/v3/system/groups/{group_id}/roles"), Operation(method="GET", path="/v3/system/groups/{group_id}/roles")], ), base.APIRule( name="identity:check_system_grant_for_group", check_str=("role:reader and system_scope:all"), description="Check if a group has a role on the system.", scope_types=["system"], - operations=[{"method": "HEAD", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}, {"method": "GET", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}], + operations=[Operation(method="HEAD", path="/v3/system/groups/{group_id}/roles/{role_id}"), Operation(method="GET", path="/v3/system/groups/{group_id}/roles/{role_id}")], ), base.APIRule( name="identity:create_system_grant_for_group", check_str=("role:admin and system_scope:all"), description="Grant a group a role on the system.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}], + operations=[Operation(method="PUT", path="/v3/system/groups/{group_id}/roles/{role_id}")], ), base.APIRule( name="identity:revoke_system_grant_for_group", check_str=("role:admin and system_scope:all"), description="Remove a role from a group on the system.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/system/groups/{group_id}/roles/{role_id}"}], + operations=[Operation(method="DELETE", path="/v3/system/groups/{group_id}/roles/{role_id}")], ), base.APIRule( name="identity:get_group", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)"), description="Show group details.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/groups/{group_id}"}, {"method": "HEAD", "path": "/v3/groups/{group_id}"}], + operations=[Operation(method="GET", path="/v3/groups/{group_id}"), Operation(method="HEAD", path="/v3/groups/{group_id}")], ), base.APIRule( name="identity:list_groups", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)"), description="List groups.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/groups"}, {"method": "HEAD", "path": "/v3/groups"}], + operations=[Operation(method="GET", path="/v3/groups"), Operation(method="HEAD", path="/v3/groups")], ), base.APIRule( name="identity:list_groups_for_user", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(user_id)s"), description="List groups to which a user belongs.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/groups"}, {"method": "HEAD", "path": "/v3/users/{user_id}/groups"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/groups"), Operation(method="HEAD", path="/v3/users/{user_id}/groups")], ), base.APIRule( name="identity:create_group", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)"), description="Create group.", scope_types=["system", "domain"], - operations=[{"method": "POST", "path": "/v3/groups"}], + operations=[Operation(method="POST", path="/v3/groups")], ), base.APIRule( name="identity:update_group", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)"), description="Update group.", scope_types=["system", "domain"], - operations=[{"method": "PATCH", "path": "/v3/groups/{group_id}"}], + operations=[Operation(method="PATCH", path="/v3/groups/{group_id}")], ), base.APIRule( name="identity:delete_group", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s)"), description="Delete group.", scope_types=["system", "domain"], - operations=[{"method": "DELETE", "path": "/v3/groups/{group_id}"}], + operations=[Operation(method="DELETE", path="/v3/groups/{group_id}")], ), base.APIRule( name="identity:list_users_in_group", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s)"), description="List members of a specific group.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/groups/{group_id}/users"}, {"method": "HEAD", "path": "/v3/groups/{group_id}/users"}], + operations=[Operation(method="GET", path="/v3/groups/{group_id}/users"), Operation(method="HEAD", path="/v3/groups/{group_id}/users")], ), base.APIRule( name="identity:remove_user_from_group", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"), description="Remove user from group.", scope_types=["system", "domain"], - operations=[{"method": "DELETE", "path": "/v3/groups/{group_id}/users/{user_id}"}], + operations=[Operation(method="DELETE", path="/v3/groups/{group_id}/users/{user_id}")], ), base.APIRule( name="identity:check_user_in_group", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"), description="Check whether a user is a member of a group.", scope_types=["system", "domain"], - operations=[{"method": "HEAD", "path": "/v3/groups/{group_id}/users/{user_id}"}, {"method": "GET", "path": "/v3/groups/{group_id}/users/{user_id}"}], + operations=[Operation(method="HEAD", path="/v3/groups/{group_id}/users/{user_id}"), Operation(method="GET", path="/v3/groups/{group_id}/users/{user_id}")], ), base.APIRule( name="identity:add_user_to_group", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.group.domain_id)s and domain_id:%(target.user.domain_id)s)"), description="Add user to group.", scope_types=["system", "domain"], - operations=[{"method": "PUT", "path": "/v3/groups/{group_id}/users/{user_id}"}], + operations=[Operation(method="PUT", path="/v3/groups/{group_id}/users/{user_id}")], ), base.APIRule( name="identity:create_identity_provider", check_str=("role:admin and system_scope:all"), description="Create identity provider.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-FEDERATION/identity_providers/{idp_id}")], ), base.APIRule( name="identity:list_identity_providers", check_str=("role:reader and system_scope:all"), description="List identity providers.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/identity_providers"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/identity_providers"), Operation(method="HEAD", path="/v3/OS-FEDERATION/identity_providers")], ), base.APIRule( name="identity:get_identity_provider", check_str=("role:reader and system_scope:all"), description="Get identity provider.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/identity_providers/{idp_id}"), Operation(method="HEAD", path="/v3/OS-FEDERATION/identity_providers/{idp_id}")], ), base.APIRule( name="identity:update_identity_provider", check_str=("role:admin and system_scope:all"), description="Update identity provider.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-FEDERATION/identity_providers/{idp_id}")], ), base.APIRule( name="identity:delete_identity_provider", check_str=("role:admin and system_scope:all"), description="Delete identity provider.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-FEDERATION/identity_providers/{idp_id}")], ), base.APIRule( name="identity:get_implied_role", check_str=("role:reader and system_scope:all"), description="Get information about an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}], + operations=[Operation(method="GET", path="/v3/roles/{prior_role_id}/implies/{implied_role_id}")], ), base.APIRule( name="identity:list_implied_roles", check_str=("role:reader and system_scope:all"), description="List associations between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. This will return all the implied roles that would be assumed by the user who gets the specified prior role.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles/{prior_role_id}/implies"}, {"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies"}], + operations=[Operation(method="GET", path="/v3/roles/{prior_role_id}/implies"), Operation(method="HEAD", path="/v3/roles/{prior_role_id}/implies")], ), base.APIRule( name="identity:create_implied_role", check_str=("role:admin and system_scope:all"), description="Create an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}], + operations=[Operation(method="PUT", path="/v3/roles/{prior_role_id}/implies/{implied_role_id}")], ), base.APIRule( name="identity:delete_implied_role", check_str=("role:admin and system_scope:all"), description="Delete the association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role. Removing the association will cause that effect to be eliminated.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}], + operations=[Operation(method="DELETE", path="/v3/roles/{prior_role_id}/implies/{implied_role_id}")], ), base.APIRule( name="identity:list_role_inference_rules", check_str=("role:reader and system_scope:all"), description="List all associations between two roles in the system. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/role_inferences"}, {"method": "HEAD", "path": "/v3/role_inferences"}], + operations=[Operation(method="GET", path="/v3/role_inferences"), Operation(method="HEAD", path="/v3/role_inferences")], ), base.APIRule( name="identity:check_implied_role", check_str=("role:reader and system_scope:all"), description="Check an association between two roles. When a relationship exists between a prior role and an implied role and the prior role is assigned to a user, the user also assumes the implied role.", scope_types=["system"], - operations=[{"method": "HEAD", "path": "/v3/roles/{prior_role_id}/implies/{implied_role_id}"}], + operations=[Operation(method="HEAD", path="/v3/roles/{prior_role_id}/implies/{implied_role_id}")], ), base.APIRule( name="identity:get_limit_model", check_str=(""), description="Get limit enforcement model.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/limits/model"}, {"method": "HEAD", "path": "/v3/limits/model"}], + operations=[Operation(method="GET", path="/v3/limits/model"), Operation(method="HEAD", path="/v3/limits/model")], ), base.APIRule( name="identity:get_limit", check_str=("(role:reader and system_scope:all) or (domain_id:%(target.limit.domain.id)s or domain_id:%(target.limit.project.domain_id)s) or (project_id:%(target.limit.project_id)s and not None:%(target.limit.project_id)s)"), description="Show limit details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/limits/{limit_id}"}, {"method": "HEAD", "path": "/v3/limits/{limit_id}"}], + operations=[Operation(method="GET", path="/v3/limits/{limit_id}"), Operation(method="HEAD", path="/v3/limits/{limit_id}")], ), base.APIRule( name="identity:list_limits", check_str=(""), description="List limits.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/limits"}, {"method": "HEAD", "path": "/v3/limits"}], + operations=[Operation(method="GET", path="/v3/limits"), Operation(method="HEAD", path="/v3/limits")], ), base.APIRule( name="identity:create_limits", check_str=("role:admin and system_scope:all"), description="Create limits.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/limits"}], + operations=[Operation(method="POST", path="/v3/limits")], ), base.APIRule( name="identity:update_limit", check_str=("role:admin and system_scope:all"), description="Update limit.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/limits/{limit_id}"}], + operations=[Operation(method="PATCH", path="/v3/limits/{limit_id}")], ), base.APIRule( name="identity:delete_limit", check_str=("role:admin and system_scope:all"), description="Delete limit.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/limits/{limit_id}"}], + operations=[Operation(method="DELETE", path="/v3/limits/{limit_id}")], ), base.APIRule( name="identity:create_mapping", check_str=("role:admin and system_scope:all"), description="Create a new federated mapping containing one or more sets of rules.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-FEDERATION/mappings/{mapping_id}")], ), base.APIRule( name="identity:get_mapping", check_str=("role:reader and system_scope:all"), description="Get a federated mapping.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/mappings/{mapping_id}"), Operation(method="HEAD", path="/v3/OS-FEDERATION/mappings/{mapping_id}")], ), base.APIRule( name="identity:list_mappings", check_str=("role:reader and system_scope:all"), description="List federated mappings.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/mappings"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/mappings"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/mappings"), Operation(method="HEAD", path="/v3/OS-FEDERATION/mappings")], ), base.APIRule( name="identity:delete_mapping", check_str=("role:admin and system_scope:all"), description="Delete a federated mapping.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-FEDERATION/mappings/{mapping_id}")], ), base.APIRule( name="identity:update_mapping", check_str=("role:admin and system_scope:all"), description="Update a federated mapping.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/mappings/{mapping_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-FEDERATION/mappings/{mapping_id}")], ), base.APIRule( name="identity:get_policy", check_str=("role:reader and system_scope:all"), description="Show policy details.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies/{policy_id}"}], + operations=[Operation(method="GET", path="/v3/policies/{policy_id}")], ), base.APIRule( name="identity:list_policies", check_str=("role:reader and system_scope:all"), description="List policies.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies"}], + operations=[Operation(method="GET", path="/v3/policies")], ), base.APIRule( name="identity:create_policy", check_str=("role:admin and system_scope:all"), description="Create policy.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/policies"}], + operations=[Operation(method="POST", path="/v3/policies")], ), base.APIRule( name="identity:update_policy", check_str=("role:admin and system_scope:all"), description="Update policy.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/policies/{policy_id}"}], + operations=[Operation(method="PATCH", path="/v3/policies/{policy_id}")], ), base.APIRule( name="identity:delete_policy", check_str=("role:admin and system_scope:all"), description="Delete policy.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/policies/{policy_id}"}], + operations=[Operation(method="DELETE", path="/v3/policies/{policy_id}")], ), base.APIRule( name="identity:create_policy_association_for_endpoint", check_str=("role:admin and system_scope:all"), description="Associate a policy to a specific endpoint.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}"}], + operations=[Operation(method="PUT", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:check_policy_association_for_endpoint", check_str=("role:reader and system_scope:all"), description="Check policy association for endpoint.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}"}, {"method": "HEAD", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}"}], + operations=[Operation(method="GET", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}"), Operation(method="HEAD", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:delete_policy_association_for_endpoint", check_str=("role:admin and system_scope:all"), description="Delete policy association for endpoint.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}"}], + operations=[Operation(method="DELETE", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:create_policy_association_for_service", check_str=("role:admin and system_scope:all"), description="Associate a policy to a specific service.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}"}], + operations=[Operation(method="PUT", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}")], ), base.APIRule( name="identity:check_policy_association_for_service", check_str=("role:reader and system_scope:all"), description="Check policy association for service.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}"}, {"method": "HEAD", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}"}], + operations=[Operation(method="GET", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}"), Operation(method="HEAD", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}")], ), base.APIRule( name="identity:delete_policy_association_for_service", check_str=("role:admin and system_scope:all"), description="Delete policy association for service.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}"}], + operations=[Operation(method="DELETE", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}")], ), base.APIRule( name="identity:create_policy_association_for_region_and_service", check_str=("role:admin and system_scope:all"), description="Associate a policy to a specific region and service combination.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}"}], + operations=[Operation(method="PUT", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}")], ), base.APIRule( name="identity:check_policy_association_for_region_and_service", check_str=("role:reader and system_scope:all"), description="Check policy association for region and service.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}"}, {"method": "HEAD", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}"}], + operations=[Operation(method="GET", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}"), Operation(method="HEAD", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}")], ), base.APIRule( name="identity:delete_policy_association_for_region_and_service", check_str=("role:admin and system_scope:all"), description="Delete policy association for region and service.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}"}], + operations=[Operation(method="DELETE", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}")], ), base.APIRule( name="identity:get_policy_for_endpoint", check_str=("role:reader and system_scope:all"), description="Get policy for endpoint.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy"}, {"method": "HEAD", "path": "/v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy"}], + operations=[Operation(method="GET", path="/v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy"), Operation(method="HEAD", path="/v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy")], ), base.APIRule( name="identity:list_endpoints_for_policy", check_str=("role:reader and system_scope:all"), description="List endpoints for policy.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints"}], + operations=[Operation(method="GET", path="/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints")], ), base.APIRule( name="identity:get_project", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"), description="Show project details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/projects/{project_id}"}], + operations=[Operation(method="GET", path="/v3/projects/{project_id}")], ), base.APIRule( name="identity:list_projects", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)"), description="List projects.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/projects"}], + operations=[Operation(method="GET", path="/v3/projects")], ), base.APIRule( name="identity:list_user_projects", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.user.domain_id)s) or user_id:%(target.user.id)s"), description="List projects for user.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}/projects"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}/projects")], ), base.APIRule( name="identity:create_project", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)"), description="Create project.", scope_types=["system", "domain"], - operations=[{"method": "POST", "path": "/v3/projects"}], + operations=[Operation(method="POST", path="/v3/projects")], ), base.APIRule( name="identity:update_project", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)"), description="Update project.", scope_types=["system", "domain"], - operations=[{"method": "PATCH", "path": "/v3/projects/{project_id}"}], + operations=[Operation(method="PATCH", path="/v3/projects/{project_id}")], ), base.APIRule( name="identity:delete_project", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s)"), description="Delete project.", scope_types=["system", "domain"], - operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}"}], + operations=[Operation(method="DELETE", path="/v3/projects/{project_id}")], ), base.APIRule( name="identity:list_project_tags", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"), description="List tags for a project.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/projects/{project_id}/tags"}, {"method": "HEAD", "path": "/v3/projects/{project_id}/tags"}], + operations=[Operation(method="GET", path="/v3/projects/{project_id}/tags"), Operation(method="HEAD", path="/v3/projects/{project_id}/tags")], ), base.APIRule( name="identity:get_project_tag", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or project_id:%(target.project.id)s"), description="Check if project contains a tag.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/projects/{project_id}/tags/{value}"}, {"method": "HEAD", "path": "/v3/projects/{project_id}/tags/{value}"}], + operations=[Operation(method="GET", path="/v3/projects/{project_id}/tags/{value}"), Operation(method="HEAD", path="/v3/projects/{project_id}/tags/{value}")], ), base.APIRule( name="identity:update_project_tags", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"), description="Replace all tags on a project with the new set of tags.", scope_types=["system", "domain", "project"], - operations=[{"method": "PUT", "path": "/v3/projects/{project_id}/tags"}], + operations=[Operation(method="PUT", path="/v3/projects/{project_id}/tags")], ), base.APIRule( name="identity:create_project_tag", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"), description="Add a single tag to a project.", scope_types=["system", "domain", "project"], - operations=[{"method": "PUT", "path": "/v3/projects/{project_id}/tags/{value}"}], + operations=[Operation(method="PUT", path="/v3/projects/{project_id}/tags/{value}")], ), base.APIRule( name="identity:delete_project_tags", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"), description="Remove all tags from a project.", scope_types=["system", "domain", "project"], - operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}/tags"}], + operations=[Operation(method="DELETE", path="/v3/projects/{project_id}/tags")], ), base.APIRule( name="identity:delete_project_tag", check_str=("(role:admin and system_scope:all) or (role:admin and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"), description="Delete a specified tag from project.", scope_types=["system", "domain", "project"], - operations=[{"method": "DELETE", "path": "/v3/projects/{project_id}/tags/{value}"}], + operations=[Operation(method="DELETE", path="/v3/projects/{project_id}/tags/{value}")], ), base.APIRule( name="identity:list_projects_for_endpoint", check_str=("role:reader and system_scope:all"), description="List projects allowed to access an endpoint.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects")], ), base.APIRule( name="identity:add_endpoint_to_project", check_str=("role:admin and system_scope:all"), description="Allow project to access an endpoint.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:check_endpoint_in_project", check_str=("role:reader and system_scope:all"), description="Check if a project is allowed to access an endpoint.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}"}, {"method": "HEAD", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}"), Operation(method="HEAD", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:list_endpoints_for_project", check_str=("role:reader and system_scope:all"), description="List the endpoints a project is allowed to access.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints"}], + operations=[Operation(method="GET", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoints")], ), base.APIRule( name="identity:remove_endpoint_from_project", check_str=("role:admin and system_scope:all"), description="Remove access to an endpoint from a project that has previously been given explicit access.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}")], ), base.APIRule( name="identity:create_protocol", check_str=("role:admin and system_scope:all"), description="Create federated protocol.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}")], ), base.APIRule( name="identity:update_protocol", check_str=("role:admin and system_scope:all"), description="Update federated protocol.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}")], ), base.APIRule( name="identity:get_protocol", check_str=("role:reader and system_scope:all"), description="Get federated protocol.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}")], ), base.APIRule( name="identity:list_protocols", check_str=("role:reader and system_scope:all"), description="List federated protocols.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols")], ), base.APIRule( name="identity:delete_protocol", check_str=("role:admin and system_scope:all"), description="Delete federated protocol.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}")], ), base.APIRule( name="identity:get_region", check_str=(""), description="Show region details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/regions/{region_id}"}, {"method": "HEAD", "path": "/v3/regions/{region_id}"}], + operations=[Operation(method="GET", path="/v3/regions/{region_id}"), Operation(method="HEAD", path="/v3/regions/{region_id}")], ), base.APIRule( name="identity:list_regions", check_str=(""), description="List regions.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/regions"}, {"method": "HEAD", "path": "/v3/regions"}], + operations=[Operation(method="GET", path="/v3/regions"), Operation(method="HEAD", path="/v3/regions")], ), base.APIRule( name="identity:create_region", check_str=("role:admin and system_scope:all"), description="Create region.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/regions"}, {"method": "PUT", "path": "/v3/regions/{region_id}"}], + operations=[Operation(method="POST", path="/v3/regions"), Operation(method="PUT", path="/v3/regions/{region_id}")], ), base.APIRule( name="identity:update_region", check_str=("role:admin and system_scope:all"), description="Update region.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/regions/{region_id}"}], + operations=[Operation(method="PATCH", path="/v3/regions/{region_id}")], ), base.APIRule( name="identity:delete_region", check_str=("role:admin and system_scope:all"), description="Delete region.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/regions/{region_id}"}], + operations=[Operation(method="DELETE", path="/v3/regions/{region_id}")], ), base.APIRule( name="identity:get_registered_limit", check_str=(""), description="Show registered limit details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/registered_limits/{registered_limit_id}"}, {"method": "HEAD", "path": "/v3/registered_limits/{registered_limit_id}"}], + operations=[Operation(method="GET", path="/v3/registered_limits/{registered_limit_id}"), Operation(method="HEAD", path="/v3/registered_limits/{registered_limit_id}")], ), base.APIRule( name="identity:list_registered_limits", check_str=(""), description="List registered limits.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/registered_limits"}, {"method": "HEAD", "path": "/v3/registered_limits"}], + operations=[Operation(method="GET", path="/v3/registered_limits"), Operation(method="HEAD", path="/v3/registered_limits")], ), base.APIRule( name="identity:create_registered_limits", check_str=("role:admin and system_scope:all"), description="Create registered limits.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/registered_limits"}], + operations=[Operation(method="POST", path="/v3/registered_limits")], ), base.APIRule( name="identity:update_registered_limit", check_str=("role:admin and system_scope:all"), description="Update registered limit.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/registered_limits/{registered_limit_id}"}], + operations=[Operation(method="PATCH", path="/v3/registered_limits/{registered_limit_id}")], ), base.APIRule( name="identity:delete_registered_limit", check_str=("role:admin and system_scope:all"), description="Delete registered limit.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/registered_limits/{registered_limit_id}"}], + operations=[Operation(method="DELETE", path="/v3/registered_limits/{registered_limit_id}")], ), base.APIRule( name="identity:list_revoke_events", check_str=("rule:service_or_admin"), description="List revocation events.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-REVOKE/events"}], + operations=[Operation(method="GET", path="/v3/OS-REVOKE/events")], ), base.APIRule( name="identity:get_role", check_str=("role:reader and system_scope:all"), description="Show role details.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="GET", path="/v3/roles/{role_id}"), Operation(method="HEAD", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:list_roles", check_str=("role:reader and system_scope:all"), description="List roles.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles"}, {"method": "HEAD", "path": "/v3/roles"}], + operations=[Operation(method="GET", path="/v3/roles"), Operation(method="HEAD", path="/v3/roles")], ), base.APIRule( name="identity:create_role", check_str=("role:admin and system_scope:all"), description="Create role.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/roles"}], + operations=[Operation(method="POST", path="/v3/roles")], ), base.APIRule( name="identity:update_role", check_str=("role:admin and system_scope:all"), description="Update role.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="PATCH", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:delete_role", check_str=("role:admin and system_scope:all"), description="Delete role.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="DELETE", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:get_domain_role", check_str=("role:reader and system_scope:all"), description="Show domain role.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="GET", path="/v3/roles/{role_id}"), Operation(method="HEAD", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:list_domain_roles", check_str=("role:reader and system_scope:all"), description="List domain roles.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/roles?domain_id={domain_id}"}, {"method": "HEAD", "path": "/v3/roles?domain_id={domain_id}"}], + operations=[Operation(method="GET", path="/v3/roles?domain_id={domain_id}"), Operation(method="HEAD", path="/v3/roles?domain_id={domain_id}")], ), base.APIRule( name="identity:create_domain_role", check_str=("role:admin and system_scope:all"), description="Create domain role.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/roles"}], + operations=[Operation(method="POST", path="/v3/roles")], ), base.APIRule( name="identity:update_domain_role", check_str=("role:admin and system_scope:all"), description="Update domain role.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="PATCH", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:delete_domain_role", check_str=("role:admin and system_scope:all"), description="Delete domain role.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/roles/{role_id}"}], + operations=[Operation(method="DELETE", path="/v3/roles/{role_id}")], ), base.APIRule( name="identity:list_role_assignments", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)"), description="List role assignments.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/role_assignments"}, {"method": "HEAD", "path": "/v3/role_assignments"}], + operations=[Operation(method="GET", path="/v3/role_assignments"), Operation(method="HEAD", path="/v3/role_assignments")], ), base.APIRule( name="identity:list_role_assignments_for_tree", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.project.domain_id)s) or (role:admin and project_id:%(target.project.id)s)"), description="List all role assignments for a given tree of hierarchical projects.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/role_assignments?include_subtree"}, {"method": "HEAD", "path": "/v3/role_assignments?include_subtree"}], + operations=[Operation(method="GET", path="/v3/role_assignments?include_subtree"), Operation(method="HEAD", path="/v3/role_assignments?include_subtree")], ), base.APIRule( name="identity:get_service", check_str=("role:reader and system_scope:all"), description="Show service details.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/services/{service_id}"}], + operations=[Operation(method="GET", path="/v3/services/{service_id}")], ), base.APIRule( name="identity:list_services", check_str=("role:reader and system_scope:all"), description="List services.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/services"}], + operations=[Operation(method="GET", path="/v3/services")], ), base.APIRule( name="identity:create_service", check_str=("role:admin and system_scope:all"), description="Create service.", scope_types=["system"], - operations=[{"method": "POST", "path": "/v3/services"}], + operations=[Operation(method="POST", path="/v3/services")], ), base.APIRule( name="identity:update_service", check_str=("role:admin and system_scope:all"), description="Update service.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/services/{service_id}"}], + operations=[Operation(method="PATCH", path="/v3/services/{service_id}")], ), base.APIRule( name="identity:delete_service", check_str=("role:admin and system_scope:all"), description="Delete service.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/services/{service_id}"}], + operations=[Operation(method="DELETE", path="/v3/services/{service_id}")], ), base.APIRule( name="identity:create_service_provider", check_str=("role:admin and system_scope:all"), description="Create federated service provider.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}], + operations=[Operation(method="PUT", path="/v3/OS-FEDERATION/service_providers/{service_provider_id}")], ), base.APIRule( name="identity:list_service_providers", check_str=("role:reader and system_scope:all"), description="List federated service providers.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/service_providers"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/service_providers"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/service_providers"), Operation(method="HEAD", path="/v3/OS-FEDERATION/service_providers")], ), base.APIRule( name="identity:get_service_provider", check_str=("role:reader and system_scope:all"), description="Get federated service provider.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}, {"method": "HEAD", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}], + operations=[Operation(method="GET", path="/v3/OS-FEDERATION/service_providers/{service_provider_id}"), Operation(method="HEAD", path="/v3/OS-FEDERATION/service_providers/{service_provider_id}")], ), base.APIRule( name="identity:update_service_provider", check_str=("role:admin and system_scope:all"), description="Update federated service provider.", scope_types=["system"], - operations=[{"method": "PATCH", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}], + operations=[Operation(method="PATCH", path="/v3/OS-FEDERATION/service_providers/{service_provider_id}")], ), base.APIRule( name="identity:delete_service_provider", check_str=("role:admin and system_scope:all"), description="Delete federated service provider.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/v3/OS-FEDERATION/service_providers/{service_provider_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-FEDERATION/service_providers/{service_provider_id}")], ), base.APIRule( name="identity:revocation_list", check_str=("rule:service_or_admin"), description="List revoked PKI tokens.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/auth/tokens/OS-PKI/revoked"}], + operations=[Operation(method="GET", path="/v3/auth/tokens/OS-PKI/revoked")], ), base.APIRule( name="identity:check_token", check_str=("(role:reader and system_scope:all) or rule:token_subject"), description="Check a token.", scope_types=["system", "domain", "project"], - operations=[{"method": "HEAD", "path": "/v3/auth/tokens"}], + operations=[Operation(method="HEAD", path="/v3/auth/tokens")], ), base.APIRule( name="identity:validate_token", check_str=("(role:reader and system_scope:all) or rule:service_role or rule:token_subject"), description="Validate a token.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/auth/tokens"}], + operations=[Operation(method="GET", path="/v3/auth/tokens")], ), base.APIRule( name="identity:revoke_token", check_str=("(role:admin and system_scope:all) or rule:token_subject"), description="Revoke a token.", scope_types=["system", "domain", "project"], - operations=[{"method": "DELETE", "path": "/v3/auth/tokens"}], + operations=[Operation(method="DELETE", path="/v3/auth/tokens")], ), base.APIRule( name="identity:create_trust", check_str=("user_id:%(trust.trustor_user_id)s"), description="Create trust.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v3/OS-TRUST/trusts"}], + operations=[Operation(method="POST", path="/v3/OS-TRUST/trusts")], ), base.APIRule( name="identity:list_trusts", check_str=("role:reader and system_scope:all"), description="List trusts.", scope_types=["system"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts")], ), base.APIRule( name="identity:list_trusts_for_trustor", check_str=("role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s"), description="List trusts for trustor.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts?trustor_user_id={trustor_user_id}")], ), base.APIRule( name="identity:list_trusts_for_trustee", check_str=("role:reader and system_scope:all or user_id:%(target.trust.trustee_user_id)s"), description="List trusts for trustee.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts?trustee_user_id={trustee_user_id}")], ), base.APIRule( name="identity:list_roles_for_trust", check_str=("role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"), description="List roles delegated by a trust.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts/{trust_id}/roles"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts/{trust_id}/roles"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts/{trust_id}/roles"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts/{trust_id}/roles")], ), base.APIRule( name="identity:get_role_for_trust", check_str=("role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"), description="Check if trust delegates a particular role.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}")], ), base.APIRule( name="identity:delete_trust", check_str=("role:admin and system_scope:all or user_id:%(target.trust.trustor_user_id)s"), description="Revoke trust.", scope_types=["system", "project"], - operations=[{"method": "DELETE", "path": "/v3/OS-TRUST/trusts/{trust_id}"}], + operations=[Operation(method="DELETE", path="/v3/OS-TRUST/trusts/{trust_id}")], ), base.APIRule( name="identity:get_trust", check_str=("role:reader and system_scope:all or user_id:%(target.trust.trustor_user_id)s or user_id:%(target.trust.trustee_user_id)s"), description="Get trust.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/v3/OS-TRUST/trusts/{trust_id}"}, {"method": "HEAD", "path": "/v3/OS-TRUST/trusts/{trust_id}"}], + operations=[Operation(method="GET", path="/v3/OS-TRUST/trusts/{trust_id}"), Operation(method="HEAD", path="/v3/OS-TRUST/trusts/{trust_id}")], ), base.APIRule( name="identity:get_user", check_str=("(role:reader and system_scope:all) or (role:reader and token.domain.id:%(target.user.domain_id)s) or user_id:%(target.user.id)s"), description="Show user details.", scope_types=["system", "domain", "project"], - operations=[{"method": "GET", "path": "/v3/users/{user_id}"}, {"method": "HEAD", "path": "/v3/users/{user_id}"}], + operations=[Operation(method="GET", path="/v3/users/{user_id}"), Operation(method="HEAD", path="/v3/users/{user_id}")], ), base.APIRule( name="identity:list_users", check_str=("(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)"), description="List users.", scope_types=["system", "domain"], - operations=[{"method": "GET", "path": "/v3/users"}, {"method": "HEAD", "path": "/v3/users"}], + operations=[Operation(method="GET", path="/v3/users"), Operation(method="HEAD", path="/v3/users")], ), base.APIRule( name="identity:list_projects_for_user", check_str=(""), description="List all projects a user has access to via role assignments.", scope_types=["project"], - operations=[{"method": "GET", "path": " /v3/auth/projects"}], + operations=[Operation(method="GET", path=" /v3/auth/projects")], ), base.APIRule( name="identity:list_domains_for_user", check_str=(""), description="List all domains a user has access to via role assignments.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v3/auth/domains"}], + operations=[Operation(method="GET", path="/v3/auth/domains")], ), base.APIRule( name="identity:create_user", check_str=("(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)"), description="Create a user.", scope_types=["system", "domain"], - operations=[{"method": "POST", "path": "/v3/users"}], + operations=[Operation(method="POST", path="/v3/users")], ), base.APIRule( name="identity:update_user", check_str=("(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)"), description="Update a user, including administrative password resets.", scope_types=["system", "domain"], - operations=[{"method": "PATCH", "path": "/v3/users/{user_id}"}], + operations=[Operation(method="PATCH", path="/v3/users/{user_id}")], ), base.APIRule( name="identity:delete_user", check_str=("(role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s)"), description="Delete a user.", scope_types=["system", "domain"], - operations=[{"method": "DELETE", "path": "/v3/users/{user_id}"}], + operations=[Operation(method="DELETE", path="/v3/users/{user_id}")], ), ) diff --git a/skyline_apiserver/policy/manager/magnum.py b/skyline_apiserver/policy/manager/magnum.py index f588d07..c1528cb 100644 --- a/skyline_apiserver/policy/manager/magnum.py +++ b/skyline_apiserver/policy/manager/magnum.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -53,441 +55,441 @@ list_rules = ( check_str=("rule:deny_cluster_user"), description="Create a new bay.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/bays"}], + operations=[Operation(method="POST", path="/v1/bays")], ), base.APIRule( name="bay:delete", check_str=("rule:deny_cluster_user"), description="Delete a bay.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/bays/{bay_ident}"}], + operations=[Operation(method="DELETE", path="/v1/bays/{bay_ident}")], ), base.APIRule( name="bay:detail", check_str=("rule:deny_cluster_user"), description="Retrieve a list of bays with detail.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/bays"}], + operations=[Operation(method="GET", path="/v1/bays")], ), base.APIRule( name="bay:get", check_str=("rule:deny_cluster_user"), description="Retrieve information about the given bay.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/bays/{bay_ident}"}], + operations=[Operation(method="GET", path="/v1/bays/{bay_ident}")], ), base.APIRule( name="bay:get_all", check_str=("rule:deny_cluster_user"), description="Retrieve a list of bays.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/bays/"}], + operations=[Operation(method="GET", path="/v1/bays/")], ), base.APIRule( name="bay:update", check_str=("rule:deny_cluster_user"), description="Update an existing bay.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/bays/{bay_ident}"}], + operations=[Operation(method="PATCH", path="/v1/bays/{bay_ident}")], ), base.APIRule( name="baymodel:create", check_str=("rule:deny_cluster_user"), description="Create a new baymodel.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/baymodels"}], + operations=[Operation(method="POST", path="/v1/baymodels")], ), base.APIRule( name="baymodel:delete", check_str=("rule:deny_cluster_user"), description="Delete a baymodel.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/baymodels/{baymodel_ident}"}], + operations=[Operation(method="DELETE", path="/v1/baymodels/{baymodel_ident}")], ), base.APIRule( name="baymodel:detail", check_str=("rule:deny_cluster_user"), description="Retrieve a list of baymodel with detail.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/baymodels"}], + operations=[Operation(method="GET", path="/v1/baymodels")], ), base.APIRule( name="baymodel:get", check_str=("rule:deny_cluster_user"), description="Retrieve information about the given baymodel.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/baymodels/{baymodel_ident}"}], + operations=[Operation(method="GET", path="/v1/baymodels/{baymodel_ident}")], ), base.APIRule( name="baymodel:get_all", check_str=("rule:deny_cluster_user"), description="Retrieve a list of baymodel.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/baymodels"}], + operations=[Operation(method="GET", path="/v1/baymodels")], ), base.APIRule( name="baymodel:update", check_str=("rule:deny_cluster_user"), description="Update an existing baymodel.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/baymodels/{baymodel_ident}"}], + operations=[Operation(method="PATCH", path="/v1/baymodels/{baymodel_ident}")], ), base.APIRule( name="baymodel:publish", check_str=("rule:admin_api"), description="Publish an existing baymodel.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/baymodels"}, {"method": "PATCH", "path": "/v1/baymodels"}], + operations=[Operation(method="POST", path="/v1/baymodels"), Operation(method="PATCH", path="/v1/baymodels")], ), base.APIRule( name="certificate:create", check_str=("rule:admin_or_user or rule:cluster_user"), description="Sign a new certificate by the CA.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/certificates"}], + operations=[Operation(method="POST", path="/v1/certificates")], ), base.APIRule( name="certificate:get", check_str=("rule:admin_or_user or rule:cluster_user"), description="Retrieve CA information about the given bay/cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/certificates/{bay_uuid/cluster_uuid}"}], + operations=[Operation(method="GET", path="/v1/certificates/{bay_uuid/cluster_uuid}")], ), base.APIRule( name="certificate:rotate_ca", check_str=("rule:admin_or_owner"), description="Rotate the CA certificate on the given bay/cluster.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/certificates/{bay_uuid/cluster_uuid}"}], + operations=[Operation(method="PATCH", path="/v1/certificates/{bay_uuid/cluster_uuid}")], ), base.APIRule( name="cluster:create", check_str=("rule:deny_cluster_user"), description="Create a new cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clusters"}], + operations=[Operation(method="POST", path="/v1/clusters")], ), base.APIRule( name="cluster:delete", check_str=("rule:deny_cluster_user"), description="Delete a cluster.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="DELETE", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:delete_all_projects", check_str=("rule:admin_api"), description="Delete a cluster from any project.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="DELETE", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:detail", check_str=("rule:deny_cluster_user"), description="Retrieve a list of clusters with detail.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters"}], + operations=[Operation(method="GET", path="/v1/clusters")], ), base.APIRule( name="cluster:detail_all_projects", check_str=("rule:admin_api"), description="Retrieve a list of clusters with detail across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters"}], + operations=[Operation(method="GET", path="/v1/clusters")], ), base.APIRule( name="cluster:get", check_str=("rule:deny_cluster_user"), description="Retrieve information about the given cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:get_one_all_projects", check_str=("rule:admin_api"), description="Retrieve information about the given cluster across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:get_all", check_str=("rule:deny_cluster_user"), description="Retrieve a list of clusters.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/"}], + operations=[Operation(method="GET", path="/v1/clusters/")], ), base.APIRule( name="cluster:get_all_all_projects", check_str=("rule:admin_api"), description="Retrieve a list of all clusters across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/"}], + operations=[Operation(method="GET", path="/v1/clusters/")], ), base.APIRule( name="cluster:update", check_str=("rule:deny_cluster_user"), description="Update an existing cluster.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="PATCH", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:update_health_status", check_str=("rule:admin_or_user or rule:cluster_user"), description="Update the health status of an existing cluster.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="PATCH", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:update_all_projects", check_str=("rule:admin_api"), description="Update an existing cluster.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clusters/{cluster_ident}"}], + operations=[Operation(method="PATCH", path="/v1/clusters/{cluster_ident}")], ), base.APIRule( name="cluster:resize", check_str=("rule:deny_cluster_user"), description="Resize an existing cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clusters/{cluster_ident}/actions/resize"}], + operations=[Operation(method="POST", path="/v1/clusters/{cluster_ident}/actions/resize")], ), base.APIRule( name="cluster:upgrade", check_str=("rule:deny_cluster_user"), description="Upgrade an existing cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clusters/{cluster_ident}/actions/upgrade"}], + operations=[Operation(method="POST", path="/v1/clusters/{cluster_ident}/actions/upgrade")], ), base.APIRule( name="cluster:upgrade_all_projects", check_str=("rule:admin_api"), description="Upgrade an existing cluster across all projects.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clusters/{cluster_ident}/actions/upgrade"}], + operations=[Operation(method="POST", path="/v1/clusters/{cluster_ident}/actions/upgrade")], ), base.APIRule( name="clustertemplate:create", check_str=("rule:deny_cluster_user"), description="Create a new cluster template.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clustertemplates"}], + operations=[Operation(method="POST", path="/v1/clustertemplates")], ), base.APIRule( name="clustertemplate:delete", check_str=("rule:admin_or_owner"), description="Delete a cluster template.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="DELETE", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:delete_all_projects", check_str=("rule:admin_api"), description="Delete a cluster template from any project.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="DELETE", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:detail_all_projects", check_str=("rule:admin_api"), description="Retrieve a list of cluster templates with detail across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplates"}], + operations=[Operation(method="GET", path="/v1/clustertemplates")], ), base.APIRule( name="clustertemplate:detail", check_str=("rule:deny_cluster_user"), description="Retrieve a list of cluster templates with detail.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplates"}], + operations=[Operation(method="GET", path="/v1/clustertemplates")], ), base.APIRule( name="clustertemplate:get", check_str=("rule:deny_cluster_user"), description="Retrieve information about the given cluster template.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="GET", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:get_one_all_projects", check_str=("rule:admin_api"), description="Retrieve information about the given cluster template across project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="GET", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:get_all", check_str=("rule:deny_cluster_user"), description="Retrieve a list of cluster templates.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplates"}], + operations=[Operation(method="GET", path="/v1/clustertemplates")], ), base.APIRule( name="clustertemplate:get_all_all_projects", check_str=("rule:admin_api"), description="Retrieve a list of cluster templates across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clustertemplates"}], + operations=[Operation(method="GET", path="/v1/clustertemplates")], ), base.APIRule( name="clustertemplate:update", check_str=("rule:admin_or_owner"), description="Update an existing cluster template.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="PATCH", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:update_all_projects", check_str=("rule:admin_api"), description="Update an existing cluster template.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clustertemplate/{clustertemplate_ident}"}], + operations=[Operation(method="PATCH", path="/v1/clustertemplate/{clustertemplate_ident}")], ), base.APIRule( name="clustertemplate:publish", check_str=("rule:admin_api"), description="Publish an existing cluster template.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clustertemplates"}, {"method": "PATCH", "path": "/v1/clustertemplates"}], + operations=[Operation(method="POST", path="/v1/clustertemplates"), Operation(method="PATCH", path="/v1/clustertemplates")], ), base.APIRule( name="federation:create", check_str=("rule:deny_cluster_user"), description="Create a new federation.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/federations"}], + operations=[Operation(method="POST", path="/v1/federations")], ), base.APIRule( name="federation:delete", check_str=("rule:deny_cluster_user"), description="Delete a federation.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/federations/{federation_ident}"}], + operations=[Operation(method="DELETE", path="/v1/federations/{federation_ident}")], ), base.APIRule( name="federation:detail", check_str=("rule:deny_cluster_user"), description="Retrieve a list of federations with detail.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/federations"}], + operations=[Operation(method="GET", path="/v1/federations")], ), base.APIRule( name="federation:get", check_str=("rule:deny_cluster_user"), description="Retrieve information about the given federation.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/federations/{federation_ident}"}], + operations=[Operation(method="GET", path="/v1/federations/{federation_ident}")], ), base.APIRule( name="federation:get_all", check_str=("rule:deny_cluster_user"), description="Retrieve a list of federations.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/federations/"}], + operations=[Operation(method="GET", path="/v1/federations/")], ), base.APIRule( name="federation:update", check_str=("rule:deny_cluster_user"), description="Update an existing federation.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/federations/{federation_ident}"}], + operations=[Operation(method="PATCH", path="/v1/federations/{federation_ident}")], ), base.APIRule( name="magnum-service:get_all", check_str=("rule:admin_api"), description="Retrieve a list of magnum-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/mservices"}], + operations=[Operation(method="GET", path="/v1/mservices")], ), base.APIRule( name="quota:create", check_str=("rule:admin_api"), description="Create quota.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/quotas"}], + operations=[Operation(method="POST", path="/v1/quotas")], ), base.APIRule( name="quota:delete", check_str=("rule:admin_api"), description="Delete quota for a given project_id and resource.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/quotas/{project_id}/{resource}"}], + operations=[Operation(method="DELETE", path="/v1/quotas/{project_id}/{resource}")], ), base.APIRule( name="quota:get", check_str=("rule:admin_or_owner"), description="Retrieve Quota information for the given project_id.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quotas/{project_id}/{resource}"}], + operations=[Operation(method="GET", path="/v1/quotas/{project_id}/{resource}")], ), base.APIRule( name="quota:get_all", check_str=("rule:admin_api"), description="Retrieve a list of quotas.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quotas"}], + operations=[Operation(method="GET", path="/v1/quotas")], ), base.APIRule( name="quota:update", check_str=("rule:admin_api"), description="Update quota for a given project_id.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/quotas/{project_id}/{resource}"}], + operations=[Operation(method="PATCH", path="/v1/quotas/{project_id}/{resource}")], ), base.APIRule( name="stats:get_all", check_str=("rule:admin_or_owner"), description="Retrieve magnum stats.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/stats"}], + operations=[Operation(method="GET", path="/v1/stats")], ), base.APIRule( name="nodegroup:get", check_str=("rule:admin_or_owner"), description="Retrieve information about the given nodegroup.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_id}/nodegroup/{nodegroup}"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_id}/nodegroup/{nodegroup}")], ), base.APIRule( name="nodegroup:get_all", check_str=("rule:admin_or_owner"), description="Retrieve a list of nodegroups that belong to a cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_id}/nodegroups/"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_id}/nodegroups/")], ), base.APIRule( name="nodegroup:get_all_all_projects", check_str=("rule:admin_api"), description="Retrieve a list of nodegroups across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_id}/nodegroups/"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_id}/nodegroups/")], ), base.APIRule( name="nodegroup:get_one_all_projects", check_str=("rule:admin_api"), description="Retrieve infornation for a given nodegroup.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/clusters/{cluster_id}/nodegroups/{nodegroup}"}], + operations=[Operation(method="GET", path="/v1/clusters/{cluster_id}/nodegroups/{nodegroup}")], ), base.APIRule( name="nodegroup:create", check_str=("rule:admin_or_owner"), description="Create a new nodegroup.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/clusters/{cluster_id}/nodegroups/"}], + operations=[Operation(method="POST", path="/v1/clusters/{cluster_id}/nodegroups/")], ), base.APIRule( name="nodegroup:delete", check_str=("rule:admin_or_owner"), description="Delete a nodegroup.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/clusters/{cluster_id}/nodegroups/{nodegroup}"}], + operations=[Operation(method="DELETE", path="/v1/clusters/{cluster_id}/nodegroups/{nodegroup}")], ), base.APIRule( name="nodegroup:update", check_str=("rule:admin_or_owner"), description="Update an existing nodegroup.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/clusters/{cluster_id}/nodegroups/{nodegroup}"}], + operations=[Operation(method="PATCH", path="/v1/clusters/{cluster_id}/nodegroups/{nodegroup}")], ), ) diff --git a/skyline_apiserver/policy/manager/manila.py b/skyline_apiserver/policy/manager/manila.py index a68ef37..31b1e51 100644 --- a/skyline_apiserver/policy/manager/manila.py +++ b/skyline_apiserver/policy/manager/manila.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -58,1190 +60,1190 @@ list_rules = ( check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all storage availability zones.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-availability-zone"}, {"method": "GET", "path": "/availability-zone"}], + operations=[Operation(method="GET", path="/os-availability-zone"), Operation(method="GET", path="/availability-zone")], ), base.APIRule( name="scheduler_stats:pools:index", check_str=("rule:context_is_admin"), description="Get information regarding backends (and storage pools) known to the scheduler.", scope_types=["project"], - operations=[{"method": "GET", "path": "/scheduler-stats/pools?{query}"}], + operations=[Operation(method="GET", path="/scheduler-stats/pools?{query}")], ), base.APIRule( name="scheduler_stats:pools:detail", check_str=("rule:context_is_admin"), description="Get detailed information regarding backends (and storage pools) known to the scheduler.", scope_types=["project"], - operations=[{"method": "GET", "path": "/scheduler-stats/pools/detail?{query}"}], + operations=[Operation(method="GET", path="/scheduler-stats/pools/detail?{query}")], ), base.APIRule( name="share:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares"}], + operations=[Operation(method="POST", path="/shares")], ), base.APIRule( name="share:create_public_share", check_str=("rule:context_is_admin"), description="Create shares visible across all projects in the cloud.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares"}], + operations=[Operation(method="POST", path="/shares")], ), base.APIRule( name="share:get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get share.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares/{share_id}"}], + operations=[Operation(method="GET", path="/shares/{share_id}")], ), base.APIRule( name="share:get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List shares.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares?{query}"}, {"method": "GET", "path": "/shares/detail?{query}"}], + operations=[Operation(method="GET", path="/shares?{query}"), Operation(method="GET", path="/shares/detail?{query}")], ), base.APIRule( name="share:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update a share.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/shares/{share_id}"}], + operations=[Operation(method="PUT", path="/shares/{share_id}")], ), base.APIRule( name="share:set_public_share", check_str=("rule:context_is_admin"), description="Update a share to be visible across all projects in the cloud.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/shares/{share_id}"}], + operations=[Operation(method="PUT", path="/shares/{share_id}")], ), base.APIRule( name="share:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete share.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/shares/{share_id}"}], + operations=[Operation(method="DELETE", path="/shares/{share_id}")], ), base.APIRule( name="share:soft_delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Soft Delete a share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:restore", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Restore a share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:force_delete", check_str=("rule:context_is_admin"), description="Force Delete a share.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/shares/{share_id}"}], + operations=[Operation(method="DELETE", path="/shares/{share_id}")], ), base.APIRule( name="share:manage", check_str=("rule:context_is_admin"), description="Manage share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/manage"}], + operations=[Operation(method="POST", path="/shares/manage")], ), base.APIRule( name="share:unmanage", check_str=("rule:context_is_admin"), description="Unmanage share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/unmanage"}], + operations=[Operation(method="POST", path="/shares/unmanage")], ), base.APIRule( name="share:list_by_host", check_str=("rule:context_is_admin"), description="List share by host.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares?host={host}"}, {"method": "GET", "path": "/shares/detail?host={host}"}], + operations=[Operation(method="GET", path="/shares?host={host}"), Operation(method="GET", path="/shares/detail?host={host}")], ), base.APIRule( name="share:list_by_share_server_id", check_str=("rule:context_is_admin"), description="List share by server id.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares?share_server_id={share_server_id}"}, {"method": "GET", "path": "/shares/detail?share_server_id={share_server_id}"}], + operations=[Operation(method="GET", path="/shares?share_server_id={share_server_id}"), Operation(method="GET", path="/shares/detail?share_server_id={share_server_id}")], ), base.APIRule( name="share:access_get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get share access rule (deprecated in API version 2.45).", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:access_get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List share access rules (deprecated in API version 2.45).", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="GET", path="/shares/{share_id}/action")], ), base.APIRule( name="share:extend", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Extend share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:force_extend", check_str=("rule:context_is_admin"), description="Force extend share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:shrink", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Shrink share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:migration_start", check_str=("rule:context_is_admin"), description="Migrate a share to the specified host.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:migration_complete", check_str=("rule:context_is_admin"), description="Invoke 2nd phase of share migration.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:migration_cancel", check_str=("rule:context_is_admin"), description="Attempt to cancel share migration.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:migration_get_progress", check_str=("rule:context_is_admin"), description="Retrieve share migration progress for a given share.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:reset_task_state", check_str=("rule:context_is_admin"), description="Reset task state.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:reset_status", check_str=("rule:context_is_admin"), description="Reset status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:revert_to_snapshot", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Revert a share to a snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:allow_access", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Add share access rule.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:deny_access", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Remove share access rule.", scope_types=["project"], - operations=[{"method": "POST", "path": "/shares/{share_id}/action"}], + operations=[Operation(method="POST", path="/shares/{share_id}/action")], ), base.APIRule( name="share:update_share_metadata", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update share metadata.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/shares/{share_id}/metadata"}, {"method": "POST", "path": "/shares/{share_id}/metadata/{key}"}, {"method": "POST", "path": "/shares/{share_id}/metadata"}], + operations=[Operation(method="PUT", path="/shares/{share_id}/metadata"), Operation(method="POST", path="/shares/{share_id}/metadata/{key}"), Operation(method="POST", path="/shares/{share_id}/metadata")], ), base.APIRule( name="share:delete_share_metadata", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete share metadata.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/shares/{share_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/shares/{share_id}/metadata/{key}")], ), base.APIRule( name="share:get_share_metadata", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get share metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares/{share_id}/metadata"}, {"method": "GET", "path": "/shares/{share_id}/metadata/{key}"}], + operations=[Operation(method="GET", path="/shares/{share_id}/metadata"), Operation(method="GET", path="/shares/{share_id}/metadata/{key}")], ), base.APIRule( name="share:create_snapshot", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create share snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots"}], + operations=[Operation(method="POST", path="/snapshots")], ), base.APIRule( name="share:delete_snapshot", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete share snapshot.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="share:snapshot_update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update share snapshot.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/snapshots/{snapshot_id}/action"}], + operations=[Operation(method="PUT", path="/snapshots/{snapshot_id}/action")], ), base.APIRule( name="share:update_admin_only_metadata", check_str=("rule:context_is_admin"), description="Update metadata items that are considered \"admin only\" by the service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/shares/{share_id}/metadata"}], + operations=[Operation(method="PUT", path="/shares/{share_id}/metadata")], ), base.APIRule( name="share_instance_export_location:index", check_str=("rule:context_is_admin"), description="Return data about the requested export location.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share_instances/{share_instance_id}/export_locations"}], + operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/export_locations")], ), base.APIRule( name="share_instance_export_location:show", check_str=("rule:context_is_admin"), description="Return data about the requested export location.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share_instances/{share_instance_id}/export_locations/{export_location_id}"}], + operations=[Operation(method="GET", path="/share_instances/{share_instance_id}/export_locations/{export_location_id}")], ), base.APIRule( name="share_type:create", check_str=("rule:context_is_admin"), description="Create share type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types"}], + operations=[Operation(method="POST", path="/types")], ), base.APIRule( name="share_type:update", check_str=("rule:context_is_admin"), description="Update share type.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/types/{share_type_id}"}], + operations=[Operation(method="PUT", path="/types/{share_type_id}")], ), base.APIRule( name="share_type:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get share type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{share_type_id}"}], + operations=[Operation(method="GET", path="/types/{share_type_id}")], ), base.APIRule( name="share_type:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List share types.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types?is_public=all"}], + operations=[Operation(method="GET", path="/types?is_public=all")], ), base.APIRule( name="share_type:default", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get default share type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/default"}], + operations=[Operation(method="GET", path="/types/default")], ), base.APIRule( name="share_type:delete", check_str=("rule:context_is_admin"), description="Delete share type.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/types/{share_type_id}"}], + operations=[Operation(method="DELETE", path="/types/{share_type_id}")], ), base.APIRule( name="share_type:list_project_access", check_str=("rule:context_is_admin"), description="List share type project access.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{share_type_id}"}], + operations=[Operation(method="GET", path="/types/{share_type_id}")], ), base.APIRule( name="share_type:add_project_access", check_str=("rule:context_is_admin"), description="Add share type to project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{share_type_id}/action"}], + operations=[Operation(method="POST", path="/types/{share_type_id}/action")], ), base.APIRule( name="share_type:remove_project_access", check_str=("rule:context_is_admin"), description="Remove share type from project.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{share_type_id}/action"}], + operations=[Operation(method="POST", path="/types/{share_type_id}/action")], ), base.APIRule( name="share_types_extra_spec:create", check_str=("rule:context_is_admin"), description="Create share type extra spec.", scope_types=["project"], - operations=[{"method": "POST", "path": "/types/{share_type_id}/extra_specs"}], + operations=[Operation(method="POST", path="/types/{share_type_id}/extra_specs")], ), base.APIRule( name="share_types_extra_spec:show", check_str=("rule:context_is_admin"), description="Get share type extra specs of a given share type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{share_type_id}/extra_specs"}], + operations=[Operation(method="GET", path="/types/{share_type_id}/extra_specs")], ), base.APIRule( name="share_types_extra_spec:index", check_str=("rule:context_is_admin"), description="Get details of a share type extra spec.", scope_types=["project"], - operations=[{"method": "GET", "path": "/types/{share_type_id}/extra_specs/{extra_spec_id}"}], + operations=[Operation(method="GET", path="/types/{share_type_id}/extra_specs/{extra_spec_id}")], ), base.APIRule( name="share_types_extra_spec:update", check_str=("rule:context_is_admin"), description="Update share type extra spec.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/types/{share_type_id}/extra_specs"}], + operations=[Operation(method="PUT", path="/types/{share_type_id}/extra_specs")], ), base.APIRule( name="share_types_extra_spec:delete", check_str=("rule:context_is_admin"), description="Delete share type extra spec.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/types/{share_type_id}/extra_specs/{key}"}], + operations=[Operation(method="DELETE", path="/types/{share_type_id}/extra_specs/{key}")], ), base.APIRule( name="share_snapshot:get_snapshot", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get share snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="share_snapshot:get_all_snapshots", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share snapshots.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots?{query}"}, {"method": "GET", "path": "/snapshots/detail?{query}"}], + operations=[Operation(method="GET", path="/snapshots?{query}"), Operation(method="GET", path="/snapshots/detail?{query}")], ), base.APIRule( name="share_snapshot:force_delete", check_str=("rule:context_is_admin"), description="Force Delete a share snapshot.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}")], ), base.APIRule( name="share_snapshot:manage_snapshot", check_str=("rule:context_is_admin"), description="Manage share snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/manage"}], + operations=[Operation(method="POST", path="/snapshots/manage")], ), base.APIRule( name="share_snapshot:unmanage_snapshot", check_str=("rule:context_is_admin"), description="Unmanage share snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")], ), base.APIRule( name="share_snapshot:reset_status", check_str=("rule:context_is_admin"), description="Reset status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")], ), base.APIRule( name="share_snapshot:access_list", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List access rules of a share snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}/access-list"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/access-list")], ), base.APIRule( name="share_snapshot:allow_access", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Allow access to a share snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")], ), base.APIRule( name="share_snapshot:deny_access", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Deny access to a share snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshots/{snapshot_id}/action"}], + operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")], ), base.APIRule( name="share_snapshot:update_metadata", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update snapshot metadata.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/snapshots/{snapshot_id}/metadata"}, {"method": "POST", "path": "/snapshots/{snapshot_id}/metadata/{key}"}, {"method": "POST", "path": "/snapshots/{snapshot_id}/metadata"}], + operations=[Operation(method="PUT", path="/snapshots/{snapshot_id}/metadata"), Operation(method="POST", path="/snapshots/{snapshot_id}/metadata/{key}"), Operation(method="POST", path="/snapshots/{snapshot_id}/metadata")], ), base.APIRule( name="share_snapshot:delete_metadata", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete snapshot metadata.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}/metadata/{key}")], ), base.APIRule( name="share_snapshot:get_metadata", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get snapshot metadata.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}/metadata"}, {"method": "GET", "path": "/snapshots/{snapshot_id}/metadata/{key}"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/metadata"), Operation(method="GET", path="/snapshots/{snapshot_id}/metadata/{key}")], ), base.APIRule( name="share_snapshot_export_location:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List export locations of a share snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}/export-locations/"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/export-locations/")], ), base.APIRule( name="share_snapshot_export_location:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a specified export location of a share snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshots/{snapshot_id}/export-locations/{export_location_id}"}], + operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/export-locations/{export_location_id}")], ), base.APIRule( name="share_snapshot_instance:show", check_str=("rule:context_is_admin"), description="Get share snapshot instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshot-instances/{snapshot_instance_id}"}], + operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}")], ), base.APIRule( name="share_snapshot_instance:index", check_str=("rule:context_is_admin"), description="Get all share snapshot instances.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshot-instances?{query}"}], + operations=[Operation(method="GET", path="/snapshot-instances?{query}")], ), base.APIRule( name="share_snapshot_instance:detail", check_str=("rule:context_is_admin"), description="Get details of share snapshot instances.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshot-instances/detail?{query}"}], + operations=[Operation(method="GET", path="/snapshot-instances/detail?{query}")], ), base.APIRule( name="share_snapshot_instance:reset_status", check_str=("rule:context_is_admin"), description="Reset share snapshot instance's status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/snapshot-instances/{snapshot_instance_id}/action"}], + operations=[Operation(method="POST", path="/snapshot-instances/{snapshot_instance_id}/action")], ), base.APIRule( name="share_snapshot_instance_export_location:index", check_str=("rule:context_is_admin"), description="List export locations of a share snapshot instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshot-instances/{snapshot_instance_id}/export-locations"}], + operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}/export-locations")], ), base.APIRule( name="share_snapshot_instance_export_location:show", check_str=("rule:context_is_admin"), description="Show details of a specified export location of a share snapshot instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}"}], + operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}")], ), base.APIRule( name="share_server:index", check_str=("rule:context_is_admin"), description="Get share servers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-servers?{query}"}], + operations=[Operation(method="GET", path="/share-servers?{query}")], ), base.APIRule( name="share_server:show", check_str=("rule:context_is_admin"), description="Show share server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-servers/{server_id}"}], + operations=[Operation(method="GET", path="/share-servers/{server_id}")], ), base.APIRule( name="share_server:details", check_str=("rule:context_is_admin"), description="Get share server details.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-servers/{server_id}/details"}], + operations=[Operation(method="GET", path="/share-servers/{server_id}/details")], ), base.APIRule( name="share_server:delete", check_str=("rule:context_is_admin"), description="Delete share server.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-servers/{server_id}"}], + operations=[Operation(method="DELETE", path="/share-servers/{server_id}")], ), base.APIRule( name="share_server:manage_share_server", check_str=("rule:context_is_admin"), description="Manage share server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/manage"}], + operations=[Operation(method="POST", path="/share-servers/manage")], ), base.APIRule( name="share_server:unmanage_share_server", check_str=("rule:context_is_admin"), description="Unmanage share server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:reset_status", check_str=("rule:context_is_admin"), description="Reset the status of a share server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_migration_start", check_str=("rule:context_is_admin"), description="Migrates a share server to the specified host.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_migration_check", check_str=("rule:context_is_admin"), description="Check if can migrates a share server to the specified host.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_migration_complete", check_str=("rule:context_is_admin"), description="Invokes the 2nd phase of share server migration.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_migration_cancel", check_str=("rule:context_is_admin"), description="Attempts to cancel share server migration.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_migration_get_progress", check_str=("rule:context_is_admin"), description="Retrieves the share server migration progress for a given share server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="share_server:share_server_reset_task_state", check_str=("rule:context_is_admin"), description="Resets task state.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-servers/{share_server_id}/action"}], + operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")], ), base.APIRule( name="service:index", check_str=("rule:context_is_admin"), description="Return a list of all running services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-services?{query}"}, {"method": "GET", "path": "/services?{query}"}], + operations=[Operation(method="GET", path="/os-services?{query}"), Operation(method="GET", path="/services?{query}")], ), base.APIRule( name="service:update", check_str=("rule:context_is_admin"), description="Enable/Disable scheduling for a service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/disable"}, {"method": "PUT", "path": "/os-services/enable"}, {"method": "PUT", "path": "/services/disable"}, {"method": "PUT", "path": "/services/enable"}], + operations=[Operation(method="PUT", path="/os-services/disable"), Operation(method="PUT", path="/os-services/enable"), Operation(method="PUT", path="/services/disable"), Operation(method="PUT", path="/services/enable")], ), base.APIRule( name="quota_set:update", check_str=("rule:context_is_admin"), description="Update the quotas for a project/user and/or share type.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/quota-sets/{project_id}"}, {"method": "PUT", "path": "/quota-sets/{project_id}?user_id={user_id}"}, {"method": "PUT", "path": "/quota-sets/{project_id}?share_type={share_type_id}"}, {"method": "PUT", "path": "/os-quota-sets/{project_id}"}, {"method": "PUT", "path": "/os-quota-sets/{project_id}?user_id={user_id}"}], + operations=[Operation(method="PUT", path="/quota-sets/{project_id}"), Operation(method="PUT", path="/quota-sets/{project_id}?user_id={user_id}"), Operation(method="PUT", path="/quota-sets/{project_id}?share_type={share_type_id}"), Operation(method="PUT", path="/os-quota-sets/{project_id}"), Operation(method="PUT", path="/os-quota-sets/{project_id}?user_id={user_id}")], ), base.APIRule( name="quota_set:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List the quotas for a project/user.", scope_types=["project"], - operations=[{"method": "GET", "path": "/quota-sets/{project_id}/defaults"}, {"method": "GET", "path": "/os-quota-sets/{project_id}/defaults"}], + operations=[Operation(method="GET", path="/quota-sets/{project_id}/defaults"), Operation(method="GET", path="/os-quota-sets/{project_id}/defaults")], ), base.APIRule( name="quota_set:delete", check_str=("rule:context_is_admin"), description="Delete quota for a project/user or project/share-type. The quota will revert back to default (Admin only).", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/quota-sets/{project_id}"}, {"method": "DELETE", "path": "/quota-sets/{project_id}?user_id={user_id}"}, {"method": "DELETE", "path": "/quota-sets/{project_id}?share_type={share_type_id}"}, {"method": "DELETE", "path": "/os-quota-sets/{project_id}"}, {"method": "DELETE", "path": "/os-quota-sets/{project_id}?user_id={user_id}"}], + operations=[Operation(method="DELETE", path="/quota-sets/{project_id}"), Operation(method="DELETE", path="/quota-sets/{project_id}?user_id={user_id}"), Operation(method="DELETE", path="/quota-sets/{project_id}?share_type={share_type_id}"), Operation(method="DELETE", path="/os-quota-sets/{project_id}"), Operation(method="DELETE", path="/os-quota-sets/{project_id}?user_id={user_id}")], ), base.APIRule( name="quota_class_set:update", check_str=("rule:context_is_admin"), description="Update quota class.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/quota-class-sets/{class_name}"}, {"method": "PUT", "path": "/os-quota-class-sets/{class_name}"}], + operations=[Operation(method="PUT", path="/quota-class-sets/{class_name}"), Operation(method="PUT", path="/os-quota-class-sets/{class_name}")], ), base.APIRule( name="quota_class_set:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get quota class.", scope_types=["project"], - operations=[{"method": "GET", "path": "/quota-class-sets/{class_name}"}, {"method": "GET", "path": "/os-quota-class-sets/{class_name}"}], + operations=[Operation(method="GET", path="/quota-class-sets/{class_name}"), Operation(method="GET", path="/os-quota-class-sets/{class_name}")], ), base.APIRule( name="share_group_types_spec:create", check_str=("rule:context_is_admin"), description="Create share group type specs.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-types/{share_group_type_id}/group-specs"}], + operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/group-specs")], ), base.APIRule( name="share_group_types_spec:index", check_str=("rule:context_is_admin"), description="Get share group type specs.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types/{share_group_type_id}/group-specs"}], + operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/group-specs")], ), base.APIRule( name="share_group_types_spec:show", check_str=("rule:context_is_admin"), description="Get details of a share group type spec.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types/{share_group_type_id}/group-specs/{key}"}], + operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/group-specs/{key}")], ), base.APIRule( name="share_group_types_spec:update", check_str=("rule:context_is_admin"), description="Update a share group type spec.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/share-group-types/{share_group_type_id}/group-specs/{key}"}], + operations=[Operation(method="PUT", path="/share-group-types/{share_group_type_id}/group-specs/{key}")], ), base.APIRule( name="share_group_types_spec:delete", check_str=("rule:context_is_admin"), description="Delete a share group type spec.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-group-types/{share_group_type_id}/group-specs/{key}"}], + operations=[Operation(method="DELETE", path="/share-group-types/{share_group_type_id}/group-specs/{key}")], ), base.APIRule( name="share_group_type:create", check_str=("rule:context_is_admin"), description="Create a new share group type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-types"}], + operations=[Operation(method="POST", path="/share-group-types")], ), base.APIRule( name="share_group_type:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get the list of share group types.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types?is_public=all"}], + operations=[Operation(method="GET", path="/share-group-types?is_public=all")], ), base.APIRule( name="share_group_type:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details regarding the specified share group type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types/{share_group_type_id}"}], + operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}")], ), base.APIRule( name="share_group_type:default", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get the default share group type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types/default"}], + operations=[Operation(method="GET", path="/share-group-types/default")], ), base.APIRule( name="share_group_type:delete", check_str=("rule:context_is_admin"), description="Delete an existing group type.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-group-types/{share_group_type_id}"}], + operations=[Operation(method="DELETE", path="/share-group-types/{share_group_type_id}")], ), base.APIRule( name="share_group_type:list_project_access", check_str=("rule:context_is_admin"), description="Get project access by share group type.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-types/{share_group_type_id}/access"}], + operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/access")], ), base.APIRule( name="share_group_type:add_project_access", check_str=("rule:context_is_admin"), description="Allow project to use the share group type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-types/{share_group_type_id}/action"}], + operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/action")], ), base.APIRule( name="share_group_type:remove_project_access", check_str=("rule:context_is_admin"), description="Deny project access to use the share group type.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-types/{share_group_type_id}/action"}], + operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/action")], ), base.APIRule( name="share_group_snapshot:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create a new share group snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-snapshots"}], + operations=[Operation(method="POST", path="/share-group-snapshots")], ), base.APIRule( name="share_group_snapshot:get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a share group snapshot.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-snapshots/{share_group_snapshot_id}"}], + operations=[Operation(method="GET", path="/share-group-snapshots/{share_group_snapshot_id}")], ), base.APIRule( name="share_group_snapshot:get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share group snapshots.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-group-snapshots?{query}"}, {"method": "GET", "path": "/share-group-snapshots/detail?{query}"}], + operations=[Operation(method="GET", path="/share-group-snapshots?{query}"), Operation(method="GET", path="/share-group-snapshots/detail?{query}")], ), base.APIRule( name="share_group_snapshot:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update a share group snapshot.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/share-group-snapshots/{share_group_snapshot_id}"}], + operations=[Operation(method="PUT", path="/share-group-snapshots/{share_group_snapshot_id}")], ), base.APIRule( name="share_group_snapshot:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a share group snapshot.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-group-snapshots/{share_group_snapshot_id}"}], + operations=[Operation(method="DELETE", path="/share-group-snapshots/{share_group_snapshot_id}")], ), base.APIRule( name="share_group_snapshot:force_delete", check_str=("rule:context_is_admin"), description="Force delete a share group snapshot.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-snapshots/{share_group_snapshot_id}/action"}], + operations=[Operation(method="POST", path="/share-group-snapshots/{share_group_snapshot_id}/action")], ), base.APIRule( name="share_group_snapshot:reset_status", check_str=("rule:context_is_admin"), description="Reset a share group snapshot's status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-group-snapshots/{share_group_snapshot_id}/action"}], + operations=[Operation(method="POST", path="/share-group-snapshots/{share_group_snapshot_id}/action")], ), base.APIRule( name="share_group:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create share group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-groups"}], + operations=[Operation(method="POST", path="/share-groups")], ), base.APIRule( name="share_group:get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a share group.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-groups/{share_group_id}"}], + operations=[Operation(method="GET", path="/share-groups/{share_group_id}")], ), base.APIRule( name="share_group:get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share groups.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-groups?{query}"}, {"method": "GET", "path": "/share-groups/detail?{query}"}], + operations=[Operation(method="GET", path="/share-groups?{query}"), Operation(method="GET", path="/share-groups/detail?{query}")], ), base.APIRule( name="share_group:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update share group.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/share-groups/{share_group_id}"}], + operations=[Operation(method="PUT", path="/share-groups/{share_group_id}")], ), base.APIRule( name="share_group:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete share group.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-groups/{share_group_id}"}], + operations=[Operation(method="DELETE", path="/share-groups/{share_group_id}")], ), base.APIRule( name="share_group:force_delete", check_str=("rule:context_is_admin"), description="Force delete a share group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-groups/{share_group_id}/action"}], + operations=[Operation(method="POST", path="/share-groups/{share_group_id}/action")], ), base.APIRule( name="share_group:reset_status", check_str=("rule:context_is_admin"), description="Reset share group's status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-groups/{share_group_id}/action"}], + operations=[Operation(method="POST", path="/share-groups/{share_group_id}/action")], ), base.APIRule( name="share_replica:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create share replica.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas"}], + operations=[Operation(method="POST", path="/share-replicas")], ), base.APIRule( name="share_replica:get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share replicas.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-replicas"}, {"method": "GET", "path": "/share-replicas/detail"}, {"method": "GET", "path": "/share-replicas/detail?share_id={share_id}"}], + operations=[Operation(method="GET", path="/share-replicas"), Operation(method="GET", path="/share-replicas/detail"), Operation(method="GET", path="/share-replicas/detail?share_id={share_id}")], ), base.APIRule( name="share_replica:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a share replica.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-replicas/{share_replica_id}"}], + operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}")], ), base.APIRule( name="share_replica:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a share replica.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-replicas/{share_replica_id}"}], + operations=[Operation(method="DELETE", path="/share-replicas/{share_replica_id}")], ), base.APIRule( name="share_replica:force_delete", check_str=("rule:context_is_admin"), description="Force delete a share replica.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas/{share_replica_id}/action"}], + operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")], ), base.APIRule( name="share_replica:promote", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Promote a non-active share replica to active.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas/{share_replica_id}/action"}], + operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")], ), base.APIRule( name="share_replica:resync", check_str=("rule:context_is_admin"), description="Resync a share replica that is out of sync.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas/{share_replica_id}/action"}], + operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")], ), base.APIRule( name="share_replica:reset_replica_state", check_str=("rule:context_is_admin"), description="Reset share replica's replica_state attribute.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas/{share_replica_id}/action"}], + operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")], ), base.APIRule( name="share_replica:reset_status", check_str=("rule:context_is_admin"), description="Reset share replica's status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-replicas/{share_replica_id}/action"}], + operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")], ), base.APIRule( name="share_replica_export_location:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all export locations of a given share replica.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-replicas/{share_replica_id}/export-locations"}], + operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}/export-locations")], ), base.APIRule( name="share_replica_export_location:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details about the requested share replica export location.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-replicas/{share_replica_id}/export-locations/{export_location_id}"}], + operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}/export-locations/{export_location_id}")], ), base.APIRule( name="share_network:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks"}], + operations=[Operation(method="POST", path="/share-networks")], ), base.APIRule( name="share_network:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a share network.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks/{share_network_id}"}], + operations=[Operation(method="GET", path="/share-networks/{share_network_id}")], ), base.APIRule( name="share_network:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share networks under a project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks?{query}"}], + operations=[Operation(method="GET", path="/share-networks?{query}")], ), base.APIRule( name="share_network:detail", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of share networks under a project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks/detail?{query}"}], + operations=[Operation(method="GET", path="/share-networks/detail?{query}")], ), base.APIRule( name="share_network:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update a share network.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/share-networks/{share_network_id}"}], + operations=[Operation(method="PUT", path="/share-networks/{share_network_id}")], ), base.APIRule( name="share_network:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a share network.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-networks/{share_network_id}"}], + operations=[Operation(method="DELETE", path="/share-networks/{share_network_id}")], ), base.APIRule( name="share_network:add_security_service", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Add security service to share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:add_security_service_check", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Check the feasibility of add security service to a share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:remove_security_service", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Remove security service from share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:update_security_service", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update security service from share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:update_security_service_check", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Check the feasibility of update a security service from share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:reset_status", check_str=("rule:context_is_admin"), description="Reset share network`s status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network:get_all_share_networks", check_str=("rule:context_is_admin"), description="Get share networks belonging to all projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks?all_tenants=1"}, {"method": "GET", "path": "/share-networks/detail?all_tenants=1"}], + operations=[Operation(method="GET", path="/share-networks?all_tenants=1"), Operation(method="GET", path="/share-networks/detail?all_tenants=1")], ), base.APIRule( name="share_network:subnet_create_check", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Check the feasibility of create a new share network subnet for share network.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/action"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")], ), base.APIRule( name="share_network_subnet:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create a new share network subnet.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share-networks/{share_network_id}/subnets"}], + operations=[Operation(method="POST", path="/share-networks/{share_network_id}/subnets")], ), base.APIRule( name="share_network_subnet:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a share network subnet.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-networks/{share_network_id}/subnets/{share_network_subnet_id}"}], + operations=[Operation(method="DELETE", path="/share-networks/{share_network_id}/subnets/{share_network_subnet_id}")], ), base.APIRule( name="share_network_subnet:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Shows a share network subnet.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks/{share_network_id}/subnets/{share_network_subnet_id}"}], + operations=[Operation(method="GET", path="/share-networks/{share_network_id}/subnets/{share_network_subnet_id}")], ), base.APIRule( name="share_network_subnet:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all share network subnets.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-networks/{share_network_id}/subnets"}], + operations=[Operation(method="GET", path="/share-networks/{share_network_id}/subnets")], ), base.APIRule( name="security_service:create", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Create security service.", scope_types=["project"], - operations=[{"method": "POST", "path": "/security-services"}], + operations=[Operation(method="POST", path="/security-services")], ), base.APIRule( name="security_service:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a security service.", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-services/{security_service_id}"}], + operations=[Operation(method="GET", path="/security-services/{security_service_id}")], ), base.APIRule( name="security_service:detail", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of all security services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-services/detail?{query}"}], + operations=[Operation(method="GET", path="/security-services/detail?{query}")], ), base.APIRule( name="security_service:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all security services under a project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-services?{query}"}], + operations=[Operation(method="GET", path="/security-services?{query}")], ), base.APIRule( name="security_service:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Update a security service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/security-services/{security_service_id}"}], + operations=[Operation(method="PUT", path="/security-services/{security_service_id}")], ), base.APIRule( name="security_service:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a security service.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/security-services/{security_service_id}"}], + operations=[Operation(method="DELETE", path="/security-services/{security_service_id}")], ), base.APIRule( name="security_service:get_all_security_services", check_str=("rule:context_is_admin"), description="Get security services of all projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-services?all_tenants=1"}, {"method": "GET", "path": "/security-services/detail?all_tenants=1"}], + operations=[Operation(method="GET", path="/security-services?all_tenants=1"), Operation(method="GET", path="/security-services/detail?all_tenants=1")], ), base.APIRule( name="share_export_location:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all export locations of a given share.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares/{share_id}/export_locations"}], + operations=[Operation(method="GET", path="/shares/{share_id}/export_locations")], ), base.APIRule( name="share_export_location:show", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details about the requested export location.", scope_types=["project"], - operations=[{"method": "GET", "path": "/shares/{share_id}/export_locations/{export_location_id}"}], + operations=[Operation(method="GET", path="/shares/{share_id}/export_locations/{export_location_id}")], ), base.APIRule( name="share_instance:index", check_str=("rule:context_is_admin"), description="Get all share instances.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share_instances"}, {"method": "GET", "path": "/share_instances?{query}"}], + operations=[Operation(method="GET", path="/share_instances"), Operation(method="GET", path="/share_instances?{query}")], ), base.APIRule( name="share_instance:show", check_str=("rule:context_is_admin"), description="Get details of a share instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share_instances/{share_instance_id}"}], + operations=[Operation(method="GET", path="/share_instances/{share_instance_id}")], ), base.APIRule( name="share_instance:force_delete", check_str=("rule:context_is_admin"), description="Force delete a share instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share_instances/{share_instance_id}/action"}], + operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/action")], ), base.APIRule( name="share_instance:reset_status", check_str=("rule:context_is_admin"), description="Reset share instance's status.", scope_types=["project"], - operations=[{"method": "POST", "path": "/share_instances/{share_instance_id}/action"}], + operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/action")], ), base.APIRule( name="message:get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a given message.", scope_types=["project"], - operations=[{"method": "GET", "path": "/messages/{message_id}"}], + operations=[Operation(method="GET", path="/messages/{message_id}")], ), base.APIRule( name="message:get_all", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get all messages.", scope_types=["project"], - operations=[{"method": "GET", "path": "/messages"}, {"method": "GET", "path": "/messages?{query}"}], + operations=[Operation(method="GET", path="/messages"), Operation(method="GET", path="/messages?{query}")], ), base.APIRule( name="message:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete a message.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/messages/{message_id}"}], + operations=[Operation(method="DELETE", path="/messages/{message_id}")], ), base.APIRule( name="share_access_rule:get", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="Get details of a share access rule.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-access-rules/{share_access_id}"}], + operations=[Operation(method="GET", path="/share-access-rules/{share_access_id}")], ), base.APIRule( name="share_access_rule:index", check_str=("(rule:context_is_admin) or (rule:project-reader)"), description="List access rules of a given share.", scope_types=["project"], - operations=[{"method": "GET", "path": "/share-access-rules?share_id={share_id}&key1=value1&key2=value2"}], + operations=[Operation(method="GET", path="/share-access-rules?share_id={share_id}&key1=value1&key2=value2")], ), base.APIRule( name="share_access_metadata:update", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Set metadata for a share access rule.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/share-access-rules/{share_access_id}/metadata"}], + operations=[Operation(method="PUT", path="/share-access-rules/{share_access_id}/metadata")], ), base.APIRule( name="share_access_metadata:delete", check_str=("(rule:context_is_admin) or (rule:project-member)"), description="Delete metadata for a share access rule.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/share-access-rules/{share_access_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/share-access-rules/{share_access_id}/metadata/{key}")], ), ) diff --git a/skyline_apiserver/policy/manager/masakari.py b/skyline_apiserver/policy/manager/masakari.py index ae59590..4a060e6 100644 --- a/skyline_apiserver/policy/manager/masakari.py +++ b/skyline_apiserver/policy/manager/masakari.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -68,126 +70,126 @@ list_rules = ( check_str=("rule:admin_api"), description="List available extensions.", scope_types=["project"], - operations=[{"method": "GET", "path": "/extensions"}], + operations=[Operation(method="GET", path="/extensions")], ), base.APIRule( name="os_masakari_api:extensions:detail", check_str=("rule:admin_api"), description="Shows information for an extension.", scope_types=["project"], - operations=[{"method": "GET", "path": "/extensions/{extensions_id}"}], + operations=[Operation(method="GET", path="/extensions/{extensions_id}")], ), base.APIRule( name="os_masakari_api:os-hosts:index", check_str=("rule:admin_api"), description="Lists IDs, names, type, reserved, on_maintenance for all hosts.", scope_types=["project"], - operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts"}], + operations=[Operation(method="GET", path="/segments/{segment_id}/hosts")], ), base.APIRule( name="os_masakari_api:os-hosts:detail", check_str=("rule:admin_api"), description="Shows details for a host.", scope_types=["project"], - operations=[{"method": "GET", "path": "/segments/{segment_id}/hosts/{host_id}"}], + operations=[Operation(method="GET", path="/segments/{segment_id}/hosts/{host_id}")], ), base.APIRule( name="os_masakari_api:os-hosts:create", check_str=("rule:admin_api"), description="Creates a host under given segment.", scope_types=["project"], - operations=[{"method": "POST", "path": "/segments/{segment_id}/hosts"}], + operations=[Operation(method="POST", path="/segments/{segment_id}/hosts")], ), base.APIRule( name="os_masakari_api:os-hosts:update", check_str=("rule:admin_api"), description="Updates the editable attributes of an existing host.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/segments/{segment_id}/hosts/{host_id}"}], + operations=[Operation(method="PUT", path="/segments/{segment_id}/hosts/{host_id}")], ), base.APIRule( name="os_masakari_api:os-hosts:delete", check_str=("rule:admin_api"), description="Deletes a host from given segment.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/segments/{segment_id}/hosts/{host_id}"}], + operations=[Operation(method="DELETE", path="/segments/{segment_id}/hosts/{host_id}")], ), base.APIRule( name="os_masakari_api:notifications:index", check_str=("rule:admin_api"), description="Lists IDs, notification types, host_name, generated_time, payload and status for all notifications.", scope_types=["project"], - operations=[{"method": "GET", "path": "/notifications"}], + operations=[Operation(method="GET", path="/notifications")], ), base.APIRule( name="os_masakari_api:notifications:detail", check_str=("rule:admin_api"), description="Shows details for a notification.", scope_types=["project"], - operations=[{"method": "GET", "path": "/notifications/{notification_id}"}], + operations=[Operation(method="GET", path="/notifications/{notification_id}")], ), base.APIRule( name="os_masakari_api:notifications:create", check_str=("rule:admin_api"), description="Creates a notification.", scope_types=["project"], - operations=[{"method": "POST", "path": "/notifications"}], + operations=[Operation(method="POST", path="/notifications")], ), base.APIRule( name="os_masakari_api:segments:index", check_str=("rule:admin_api"), description="Lists IDs, names, description, recovery_method, service_type for all segments.", scope_types=["project"], - operations=[{"method": "GET", "path": "/segments"}], + operations=[Operation(method="GET", path="/segments")], ), base.APIRule( name="os_masakari_api:segments:detail", check_str=("rule:admin_api"), description="Shows details for a segment.", scope_types=["project"], - operations=[{"method": "GET", "path": "/segments/{segment_id}"}], + operations=[Operation(method="GET", path="/segments/{segment_id}")], ), base.APIRule( name="os_masakari_api:segments:create", check_str=("rule:admin_api"), description="Creates a segment.", scope_types=["project"], - operations=[{"method": "POST", "path": "/segments"}], + operations=[Operation(method="POST", path="/segments")], ), base.APIRule( name="os_masakari_api:segments:update", check_str=("rule:admin_api"), description="Updates the editable attributes of an existing host.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/segments/{segment_id}"}], + operations=[Operation(method="PUT", path="/segments/{segment_id}")], ), base.APIRule( name="os_masakari_api:segments:delete", check_str=("rule:admin_api"), description="Deletes a segment.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/segments/{segment_id}"}], + operations=[Operation(method="DELETE", path="/segments/{segment_id}")], ), base.APIRule( name="os_masakari_api:versions:index", check_str=("@"), description="List all versions.", scope_types=["project"], - operations=[{"method": "GET", "path": "/"}], + operations=[Operation(method="GET", path="/")], ), base.APIRule( name="os_masakari_api:vmoves:index", check_str=("rule:admin_api"), description="Lists IDs, notification_id, instance_id, source_host, dest_host, status and type for all VM moves.", scope_types=["project"], - operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves"}], + operations=[Operation(method="GET", path="/notifications/{notification_id}/vmoves")], ), base.APIRule( name="os_masakari_api:vmoves:detail", check_str=("rule:admin_api"), description="Shows details for one VM move.", scope_types=["project"], - operations=[{"method": "GET", "path": "/notifications/{notification_id}/vmoves/{vmove_id}"}], + operations=[Operation(method="GET", path="/notifications/{notification_id}/vmoves/{vmove_id}")], ), ) diff --git a/skyline_apiserver/policy/manager/neutron.py b/skyline_apiserver/policy/manager/neutron.py index c45f6cf..767a592 100644 --- a/skyline_apiserver/policy/manager/neutron.py +++ b/skyline_apiserver/policy/manager/neutron.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -143,1799 +145,1799 @@ list_rules = ( check_str=("role:reader and project_id:%(project_id)s or rule:shared_address_groups"), description="Get an address group", scope_types=["project"], - operations=[{"method": "GET", "path": "/address-groups"}, {"method": "GET", "path": "/address-groups/{id}"}], + operations=[Operation(method="GET", path="/address-groups"), Operation(method="GET", path="/address-groups/{id}")], ), base.APIRule( name="create_address_scope", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create an address scope", scope_types=["project"], - operations=[{"method": "POST", "path": "/address-scopes"}], + operations=[Operation(method="POST", path="/address-scopes")], ), base.APIRule( name="create_address_scope:shared", check_str=("rule:admin_only"), description="Create a shared address scope", scope_types=["project"], - operations=[{"method": "POST", "path": "/address-scopes"}], + operations=[Operation(method="POST", path="/address-scopes")], ), base.APIRule( name="get_address_scope", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared_address_scopes"), description="Get an address scope", scope_types=["project"], - operations=[{"method": "GET", "path": "/address-scopes"}, {"method": "GET", "path": "/address-scopes/{id}"}], + operations=[Operation(method="GET", path="/address-scopes"), Operation(method="GET", path="/address-scopes/{id}")], ), base.APIRule( name="update_address_scope", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update an address scope", scope_types=["project"], - operations=[{"method": "PUT", "path": "/address-scopes/{id}"}], + operations=[Operation(method="PUT", path="/address-scopes/{id}")], ), base.APIRule( name="update_address_scope:shared", check_str=("rule:admin_only"), description="Update ``shared`` attribute of an address scope", scope_types=["project"], - operations=[{"method": "PUT", "path": "/address-scopes/{id}"}], + operations=[Operation(method="PUT", path="/address-scopes/{id}")], ), base.APIRule( name="delete_address_scope", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete an address scope", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/address-scopes/{id}"}], + operations=[Operation(method="DELETE", path="/address-scopes/{id}")], ), base.APIRule( name="get_agent", check_str=("rule:admin_only"), description="Get an agent", scope_types=["project"], - operations=[{"method": "GET", "path": "/agents"}, {"method": "GET", "path": "/agents/{id}"}], + operations=[Operation(method="GET", path="/agents"), Operation(method="GET", path="/agents/{id}")], ), base.APIRule( name="update_agent", check_str=("rule:admin_only"), description="Update an agent", scope_types=["project"], - operations=[{"method": "PUT", "path": "/agents/{id}"}], + operations=[Operation(method="PUT", path="/agents/{id}")], ), base.APIRule( name="delete_agent", check_str=("rule:admin_only"), description="Delete an agent", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/agents/{id}"}], + operations=[Operation(method="DELETE", path="/agents/{id}")], ), base.APIRule( name="create_dhcp-network", check_str=("rule:admin_only"), description="Add a network to a DHCP agent", scope_types=["project"], - operations=[{"method": "POST", "path": "/agents/{agent_id}/dhcp-networks"}], + operations=[Operation(method="POST", path="/agents/{agent_id}/dhcp-networks")], ), base.APIRule( name="get_dhcp-networks", check_str=("rule:admin_only"), description="List networks on a DHCP agent", scope_types=["project"], - operations=[{"method": "GET", "path": "/agents/{agent_id}/dhcp-networks"}], + operations=[Operation(method="GET", path="/agents/{agent_id}/dhcp-networks")], ), base.APIRule( name="delete_dhcp-network", check_str=("rule:admin_only"), description="Remove a network from a DHCP agent", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/agents/{agent_id}/dhcp-networks/{network_id}"}], + operations=[Operation(method="DELETE", path="/agents/{agent_id}/dhcp-networks/{network_id}")], ), base.APIRule( name="create_l3-router", check_str=("rule:admin_only"), description="Add a router to an L3 agent", scope_types=["project"], - operations=[{"method": "POST", "path": "/agents/{agent_id}/l3-routers"}], + operations=[Operation(method="POST", path="/agents/{agent_id}/l3-routers")], ), base.APIRule( name="get_l3-routers", check_str=("rule:admin_only"), description="List routers on an L3 agent", scope_types=["project"], - operations=[{"method": "GET", "path": "/agents/{agent_id}/l3-routers"}], + operations=[Operation(method="GET", path="/agents/{agent_id}/l3-routers")], ), base.APIRule( name="delete_l3-router", check_str=("rule:admin_only"), description="Remove a router from an L3 agent", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/agents/{agent_id}/l3-routers/{router_id}"}], + operations=[Operation(method="DELETE", path="/agents/{agent_id}/l3-routers/{router_id}")], ), base.APIRule( name="get_dhcp-agents", check_str=("rule:admin_only"), description="List DHCP agents hosting a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks/{network_id}/dhcp-agents"}], + operations=[Operation(method="GET", path="/networks/{network_id}/dhcp-agents")], ), base.APIRule( name="get_l3-agents", check_str=("rule:admin_only"), description="List L3 agents hosting a router", scope_types=["project"], - operations=[{"method": "GET", "path": "/routers/{router_id}/l3-agents"}], + operations=[Operation(method="GET", path="/routers/{router_id}/l3-agents")], ), base.APIRule( name="get_auto_allocated_topology", check_str=("role:reader and project_id:%(project_id)s"), description="Get a project's auto-allocated topology", scope_types=["project"], - operations=[{"method": "GET", "path": "/auto-allocated-topology/{project_id}"}], + operations=[Operation(method="GET", path="/auto-allocated-topology/{project_id}")], ), base.APIRule( name="delete_auto_allocated_topology", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a project's auto-allocated topology", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/auto-allocated-topology/{project_id}"}], + operations=[Operation(method="DELETE", path="/auto-allocated-topology/{project_id}")], ), base.APIRule( name="get_availability_zone", check_str=("rule:admin_only"), description="List availability zones", scope_types=["project"], - operations=[{"method": "GET", "path": "/availability_zones"}], + operations=[Operation(method="GET", path="/availability_zones")], ), base.APIRule( name="create_flavor", check_str=("rule:admin_only"), description="Create a flavor", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors"}], + operations=[Operation(method="POST", path="/flavors")], ), base.APIRule( name="get_flavor", check_str=("(rule:admin_only) or (role:reader and project_id:%(project_id)s)"), description="Get a flavor", scope_types=["project"], - operations=[{"method": "GET", "path": "/flavors"}, {"method": "GET", "path": "/flavors/{id}"}], + operations=[Operation(method="GET", path="/flavors"), Operation(method="GET", path="/flavors/{id}")], ), base.APIRule( name="update_flavor", check_str=("rule:admin_only"), description="Update a flavor", scope_types=["project"], - operations=[{"method": "PUT", "path": "/flavors/{id}"}], + operations=[Operation(method="PUT", path="/flavors/{id}")], ), base.APIRule( name="delete_flavor", check_str=("rule:admin_only"), description="Delete a flavor", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/flavors/{id}"}], + operations=[Operation(method="DELETE", path="/flavors/{id}")], ), base.APIRule( name="create_service_profile", check_str=("rule:admin_only"), description="Create a service profile", scope_types=["project"], - operations=[{"method": "POST", "path": "/service_profiles"}], + operations=[Operation(method="POST", path="/service_profiles")], ), base.APIRule( name="get_service_profile", check_str=("rule:admin_only"), description="Get a service profile", scope_types=["project"], - operations=[{"method": "GET", "path": "/service_profiles"}, {"method": "GET", "path": "/service_profiles/{id}"}], + operations=[Operation(method="GET", path="/service_profiles"), Operation(method="GET", path="/service_profiles/{id}")], ), base.APIRule( name="update_service_profile", check_str=("rule:admin_only"), description="Update a service profile", scope_types=["project"], - operations=[{"method": "PUT", "path": "/service_profiles/{id}"}], + operations=[Operation(method="PUT", path="/service_profiles/{id}")], ), base.APIRule( name="delete_service_profile", check_str=("rule:admin_only"), description="Delete a service profile", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/service_profiles/{id}"}], + operations=[Operation(method="DELETE", path="/service_profiles/{id}")], ), base.APIRule( name="create_flavor_service_profile", check_str=("rule:admin_only"), description="Associate a flavor with a service profile", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors/{flavor_id}/service_profiles"}], + operations=[Operation(method="POST", path="/flavors/{flavor_id}/service_profiles")], ), base.APIRule( name="delete_flavor_service_profile", check_str=("rule:admin_only"), description="Disassociate a flavor with a service profile", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/service_profiles/{profile_id}"}], + operations=[Operation(method="DELETE", path="/flavors/{flavor_id}/service_profiles/{profile_id}")], ), base.APIRule( name="create_floatingip", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create a floating IP", scope_types=["project"], - operations=[{"method": "POST", "path": "/floatingips"}], + operations=[Operation(method="POST", path="/floatingips")], ), base.APIRule( name="create_floatingip:floating_ip_address", check_str=("rule:admin_only"), description="Create a floating IP with a specific IP address", scope_types=["project"], - operations=[{"method": "POST", "path": "/floatingips"}], + operations=[Operation(method="POST", path="/floatingips")], ), base.APIRule( name="get_floatingip", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a floating IP", scope_types=["project"], - operations=[{"method": "GET", "path": "/floatingips"}, {"method": "GET", "path": "/floatingips/{id}"}], + operations=[Operation(method="GET", path="/floatingips"), Operation(method="GET", path="/floatingips/{id}")], ), base.APIRule( name="update_floatingip", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update a floating IP", scope_types=["project"], - operations=[{"method": "PUT", "path": "/floatingips/{id}"}], + operations=[Operation(method="PUT", path="/floatingips/{id}")], ), base.APIRule( name="delete_floatingip", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a floating IP", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/floatingips/{id}"}], + operations=[Operation(method="DELETE", path="/floatingips/{id}")], ), base.APIRule( name="get_floatingip_pool", check_str=("role:reader and project_id:%(project_id)s"), description="Get floating IP pools", scope_types=["project"], - operations=[{"method": "GET", "path": "/floatingip_pools"}], + operations=[Operation(method="GET", path="/floatingip_pools")], ), base.APIRule( name="create_floatingip_port_forwarding", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Create a floating IP port forwarding", scope_types=["project"], - operations=[{"method": "POST", "path": "/floatingips/{floatingip_id}/port_forwardings"}], + operations=[Operation(method="POST", path="/floatingips/{floatingip_id}/port_forwardings")], ), base.APIRule( name="get_floatingip_port_forwarding", check_str=("role:reader and project_id:%(project_id)s or rule:ext_parent_owner"), description="Get a floating IP port forwarding", scope_types=["project"], - operations=[{"method": "GET", "path": "/floatingips/{floatingip_id}/port_forwardings"}, {"method": "GET", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}"}], + operations=[Operation(method="GET", path="/floatingips/{floatingip_id}/port_forwardings"), Operation(method="GET", path="/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}")], ), base.APIRule( name="update_floatingip_port_forwarding", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Update a floating IP port forwarding", scope_types=["project"], - operations=[{"method": "PUT", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}"}], + operations=[Operation(method="PUT", path="/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}")], ), base.APIRule( name="delete_floatingip_port_forwarding", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Delete a floating IP port forwarding", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}"}], + operations=[Operation(method="DELETE", path="/floatingips/{floatingip_id}/port_forwardings/{port_forwarding_id}")], ), base.APIRule( name="create_router_conntrack_helper", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Create a router conntrack helper", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers/{router_id}/conntrack_helpers"}], + operations=[Operation(method="POST", path="/routers/{router_id}/conntrack_helpers")], ), base.APIRule( name="get_router_conntrack_helper", check_str=("role:reader and project_id:%(project_id)s or rule:ext_parent_owner"), description="Get a router conntrack helper", scope_types=["project"], - operations=[{"method": "GET", "path": "/routers/{router_id}/conntrack_helpers"}, {"method": "GET", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}"}], + operations=[Operation(method="GET", path="/routers/{router_id}/conntrack_helpers"), Operation(method="GET", path="/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}")], ), base.APIRule( name="update_router_conntrack_helper", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Update a router conntrack helper", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}"}], + operations=[Operation(method="PUT", path="/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}")], ), base.APIRule( name="delete_router_conntrack_helper", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Delete a router conntrack helper", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}"}], + operations=[Operation(method="DELETE", path="/routers/{router_id}/conntrack_helpers/{conntrack_helper_id}")], ), base.APIRule( name="create_local_ip", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Create a Local IP", scope_types=["project"], - operations=[{"method": "POST", "path": "/local-ips"}], + operations=[Operation(method="POST", path="/local-ips")], ), base.APIRule( name="get_local_ip", check_str=("role:reader and project_id:%(project_id)s"), description="Get a Local IP", scope_types=["project"], - operations=[{"method": "GET", "path": "/local-ips"}, {"method": "GET", "path": "/local-ips/{id}"}], + operations=[Operation(method="GET", path="/local-ips"), Operation(method="GET", path="/local-ips/{id}")], ), base.APIRule( name="update_local_ip", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Update a Local IP", scope_types=["project"], - operations=[{"method": "PUT", "path": "/local-ips/{id}"}], + operations=[Operation(method="PUT", path="/local-ips/{id}")], ), base.APIRule( name="delete_local_ip", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a Local IP", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/local-ips/{id}"}], + operations=[Operation(method="DELETE", path="/local-ips/{id}")], ), base.APIRule( name="create_local_ip_port_association", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Create a Local IP port association", scope_types=["project"], - operations=[{"method": "POST", "path": "/local_ips/{local_ip_id}/port_associations"}], + operations=[Operation(method="POST", path="/local_ips/{local_ip_id}/port_associations")], ), base.APIRule( name="get_local_ip_port_association", check_str=("role:reader and project_id:%(project_id)s or rule:ext_parent_owner"), description="Get a Local IP port association", scope_types=["project"], - operations=[{"method": "GET", "path": "/local_ips/{local_ip_id}/port_associations"}, {"method": "GET", "path": "/local_ips/{local_ip_id}/port_associations/{fixed_port_id}"}], + operations=[Operation(method="GET", path="/local_ips/{local_ip_id}/port_associations"), Operation(method="GET", path="/local_ips/{local_ip_id}/port_associations/{fixed_port_id}")], ), base.APIRule( name="delete_local_ip_port_association", check_str=("(role:member or role:_member_) and project_id:%(project_id)s or rule:ext_parent_owner"), description="Delete a Local IP port association", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/local_ips/{local_ip_id}/port_associations/{fixed_port_id}"}], + operations=[Operation(method="DELETE", path="/local_ips/{local_ip_id}/port_associations/{fixed_port_id}")], ), base.APIRule( name="get_loggable_resource", check_str=("rule:admin_only"), description="Get loggable resources", scope_types=["project"], - operations=[{"method": "GET", "path": "/log/loggable-resources"}], + operations=[Operation(method="GET", path="/log/loggable-resources")], ), base.APIRule( name="create_log", check_str=("rule:admin_only"), description="Create a network log", scope_types=["project"], - operations=[{"method": "POST", "path": "/log/logs"}], + operations=[Operation(method="POST", path="/log/logs")], ), base.APIRule( name="get_log", check_str=("rule:admin_only"), description="Get a network log", scope_types=["project"], - operations=[{"method": "GET", "path": "/log/logs"}, {"method": "GET", "path": "/log/logs/{id}"}], + operations=[Operation(method="GET", path="/log/logs"), Operation(method="GET", path="/log/logs/{id}")], ), base.APIRule( name="update_log", check_str=("rule:admin_only"), description="Update a network log", scope_types=["project"], - operations=[{"method": "PUT", "path": "/log/logs/{id}"}], + operations=[Operation(method="PUT", path="/log/logs/{id}")], ), base.APIRule( name="delete_log", check_str=("rule:admin_only"), description="Delete a network log", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/log/logs/{id}"}], + operations=[Operation(method="DELETE", path="/log/logs/{id}")], ), base.APIRule( name="create_metering_label", check_str=("rule:admin_only"), description="Create a metering label", scope_types=["project"], - operations=[{"method": "POST", "path": "/metering/metering-labels"}], + operations=[Operation(method="POST", path="/metering/metering-labels")], ), base.APIRule( name="get_metering_label", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a metering label", scope_types=["project"], - operations=[{"method": "GET", "path": "/metering/metering-labels"}, {"method": "GET", "path": "/metering/metering-labels/{id}"}], + operations=[Operation(method="GET", path="/metering/metering-labels"), Operation(method="GET", path="/metering/metering-labels/{id}")], ), base.APIRule( name="delete_metering_label", check_str=("rule:admin_only"), description="Delete a metering label", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/metering/metering-labels/{id}"}], + operations=[Operation(method="DELETE", path="/metering/metering-labels/{id}")], ), base.APIRule( name="create_metering_label_rule", check_str=("rule:admin_only"), description="Create a metering label rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/metering/metering-label-rules"}], + operations=[Operation(method="POST", path="/metering/metering-label-rules")], ), base.APIRule( name="get_metering_label_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a metering label rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/metering/metering-label-rules"}, {"method": "GET", "path": "/metering/metering-label-rules/{id}"}], + operations=[Operation(method="GET", path="/metering/metering-label-rules"), Operation(method="GET", path="/metering/metering-label-rules/{id}")], ), base.APIRule( name="delete_metering_label_rule", check_str=("rule:admin_only"), description="Delete a metering label rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/metering/metering-label-rules/{id}"}], + operations=[Operation(method="DELETE", path="/metering/metering-label-rules/{id}")], ), base.APIRule( name="create_ndp_proxy", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Create a ndp proxy", scope_types=["project"], - operations=[{"method": "POST", "path": "/ndp_proxies"}], + operations=[Operation(method="POST", path="/ndp_proxies")], ), base.APIRule( name="get_ndp_proxy", check_str=("role:reader and project_id:%(project_id)s"), description="Get a ndp proxy", scope_types=["project"], - operations=[{"method": "GET", "path": "/ndp_proxies"}, {"method": "GET", "path": "/ndp_proxies/{id}"}], + operations=[Operation(method="GET", path="/ndp_proxies"), Operation(method="GET", path="/ndp_proxies/{id}")], ), base.APIRule( name="update_ndp_proxy", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Update a ndp proxy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ndp_proxies/{id}"}], + operations=[Operation(method="PUT", path="/ndp_proxies/{id}")], ), base.APIRule( name="delete_ndp_proxy", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a ndp proxy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/ndp_proxies/{id}"}], + operations=[Operation(method="DELETE", path="/ndp_proxies/{id}")], ), base.APIRule( name="create_network", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:shared", check_str=("rule:admin_only"), description="Create a shared network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:router:external", check_str=("rule:admin_only"), description="Create an external network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:is_default", check_str=("rule:admin_only"), description="Specify ``is_default`` attribute when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:port_security_enabled", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Specify ``port_security_enabled`` attribute when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:segments", check_str=("rule:admin_only"), description="Specify ``segments`` attribute when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:provider:network_type", check_str=("rule:admin_only"), description="Specify ``provider:network_type`` when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:provider:physical_network", check_str=("rule:admin_only"), description="Specify ``provider:physical_network`` when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="create_network:provider:segmentation_id", check_str=("rule:admin_only"), description="Specify ``provider:segmentation_id`` when creating a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/networks"}], + operations=[Operation(method="POST", path="/networks")], ), base.APIRule( name="get_network", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared or rule:external or rule:context_is_advsvc"), description="Get a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="get_network:router:external", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get ``router:external`` attribute of a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="get_network:segments", check_str=("rule:admin_only"), description="Get ``segments`` attribute of a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="get_network:provider:network_type", check_str=("rule:admin_only"), description="Get ``provider:network_type`` attribute of a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="get_network:provider:physical_network", check_str=("rule:admin_only"), description="Get ``provider:physical_network`` attribute of a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="get_network:provider:segmentation_id", check_str=("rule:admin_only"), description="Get ``provider:segmentation_id`` attribute of a network", scope_types=["project"], - operations=[{"method": "GET", "path": "/networks"}, {"method": "GET", "path": "/networks/{id}"}], + operations=[Operation(method="GET", path="/networks"), Operation(method="GET", path="/networks/{id}")], ), base.APIRule( name="update_network", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:segments", check_str=("rule:admin_only"), description="Update ``segments`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:shared", check_str=("rule:admin_only"), description="Update ``shared`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:provider:network_type", check_str=("rule:admin_only"), description="Update ``provider:network_type`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:provider:physical_network", check_str=("rule:admin_only"), description="Update ``provider:physical_network`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:provider:segmentation_id", check_str=("rule:admin_only"), description="Update ``provider:segmentation_id`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:router:external", check_str=("rule:admin_only"), description="Update ``router:external`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:is_default", check_str=("rule:admin_only"), description="Update ``is_default`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="update_network:port_security_enabled", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update ``port_security_enabled`` attribute of a network", scope_types=["project"], - operations=[{"method": "PUT", "path": "/networks/{id}"}], + operations=[Operation(method="PUT", path="/networks/{id}")], ), base.APIRule( name="delete_network", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a network", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/networks/{id}"}], + operations=[Operation(method="DELETE", path="/networks/{id}")], ), base.APIRule( name="get_network_ip_availability", check_str=("rule:admin_only"), description="Get network IP availability", scope_types=["project"], - operations=[{"method": "GET", "path": "/network-ip-availabilities"}, {"method": "GET", "path": "/network-ip-availabilities/{network_id}"}], + operations=[Operation(method="GET", path="/network-ip-availabilities"), Operation(method="GET", path="/network-ip-availabilities/{network_id}")], ), base.APIRule( name="create_network_segment_range", check_str=("rule:admin_only"), description="Create a network segment range", scope_types=["project"], - operations=[{"method": "POST", "path": "/network_segment_ranges"}], + operations=[Operation(method="POST", path="/network_segment_ranges")], ), base.APIRule( name="get_network_segment_range", check_str=("rule:admin_only"), description="Get a network segment range", scope_types=["project"], - operations=[{"method": "GET", "path": "/network_segment_ranges"}, {"method": "GET", "path": "/network_segment_ranges/{id}"}], + operations=[Operation(method="GET", path="/network_segment_ranges"), Operation(method="GET", path="/network_segment_ranges/{id}")], ), base.APIRule( name="update_network_segment_range", check_str=("rule:admin_only"), description="Update a network segment range", scope_types=["project"], - operations=[{"method": "PUT", "path": "/network_segment_ranges/{id}"}], + operations=[Operation(method="PUT", path="/network_segment_ranges/{id}")], ), base.APIRule( name="delete_network_segment_range", check_str=("rule:admin_only"), description="Delete a network segment range", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/network_segment_ranges/{id}"}], + operations=[Operation(method="DELETE", path="/network_segment_ranges/{id}")], ), base.APIRule( name="create_port", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:device_owner", check_str=("not rule:network_device or rule:admin_only or rule:context_is_advsvc or rule:network_owner"), description="Specify ``device_owner`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:mac_address", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Specify ``mac_address`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:fixed_ips", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"), description="Specify ``fixed_ips`` information when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:fixed_ips:ip_address", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Specify IP address in ``fixed_ips`` when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:fixed_ips:subnet_id", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"), description="Specify subnet ID in ``fixed_ips`` when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:port_security_enabled", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Specify ``port_security_enabled`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:binding:host_id", check_str=("rule:admin_only"), description="Specify ``binding:host_id`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:binding:profile", check_str=("rule:admin_only"), description="Specify ``binding:profile`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:binding:vnic_type", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Specify ``binding:vnic_type`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:allowed_address_pairs", check_str=("rule:admin_only or rule:network_owner"), description="Specify ``allowed_address_pairs`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:allowed_address_pairs:mac_address", check_str=("rule:admin_only or rule:network_owner"), description="Specify ``mac_address` of `allowed_address_pairs`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="create_port:allowed_address_pairs:ip_address", check_str=("rule:admin_only or rule:network_owner"), description="Specify ``ip_address`` of ``allowed_address_pairs`` attribute when creating a port", scope_types=["project"], - operations=[{"method": "POST", "path": "/ports"}], + operations=[Operation(method="POST", path="/ports")], ), base.APIRule( name="get_port", check_str=("rule:admin_only or rule:context_is_advsvc or role:reader and project_id:%(project_id)s"), description="Get a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="get_port:binding:vif_type", check_str=("rule:admin_only"), description="Get ``binding:vif_type`` attribute of a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="get_port:binding:vif_details", check_str=("rule:admin_only"), description="Get ``binding:vif_details`` attribute of a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="get_port:binding:host_id", check_str=("rule:admin_only"), description="Get ``binding:host_id`` attribute of a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="get_port:binding:profile", check_str=("rule:admin_only"), description="Get ``binding:profile`` attribute of a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="get_port:resource_request", check_str=("rule:admin_only"), description="Get ``resource_request`` attribute of a port", scope_types=["project"], - operations=[{"method": "GET", "path": "/ports"}, {"method": "GET", "path": "/ports/{id}"}], + operations=[Operation(method="GET", path="/ports"), Operation(method="GET", path="/ports/{id}")], ), base.APIRule( name="update_port", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s or rule:context_is_advsvc"), description="Update a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:device_owner", check_str=("not rule:network_device or rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Update ``device_owner`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:mac_address", check_str=("rule:admin_only or rule:context_is_advsvc"), description="Update ``mac_address`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:fixed_ips", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Specify ``fixed_ips`` information when updating a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:fixed_ips:ip_address", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Specify IP address in ``fixed_ips`` information when updating a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:fixed_ips:subnet_id", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only or rule:shared"), description="Specify subnet ID in ``fixed_ips`` information when updating a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:port_security_enabled", check_str=("rule:context_is_advsvc or rule:network_owner or rule:admin_only"), description="Update ``port_security_enabled`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:binding:host_id", check_str=("rule:admin_only"), description="Update ``binding:host_id`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:binding:profile", check_str=("rule:admin_only"), description="Update ``binding:profile`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:binding:vnic_type", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s or rule:context_is_advsvc"), description="Update ``binding:vnic_type`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:allowed_address_pairs", check_str=("rule:admin_only or rule:network_owner"), description="Update ``allowed_address_pairs`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:allowed_address_pairs:mac_address", check_str=("rule:admin_only or rule:network_owner"), description="Update ``mac_address`` of ``allowed_address_pairs`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:allowed_address_pairs:ip_address", check_str=("rule:admin_only or rule:network_owner"), description="Update ``ip_address`` of ``allowed_address_pairs`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="update_port:data_plane_status", check_str=("rule:admin_only or role:data_plane_integrator"), description="Update ``data_plane_status`` attribute of a port", scope_types=["project"], - operations=[{"method": "PUT", "path": "/ports/{id}"}], + operations=[Operation(method="PUT", path="/ports/{id}")], ), base.APIRule( name="delete_port", check_str=("rule:admin_only or rule:context_is_advsvc or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a port", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/ports/{id}"}], + operations=[Operation(method="DELETE", path="/ports/{id}")], ), base.APIRule( name="get_policy", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get QoS policies", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies"}, {"method": "GET", "path": "/qos/policies/{id}"}], + operations=[Operation(method="GET", path="/qos/policies"), Operation(method="GET", path="/qos/policies/{id}")], ), base.APIRule( name="create_policy", check_str=("rule:admin_only"), description="Create a QoS policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies"}], + operations=[Operation(method="POST", path="/qos/policies")], ), base.APIRule( name="update_policy", check_str=("rule:admin_only"), description="Update a QoS policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{id}")], ), base.APIRule( name="delete_policy", check_str=("rule:admin_only"), description="Delete a QoS policy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{id}")], ), base.APIRule( name="get_rule_type", check_str=("rule:admin_only"), description="Get available QoS rule types", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/rule-types"}, {"method": "GET", "path": "/qos/rule-types/{rule_type}"}], + operations=[Operation(method="GET", path="/qos/rule-types"), Operation(method="GET", path="/qos/rule-types/{rule_type}")], ), base.APIRule( name="get_policy_bandwidth_limit_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS bandwidth limit rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"}, {"method": "GET", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"}], + operations=[Operation(method="GET", path="/qos/policies/{policy_id}/bandwidth_limit_rules"), Operation(method="GET", path="/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}")], ), base.APIRule( name="create_policy_bandwidth_limit_rule", check_str=("rule:admin_only"), description="Create a QoS bandwidth limit rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules"}], + operations=[Operation(method="POST", path="/qos/policies/{policy_id}/bandwidth_limit_rules")], ), base.APIRule( name="update_policy_bandwidth_limit_rule", check_str=("rule:admin_only"), description="Update a QoS bandwidth limit rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}")], ), base.APIRule( name="delete_policy_bandwidth_limit_rule", check_str=("rule:admin_only"), description="Delete a QoS bandwidth limit rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{policy_id}/bandwidth_limit_rules/{rule_id}")], ), base.APIRule( name="get_policy_packet_rate_limit_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS packet rate limit rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies/{policy_id}/packet_rate_limit_rules"}, {"method": "GET", "path": "/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}"}], + operations=[Operation(method="GET", path="/qos/policies/{policy_id}/packet_rate_limit_rules"), Operation(method="GET", path="/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}")], ), base.APIRule( name="create_policy_packet_rate_limit_rule", check_str=("rule:admin_only"), description="Create a QoS packet rate limit rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/packet_rate_limit_rules"}], + operations=[Operation(method="POST", path="/qos/policies/{policy_id}/packet_rate_limit_rules")], ), base.APIRule( name="update_policy_packet_rate_limit_rule", check_str=("rule:admin_only"), description="Update a QoS packet rate limit rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}")], ), base.APIRule( name="delete_policy_packet_rate_limit_rule", check_str=("rule:admin_only"), description="Delete a QoS packet rate limit rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{policy_id}/packet_rate_limit_rules/{rule_id}")], ), base.APIRule( name="get_policy_dscp_marking_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS DSCP marking rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies/{policy_id}/dscp_marking_rules"}, {"method": "GET", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}], + operations=[Operation(method="GET", path="/qos/policies/{policy_id}/dscp_marking_rules"), Operation(method="GET", path="/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}")], ), base.APIRule( name="create_policy_dscp_marking_rule", check_str=("rule:admin_only"), description="Create a QoS DSCP marking rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/dscp_marking_rules"}], + operations=[Operation(method="POST", path="/qos/policies/{policy_id}/dscp_marking_rules")], ), base.APIRule( name="update_policy_dscp_marking_rule", check_str=("rule:admin_only"), description="Update a QoS DSCP marking rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}")], ), base.APIRule( name="delete_policy_dscp_marking_rule", check_str=("rule:admin_only"), description="Delete a QoS DSCP marking rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{policy_id}/dscp_marking_rules/{rule_id}")], ), base.APIRule( name="get_policy_minimum_bandwidth_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS minimum bandwidth rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"}, {"method": "GET", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}"}], + operations=[Operation(method="GET", path="/qos/policies/{policy_id}/minimum_bandwidth_rules"), Operation(method="GET", path="/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}")], ), base.APIRule( name="create_policy_minimum_bandwidth_rule", check_str=("rule:admin_only"), description="Create a QoS minimum bandwidth rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules"}], + operations=[Operation(method="POST", path="/qos/policies/{policy_id}/minimum_bandwidth_rules")], ), base.APIRule( name="update_policy_minimum_bandwidth_rule", check_str=("rule:admin_only"), description="Update a QoS minimum bandwidth rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}")], ), base.APIRule( name="delete_policy_minimum_bandwidth_rule", check_str=("rule:admin_only"), description="Delete a QoS minimum bandwidth rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{policy_id}/minimum_bandwidth_rules/{rule_id}")], ), base.APIRule( name="get_policy_minimum_packet_rate_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS minimum packet rate rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/policies/{policy_id}/minimum_packet_rate_rules"}, {"method": "GET", "path": "/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}"}], + operations=[Operation(method="GET", path="/qos/policies/{policy_id}/minimum_packet_rate_rules"), Operation(method="GET", path="/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}")], ), base.APIRule( name="create_policy_minimum_packet_rate_rule", check_str=("rule:admin_only"), description="Create a QoS minimum packet rate rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/qos/policies/{policy_id}/minimum_packet_rate_rules"}], + operations=[Operation(method="POST", path="/qos/policies/{policy_id}/minimum_packet_rate_rules")], ), base.APIRule( name="update_policy_minimum_packet_rate_rule", check_str=("rule:admin_only"), description="Update a QoS minimum packet rate rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}"}], + operations=[Operation(method="PUT", path="/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}")], ), base.APIRule( name="delete_policy_minimum_packet_rate_rule", check_str=("rule:admin_only"), description="Delete a QoS minimum packet rate rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}"}], + operations=[Operation(method="DELETE", path="/qos/policies/{policy_id}/minimum_packet_rate_rules/{rule_id}")], ), base.APIRule( name="get_alias_bandwidth_limit_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS bandwidth limit rule through alias", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], + operations=[Operation(method="GET", path="/qos/alias_bandwidth_limit_rules/{rule_id}/")], ), base.APIRule( name="update_alias_bandwidth_limit_rule", check_str=("rule:admin_only"), description="Update a QoS bandwidth limit rule through alias", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], + operations=[Operation(method="PUT", path="/qos/alias_bandwidth_limit_rules/{rule_id}/")], ), base.APIRule( name="delete_alias_bandwidth_limit_rule", check_str=("rule:admin_only"), description="Delete a QoS bandwidth limit rule through alias", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/alias_bandwidth_limit_rules/{rule_id}/"}], + operations=[Operation(method="DELETE", path="/qos/alias_bandwidth_limit_rules/{rule_id}/")], ), base.APIRule( name="get_alias_dscp_marking_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS DSCP marking rule through alias", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], + operations=[Operation(method="GET", path="/qos/alias_dscp_marking_rules/{rule_id}/")], ), base.APIRule( name="update_alias_dscp_marking_rule", check_str=("rule:admin_only"), description="Update a QoS DSCP marking rule through alias", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], + operations=[Operation(method="PUT", path="/qos/alias_dscp_marking_rules/{rule_id}/")], ), base.APIRule( name="delete_alias_dscp_marking_rule", check_str=("rule:admin_only"), description="Delete a QoS DSCP marking rule through alias", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/alias_dscp_marking_rules/{rule_id}/"}], + operations=[Operation(method="DELETE", path="/qos/alias_dscp_marking_rules/{rule_id}/")], ), base.APIRule( name="get_alias_minimum_bandwidth_rule", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a QoS minimum bandwidth rule through alias", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}], + operations=[Operation(method="GET", path="/qos/alias_minimum_bandwidth_rules/{rule_id}/")], ), base.APIRule( name="update_alias_minimum_bandwidth_rule", check_str=("rule:admin_only"), description="Update a QoS minimum bandwidth rule through alias", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}], + operations=[Operation(method="PUT", path="/qos/alias_minimum_bandwidth_rules/{rule_id}/")], ), base.APIRule( name="delete_alias_minimum_bandwidth_rule", check_str=("rule:admin_only"), description="Delete a QoS minimum bandwidth rule through alias", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/alias_minimum_bandwidth_rules/{rule_id}/"}], + operations=[Operation(method="DELETE", path="/qos/alias_minimum_bandwidth_rules/{rule_id}/")], ), base.APIRule( name="get_alias_minimum_packet_rate_rule", check_str=("rule:get_policy_minimum_packet_rate_rule"), description="Get a QoS minimum packet rate rule through alias", scope_types=["project"], - operations=[{"method": "GET", "path": "/qos/alias_minimum_packet_rate_rules/{rule_id}/"}], + operations=[Operation(method="GET", path="/qos/alias_minimum_packet_rate_rules/{rule_id}/")], ), base.APIRule( name="update_alias_minimum_packet_rate_rule", check_str=("rule:update_policy_minimum_packet_rate_rule"), description="Update a QoS minimum packet rate rule through alias", scope_types=["project"], - operations=[{"method": "PUT", "path": "/qos/alias_minimum_packet_rate_rules/{rule_id}/"}], + operations=[Operation(method="PUT", path="/qos/alias_minimum_packet_rate_rules/{rule_id}/")], ), base.APIRule( name="delete_alias_minimum_packet_rate_rule", check_str=("rule:delete_policy_minimum_packet_rate_rule"), description="Delete a QoS minimum packet rate rule through alias", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/qos/alias_minimum_packet_rate_rules/{rule_id}/"}], + operations=[Operation(method="DELETE", path="/qos/alias_minimum_packet_rate_rules/{rule_id}/")], ), base.APIRule( name="get_quota", check_str=("rule:admin_only"), description="Get a resource quota", scope_types=["project"], - operations=[{"method": "GET", "path": "/quota"}, {"method": "GET", "path": "/quota/{id}"}], + operations=[Operation(method="GET", path="/quota"), Operation(method="GET", path="/quota/{id}")], ), base.APIRule( name="update_quota", check_str=("rule:admin_only"), description="Update a resource quota", scope_types=["project"], - operations=[{"method": "PUT", "path": "/quota/{id}"}], + operations=[Operation(method="PUT", path="/quota/{id}")], ), base.APIRule( name="delete_quota", check_str=("rule:admin_only"), description="Delete a resource quota", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/quota/{id}"}], + operations=[Operation(method="DELETE", path="/quota/{id}")], ), base.APIRule( name="create_rbac_policy", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create an RBAC policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/rbac-policies"}], + operations=[Operation(method="POST", path="/rbac-policies")], ), base.APIRule( name="create_rbac_policy:target_tenant", check_str=("rule:admin_only or (not field:rbac_policy:target_tenant=* and not field:rbac_policy:target_project=*)"), description="Specify ``target_tenant`` when creating an RBAC policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/rbac-policies"}], + operations=[Operation(method="POST", path="/rbac-policies")], ), base.APIRule( name="update_rbac_policy", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update an RBAC policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/rbac-policies/{id}"}], + operations=[Operation(method="PUT", path="/rbac-policies/{id}")], ), base.APIRule( name="update_rbac_policy:target_tenant", check_str=("rule:admin_only or (not field:rbac_policy:target_tenant=* and not field:rbac_policy:target_project=*)"), description="Update ``target_tenant`` attribute of an RBAC policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/rbac-policies/{id}"}], + operations=[Operation(method="PUT", path="/rbac-policies/{id}")], ), base.APIRule( name="get_rbac_policy", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get an RBAC policy", scope_types=["project"], - operations=[{"method": "GET", "path": "/rbac-policies"}, {"method": "GET", "path": "/rbac-policies/{id}"}], + operations=[Operation(method="GET", path="/rbac-policies"), Operation(method="GET", path="/rbac-policies/{id}")], ), base.APIRule( name="delete_rbac_policy", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete an RBAC policy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/rbac-policies/{id}"}], + operations=[Operation(method="DELETE", path="/rbac-policies/{id}")], ), base.APIRule( name="create_router", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:distributed", check_str=("rule:admin_only"), description="Specify ``distributed`` attribute when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:ha", check_str=("rule:admin_only"), description="Specify ``ha`` attribute when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:external_gateway_info", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Specify ``external_gateway_info`` information when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:external_gateway_info:network_id", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Specify ``network_id`` in ``external_gateway_info`` information when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:external_gateway_info:enable_snat", check_str=("rule:admin_only"), description="Specify ``enable_snat`` in ``external_gateway_info`` information when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="create_router:external_gateway_info:external_fixed_ips", check_str=("rule:admin_only"), description="Specify ``external_fixed_ips`` in ``external_gateway_info`` information when creating a router", scope_types=["project"], - operations=[{"method": "POST", "path": "/routers"}], + operations=[Operation(method="POST", path="/routers")], ), base.APIRule( name="get_router", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s"), description="Get a router", scope_types=["project"], - operations=[{"method": "GET", "path": "/routers"}, {"method": "GET", "path": "/routers/{id}"}], + operations=[Operation(method="GET", path="/routers"), Operation(method="GET", path="/routers/{id}")], ), base.APIRule( name="get_router:distributed", check_str=("rule:admin_only"), description="Get ``distributed`` attribute of a router", scope_types=["project"], - operations=[{"method": "GET", "path": "/routers"}, {"method": "GET", "path": "/routers/{id}"}], + operations=[Operation(method="GET", path="/routers"), Operation(method="GET", path="/routers/{id}")], ), base.APIRule( name="get_router:ha", check_str=("rule:admin_only"), description="Get ``ha`` attribute of a router", scope_types=["project"], - operations=[{"method": "GET", "path": "/routers"}, {"method": "GET", "path": "/routers/{id}"}], + operations=[Operation(method="GET", path="/routers"), Operation(method="GET", path="/routers/{id}")], ), base.APIRule( name="update_router", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:distributed", check_str=("rule:admin_only"), description="Update ``distributed`` attribute of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:ha", check_str=("rule:admin_only"), description="Update ``ha`` attribute of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:external_gateway_info", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update ``external_gateway_info`` information of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:external_gateway_info:network_id", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update ``network_id`` attribute of ``external_gateway_info`` information of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:external_gateway_info:enable_snat", check_str=("rule:admin_only"), description="Update ``enable_snat`` attribute of ``external_gateway_info`` information of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="update_router:external_gateway_info:external_fixed_ips", check_str=("rule:admin_only"), description="Update ``external_fixed_ips`` attribute of ``external_gateway_info`` information of a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}"}], + operations=[Operation(method="PUT", path="/routers/{id}")], ), base.APIRule( name="delete_router", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a router", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/routers/{id}"}], + operations=[Operation(method="DELETE", path="/routers/{id}")], ), base.APIRule( name="add_router_interface", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Add an interface to a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}/add_router_interface"}], + operations=[Operation(method="PUT", path="/routers/{id}/add_router_interface")], ), base.APIRule( name="remove_router_interface", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Remove an interface from a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}/remove_router_interface"}], + operations=[Operation(method="PUT", path="/routers/{id}/remove_router_interface")], ), base.APIRule( name="add_extraroutes", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Add extra route to a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}/add_extraroutes"}], + operations=[Operation(method="PUT", path="/routers/{id}/add_extraroutes")], ), base.APIRule( name="remove_extraroutes", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Remove extra route from a router", scope_types=["project"], - operations=[{"method": "PUT", "path": "/routers/{id}/remove_extraroutes"}], + operations=[Operation(method="PUT", path="/routers/{id}/remove_extraroutes")], ), base.APIRule( name="create_security_group", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Create a security group", scope_types=["project"], - operations=[{"method": "POST", "path": "/security-groups"}], + operations=[Operation(method="POST", path="/security-groups")], ), base.APIRule( name="get_security_group", check_str=("role:reader and project_id:%(project_id)s"), description="Get a security group", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-groups"}, {"method": "GET", "path": "/security-groups/{id}"}], + operations=[Operation(method="GET", path="/security-groups"), Operation(method="GET", path="/security-groups/{id}")], ), base.APIRule( name="update_security_group", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Update a security group", scope_types=["project"], - operations=[{"method": "PUT", "path": "/security-groups/{id}"}], + operations=[Operation(method="PUT", path="/security-groups/{id}")], ), base.APIRule( name="delete_security_group", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a security group", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/security-groups/{id}"}], + operations=[Operation(method="DELETE", path="/security-groups/{id}")], ), base.APIRule( name="create_security_group_rule", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Create a security group rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/security-group-rules"}], + operations=[Operation(method="POST", path="/security-group-rules")], ), base.APIRule( name="get_security_group_rule", check_str=("role:reader and project_id:%(project_id)s or rule:sg_owner"), description="Get a security group rule", scope_types=["project"], - operations=[{"method": "GET", "path": "/security-group-rules"}, {"method": "GET", "path": "/security-group-rules/{id}"}], + operations=[Operation(method="GET", path="/security-group-rules"), Operation(method="GET", path="/security-group-rules/{id}")], ), base.APIRule( name="delete_security_group_rule", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a security group rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/security-group-rules/{id}"}], + operations=[Operation(method="DELETE", path="/security-group-rules/{id}")], ), base.APIRule( name="create_segment", check_str=("rule:admin_only"), description="Create a segment", scope_types=["project"], - operations=[{"method": "POST", "path": "/segments"}], + operations=[Operation(method="POST", path="/segments")], ), base.APIRule( name="get_segment", check_str=("rule:admin_only"), description="Get a segment", scope_types=["project"], - operations=[{"method": "GET", "path": "/segments"}, {"method": "GET", "path": "/segments/{id}"}], + operations=[Operation(method="GET", path="/segments"), Operation(method="GET", path="/segments/{id}")], ), base.APIRule( name="update_segment", check_str=("rule:admin_only"), description="Update a segment", scope_types=["project"], - operations=[{"method": "PUT", "path": "/segments/{id}"}], + operations=[Operation(method="PUT", path="/segments/{id}")], ), base.APIRule( name="delete_segment", check_str=("rule:admin_only"), description="Delete a segment", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/segments/{id}"}], + operations=[Operation(method="DELETE", path="/segments/{id}")], ), base.APIRule( name="get_service_provider", check_str=("role:reader"), description="Get service providers", scope_types=["project"], - operations=[{"method": "GET", "path": "/service-providers"}], + operations=[Operation(method="GET", path="/service-providers")], ), base.APIRule( name="create_subnet", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s or rule:network_owner"), description="Create a subnet", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnets"}], + operations=[Operation(method="POST", path="/subnets")], ), base.APIRule( name="create_subnet:segment_id", check_str=("rule:admin_only"), description="Specify ``segment_id`` attribute when creating a subnet", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnets"}], + operations=[Operation(method="POST", path="/subnets")], ), base.APIRule( name="create_subnet:service_types", check_str=("rule:admin_only"), description="Specify ``service_types`` attribute when creating a subnet", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnets"}], + operations=[Operation(method="POST", path="/subnets")], ), base.APIRule( name="get_subnet", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared"), description="Get a subnet", scope_types=["project"], - operations=[{"method": "GET", "path": "/subnets"}, {"method": "GET", "path": "/subnets/{id}"}], + operations=[Operation(method="GET", path="/subnets"), Operation(method="GET", path="/subnets/{id}")], ), base.APIRule( name="get_subnet:segment_id", check_str=("rule:admin_only"), description="Get ``segment_id`` attribute of a subnet", scope_types=["project"], - operations=[{"method": "GET", "path": "/subnets"}, {"method": "GET", "path": "/subnets/{id}"}], + operations=[Operation(method="GET", path="/subnets"), Operation(method="GET", path="/subnets/{id}")], ), base.APIRule( name="update_subnet", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s or rule:network_owner"), description="Update a subnet", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnets/{id}"}], + operations=[Operation(method="PUT", path="/subnets/{id}")], ), base.APIRule( name="update_subnet:segment_id", check_str=("rule:admin_only"), description="Update ``segment_id`` attribute of a subnet", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnets/{id}"}], + operations=[Operation(method="PUT", path="/subnets/{id}")], ), base.APIRule( name="update_subnet:service_types", check_str=("rule:admin_only"), description="Update ``service_types`` attribute of a subnet", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnets/{id}"}], + operations=[Operation(method="PUT", path="/subnets/{id}")], ), base.APIRule( name="delete_subnet", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s or rule:network_owner"), description="Delete a subnet", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/subnets/{id}"}], + operations=[Operation(method="DELETE", path="/subnets/{id}")], ), base.APIRule( name="create_subnetpool", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Create a subnetpool", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnetpools"}], + operations=[Operation(method="POST", path="/subnetpools")], ), base.APIRule( name="create_subnetpool:shared", check_str=("rule:admin_only"), description="Create a shared subnetpool", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnetpools"}], + operations=[Operation(method="POST", path="/subnetpools")], ), base.APIRule( name="create_subnetpool:is_default", check_str=("rule:admin_only"), description="Specify ``is_default`` attribute when creating a subnetpool", scope_types=["project"], - operations=[{"method": "POST", "path": "/subnetpools"}], + operations=[Operation(method="POST", path="/subnetpools")], ), base.APIRule( name="get_subnetpool", check_str=("rule:admin_only or role:reader and project_id:%(project_id)s or rule:shared_subnetpools"), description="Get a subnetpool", scope_types=["project"], - operations=[{"method": "GET", "path": "/subnetpools"}, {"method": "GET", "path": "/subnetpools/{id}"}], + operations=[Operation(method="GET", path="/subnetpools"), Operation(method="GET", path="/subnetpools/{id}")], ), base.APIRule( name="update_subnetpool", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Update a subnetpool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnetpools/{id}"}], + operations=[Operation(method="PUT", path="/subnetpools/{id}")], ), base.APIRule( name="update_subnetpool:is_default", check_str=("rule:admin_only"), description="Update ``is_default`` attribute of a subnetpool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnetpools/{id}"}], + operations=[Operation(method="PUT", path="/subnetpools/{id}")], ), base.APIRule( name="delete_subnetpool", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a subnetpool", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/subnetpools/{id}"}], + operations=[Operation(method="DELETE", path="/subnetpools/{id}")], ), base.APIRule( name="onboard_network_subnets", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Onboard existing subnet into a subnetpool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnetpools/{id}/onboard_network_subnets"}], + operations=[Operation(method="PUT", path="/subnetpools/{id}/onboard_network_subnets")], ), base.APIRule( name="add_prefixes", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Add prefixes to a subnetpool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnetpools/{id}/add_prefixes"}], + operations=[Operation(method="PUT", path="/subnetpools/{id}/add_prefixes")], ), base.APIRule( name="remove_prefixes", check_str=("rule:admin_only or (role:member or role:_member_) and project_id:%(project_id)s"), description="Remove unallocated prefixes from a subnetpool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/subnetpools/{id}/remove_prefixes"}], + operations=[Operation(method="PUT", path="/subnetpools/{id}/remove_prefixes")], ), base.APIRule( name="create_trunk", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Create a trunk", scope_types=["project"], - operations=[{"method": "POST", "path": "/trunks"}], + operations=[Operation(method="POST", path="/trunks")], ), base.APIRule( name="get_trunk", check_str=("role:reader and project_id:%(project_id)s"), description="Get a trunk", scope_types=["project"], - operations=[{"method": "GET", "path": "/trunks"}, {"method": "GET", "path": "/trunks/{id}"}], + operations=[Operation(method="GET", path="/trunks"), Operation(method="GET", path="/trunks/{id}")], ), base.APIRule( name="update_trunk", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Update a trunk", scope_types=["project"], - operations=[{"method": "PUT", "path": "/trunks/{id}"}], + operations=[Operation(method="PUT", path="/trunks/{id}")], ), base.APIRule( name="delete_trunk", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete a trunk", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/trunks/{id}"}], + operations=[Operation(method="DELETE", path="/trunks/{id}")], ), base.APIRule( name="get_subports", check_str=("role:reader and project_id:%(project_id)s"), description="List subports attached to a trunk", scope_types=["project"], - operations=[{"method": "GET", "path": "/trunks/{id}/get_subports"}], + operations=[Operation(method="GET", path="/trunks/{id}/get_subports")], ), base.APIRule( name="add_subports", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Add subports to a trunk", scope_types=["project"], - operations=[{"method": "PUT", "path": "/trunks/{id}/add_subports"}], + operations=[Operation(method="PUT", path="/trunks/{id}/add_subports")], ), base.APIRule( name="remove_subports", check_str=("(role:member or role:_member_) and project_id:%(project_id)s"), description="Delete subports from a trunk", scope_types=["project"], - operations=[{"method": "PUT", "path": "/trunks/{id}/remove_subports"}], + operations=[Operation(method="PUT", path="/trunks/{id}/remove_subports")], ), base.APIRule( name="create_endpoint_group", check_str=("rule:regular_user"), description="Create a VPN endpoint group", scope_types=["project"], - operations=[{"method": "POST", "path": "/vpn/endpoint-groups"}], + operations=[Operation(method="POST", path="/vpn/endpoint-groups")], ), base.APIRule( name="update_endpoint_group", check_str=("rule:admin_or_owner"), description="Update a VPN endpoint group", scope_types=["project"], - operations=[{"method": "PUT", "path": "/vpn/endpoint-groups/{id}"}], + operations=[Operation(method="PUT", path="/vpn/endpoint-groups/{id}")], ), base.APIRule( name="delete_endpoint_group", check_str=("rule:admin_or_owner"), description="Delete a VPN endpoint group", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/vpn/endpoint-groups/{id}"}], + operations=[Operation(method="DELETE", path="/vpn/endpoint-groups/{id}")], ), base.APIRule( name="get_endpoint_group", check_str=("rule:admin_or_owner"), description="Get VPN endpoint groups", scope_types=["project"], - operations=[{"method": "GET", "path": "/vpn/endpoint-groups"}, {"method": "GET", "path": "/vpn/endpoint-groups/{id}"}], + operations=[Operation(method="GET", path="/vpn/endpoint-groups"), Operation(method="GET", path="/vpn/endpoint-groups/{id}")], ), base.APIRule( name="create_ikepolicy", check_str=("rule:regular_user"), description="Create an IKE policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/vpn/ikepolicies"}], + operations=[Operation(method="POST", path="/vpn/ikepolicies")], ), base.APIRule( name="update_ikepolicy", check_str=("rule:admin_or_owner"), description="Update an IKE policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/vpn/ikepolicies/{id}"}], + operations=[Operation(method="PUT", path="/vpn/ikepolicies/{id}")], ), base.APIRule( name="delete_ikepolicy", check_str=("rule:admin_or_owner"), description="Delete an IKE policy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/vpn/ikepolicies/{id}"}], + operations=[Operation(method="DELETE", path="/vpn/ikepolicies/{id}")], ), base.APIRule( name="get_ikepolicy", check_str=("rule:admin_or_owner"), description="Get IKE policyies", scope_types=["project"], - operations=[{"method": "GET", "path": "/vpn/ikepolicies"}, {"method": "GET", "path": "/vpn/ikepolicies/{id}"}], + operations=[Operation(method="GET", path="/vpn/ikepolicies"), Operation(method="GET", path="/vpn/ikepolicies/{id}")], ), base.APIRule( name="create_ipsecpolicy", check_str=("rule:regular_user"), description="Create an IPsec policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/vpn/ipsecpolicies"}], + operations=[Operation(method="POST", path="/vpn/ipsecpolicies")], ), base.APIRule( name="update_ipsecpolicy", check_str=("rule:admin_or_owner"), description="Update an IPsec policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/vpn/ipsecpolicies/{id}"}], + operations=[Operation(method="PUT", path="/vpn/ipsecpolicies/{id}")], ), base.APIRule( name="delete_ipsecpolicy", check_str=("rule:admin_or_owner"), description="Delete an IPsec policy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/vpn/ipsecpolicies/{id}"}], + operations=[Operation(method="DELETE", path="/vpn/ipsecpolicies/{id}")], ), base.APIRule( name="get_ipsecpolicy", check_str=("rule:admin_or_owner"), description="Get IPsec policies", scope_types=["project"], - operations=[{"method": "GET", "path": "/vpn/ipsecpolicies"}, {"method": "GET", "path": "/vpn/ipsecpolicies/{id}"}], + operations=[Operation(method="GET", path="/vpn/ipsecpolicies"), Operation(method="GET", path="/vpn/ipsecpolicies/{id}")], ), base.APIRule( name="create_ipsec_site_connection", check_str=("rule:regular_user"), description="Create an IPsec site connection", scope_types=["project"], - operations=[{"method": "POST", "path": "/vpn/ipsec-site-connections"}], + operations=[Operation(method="POST", path="/vpn/ipsec-site-connections")], ), base.APIRule( name="update_ipsec_site_connection", check_str=("rule:admin_or_owner"), description="Update an IPsec site connection", scope_types=["project"], - operations=[{"method": "PUT", "path": "/vpn/ipsec-site-connections/{id}"}], + operations=[Operation(method="PUT", path="/vpn/ipsec-site-connections/{id}")], ), base.APIRule( name="delete_ipsec_site_connection", check_str=("rule:admin_or_owner"), description="Delete an IPsec site connection", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/vpn/ipsec-site-connections/{id}"}], + operations=[Operation(method="DELETE", path="/vpn/ipsec-site-connections/{id}")], ), base.APIRule( name="get_ipsec_site_connection", check_str=("rule:admin_or_owner"), description="Get IPsec site connections", scope_types=["project"], - operations=[{"method": "GET", "path": "/vpn/ipsec-site-connections"}, {"method": "GET", "path": "/vpn/ipsec-site-connections/{id}"}], + operations=[Operation(method="GET", path="/vpn/ipsec-site-connections"), Operation(method="GET", path="/vpn/ipsec-site-connections/{id}")], ), base.APIRule( name="create_vpnservice", check_str=("rule:regular_user"), description="Create a VPN service", scope_types=["project"], - operations=[{"method": "POST", "path": "/vpn/vpnservices"}], + operations=[Operation(method="POST", path="/vpn/vpnservices")], ), base.APIRule( name="update_vpnservice", check_str=("rule:admin_or_owner"), description="Update a VPN service", scope_types=["project"], - operations=[{"method": "PUT", "path": "/vpn/vpnservices/{id}"}], + operations=[Operation(method="PUT", path="/vpn/vpnservices/{id}")], ), base.APIRule( name="delete_vpnservice", check_str=("rule:admin_or_owner"), description="Delete a VPN service", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/vpn/vpnservices/{id}"}], + operations=[Operation(method="DELETE", path="/vpn/vpnservices/{id}")], ), base.APIRule( name="get_vpnservice", check_str=("rule:admin_or_owner"), description="Get VPN services", scope_types=["project"], - operations=[{"method": "GET", "path": "/vpn/vpnservices"}, {"method": "GET", "path": "/vpn/vpnservices/{id}"}], + operations=[Operation(method="GET", path="/vpn/vpnservices"), Operation(method="GET", path="/vpn/vpnservices/{id}")], ), ) diff --git a/skyline_apiserver/policy/manager/nova.py b/skyline_apiserver/policy/manager/nova.py index 049cb7a..d48cecc 100644 --- a/skyline_apiserver/policy/manager/nova.py +++ b/skyline_apiserver/policy/manager/nova.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -58,1358 +60,1358 @@ list_rules = ( check_str=("rule:context_is_admin"), description="Reset the state of a given server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-resetState)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-resetState)")], ), base.APIRule( name="os_compute_api:os-admin-actions:inject_network_info", check_str=("rule:context_is_admin"), description="Inject network information into the server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (injectNetworkInfo)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (injectNetworkInfo)")], ), base.APIRule( name="os_compute_api:os-admin-password", check_str=("rule:project_member_or_admin"), description="Change the administrative password for a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (changePassword)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (changePassword)")], ), base.APIRule( name="os_compute_api:os-aggregates:set_metadata", check_str=("rule:context_is_admin"), description="Create or replace metadata for an aggregate", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (set_metadata)"}], + operations=[Operation(method="POST", path="/os-aggregates/{aggregate_id}/action (set_metadata)")], ), base.APIRule( name="os_compute_api:os-aggregates:add_host", check_str=("rule:context_is_admin"), description="Add a host to an aggregate", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (add_host)"}], + operations=[Operation(method="POST", path="/os-aggregates/{aggregate_id}/action (add_host)")], ), base.APIRule( name="os_compute_api:os-aggregates:create", check_str=("rule:context_is_admin"), description="Create an aggregate", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-aggregates"}], + operations=[Operation(method="POST", path="/os-aggregates")], ), base.APIRule( name="os_compute_api:os-aggregates:remove_host", check_str=("rule:context_is_admin"), description="Remove a host from an aggregate", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/action (remove_host)"}], + operations=[Operation(method="POST", path="/os-aggregates/{aggregate_id}/action (remove_host)")], ), base.APIRule( name="os_compute_api:os-aggregates:update", check_str=("rule:context_is_admin"), description="Update name and/or availability zone for an aggregate", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-aggregates/{aggregate_id}"}], + operations=[Operation(method="PUT", path="/os-aggregates/{aggregate_id}")], ), base.APIRule( name="os_compute_api:os-aggregates:index", check_str=("rule:context_is_admin"), description="List all aggregates", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-aggregates"}], + operations=[Operation(method="GET", path="/os-aggregates")], ), base.APIRule( name="os_compute_api:os-aggregates:delete", check_str=("rule:context_is_admin"), description="Delete an aggregate", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-aggregates/{aggregate_id}"}], + operations=[Operation(method="DELETE", path="/os-aggregates/{aggregate_id}")], ), base.APIRule( name="os_compute_api:os-aggregates:show", check_str=("rule:context_is_admin"), description="Show details for an aggregate", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-aggregates/{aggregate_id}"}], + operations=[Operation(method="GET", path="/os-aggregates/{aggregate_id}")], ), base.APIRule( name="compute:aggregates:images", check_str=("rule:context_is_admin"), description="Request image caching for an aggregate", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-aggregates/{aggregate_id}/images"}], + operations=[Operation(method="POST", path="/os-aggregates/{aggregate_id}/images")], ), base.APIRule( name="os_compute_api:os-assisted-volume-snapshots:create", check_str=("rule:context_is_admin"), description="Create an assisted volume snapshot", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-assisted-volume-snapshots"}], + operations=[Operation(method="POST", path="/os-assisted-volume-snapshots")], ), base.APIRule( name="os_compute_api:os-assisted-volume-snapshots:delete", check_str=("rule:context_is_admin"), description="Delete an assisted volume snapshot", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-assisted-volume-snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/os-assisted-volume-snapshots/{snapshot_id}")], ), base.APIRule( name="os_compute_api:os-attach-interfaces:list", check_str=("rule:project_reader_or_admin"), description="List port interfaces attached to a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-interface"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-interface")], ), base.APIRule( name="os_compute_api:os-attach-interfaces:show", check_str=("rule:project_reader_or_admin"), description="Show details of a port interface attached to a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-interface/{port_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-interface/{port_id}")], ), base.APIRule( name="os_compute_api:os-attach-interfaces:create", check_str=("rule:project_member_or_admin"), description="Attach an interface to a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/os-interface"}], + operations=[Operation(method="POST", path="/servers/{server_id}/os-interface")], ), base.APIRule( name="os_compute_api:os-attach-interfaces:delete", check_str=("rule:project_member_or_admin"), description="Detach an interface from a server", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/os-interface/{port_id}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/os-interface/{port_id}")], ), base.APIRule( name="os_compute_api:os-availability-zone:list", check_str=("@"), description="List availability zone information without host information", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-availability-zone"}], + operations=[Operation(method="GET", path="/os-availability-zone")], ), base.APIRule( name="os_compute_api:os-availability-zone:detail", check_str=("rule:context_is_admin"), description="List detailed availability zone information with host information", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-availability-zone/detail"}], + operations=[Operation(method="GET", path="/os-availability-zone/detail")], ), base.APIRule( name="os_compute_api:os-baremetal-nodes:list", check_str=("rule:context_is_admin"), description="List and show details of bare metal nodes.\n#\n#These APIs are proxy calls to the Ironic service and are deprecated.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-baremetal-nodes"}], + operations=[Operation(method="GET", path="/os-baremetal-nodes")], ), base.APIRule( name="os_compute_api:os-baremetal-nodes:show", check_str=("rule:context_is_admin"), description="Show action details for a server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-baremetal-nodes/{node_id}"}], + operations=[Operation(method="GET", path="/os-baremetal-nodes/{node_id}")], ), base.APIRule( name="os_compute_api:os-console-auth-tokens", check_str=("rule:context_is_admin"), description="Show console connection information for a given console authentication token", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-console-auth-tokens/{console_token}"}], + operations=[Operation(method="GET", path="/os-console-auth-tokens/{console_token}")], ), base.APIRule( name="os_compute_api:os-console-output", check_str=("rule:project_member_or_admin"), description="Show console output for a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-getConsoleOutput)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-getConsoleOutput)")], ), base.APIRule( name="os_compute_api:os-create-backup", check_str=("rule:project_member_or_admin"), description="Create a back up of a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (createBackup)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (createBackup)")], ), base.APIRule( name="os_compute_api:os-deferred-delete:restore", check_str=("rule:project_member_or_admin"), description="Restore a soft deleted server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (restore)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (restore)")], ), base.APIRule( name="os_compute_api:os-deferred-delete:force", check_str=("rule:project_member_or_admin"), description="Force delete a server before deferred cleanup", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (forceDelete)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (forceDelete)")], ), base.APIRule( name="os_compute_api:os-evacuate", check_str=("rule:context_is_admin"), description="Evacuate a server from a failed host to a new host", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (evacuate)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (evacuate)")], ), base.APIRule( name="os_compute_api:os-extended-server-attributes", check_str=("rule:context_is_admin"), description="Return extended attributes for server.\n#\n#This rule will control the visibility for a set of servers attributes:\n#\n#- ``OS-EXT-SRV-ATTR:host``\n#- ``OS-EXT-SRV-ATTR:instance_name``\n#- ``OS-EXT-SRV-ATTR:reservation_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:launch_index`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:hostname`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:kernel_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:ramdisk_id`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:root_device_name`` (since microversion 2.3)\n#- ``OS-EXT-SRV-ATTR:user_data`` (since microversion 2.3)\n#\n#Microvision 2.75 added the above attributes in the ``PUT /servers/{server_id}``\n#and ``POST /servers/{server_id}/action (rebuild)`` API responses which are\n#also controlled by this policy rule, like the ``GET /servers*`` APIs.\n#\n#Microversion 2.90 made the ``OS-EXT-SRV-ATTR:hostname`` attribute available to\n#all users, so this policy has no effect on that field for microversions 2.90\n#and greater. Controlling the visibility of this attribute for all microversions\n#is therefore deprecated and will be removed in a future release.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{id}"}, {"method": "GET", "path": "/servers/detail"}, {"method": "PUT", "path": "/servers/{server_id}"}, {"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="GET", path="/servers/{id}"), Operation(method="GET", path="/servers/detail"), Operation(method="PUT", path="/servers/{server_id}"), Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:extensions", check_str=("@"), description="List available extensions and show information for an extension by alias", scope_types=["project"], - operations=[{"method": "GET", "path": "/extensions"}, {"method": "GET", "path": "/extensions/{alias}"}], + operations=[Operation(method="GET", path="/extensions"), Operation(method="GET", path="/extensions/{alias}")], ), base.APIRule( name="os_compute_api:os-flavor-access:add_tenant_access", check_str=("rule:context_is_admin"), description="Add flavor access to a tenant", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (addTenantAccess)"}], + operations=[Operation(method="POST", path="/flavors/{flavor_id}/action (addTenantAccess)")], ), base.APIRule( name="os_compute_api:os-flavor-access:remove_tenant_access", check_str=("rule:context_is_admin"), description="Remove flavor access from a tenant", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors/{flavor_id}/action (removeTenantAccess)"}], + operations=[Operation(method="POST", path="/flavors/{flavor_id}/action (removeTenantAccess)")], ), base.APIRule( name="os_compute_api:os-flavor-access", check_str=("rule:context_is_admin"), description="List flavor access information\n#\n#Allows access to the full list of tenants that have access\n#to a flavor via an os-flavor-access API.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-flavor-access"}], + operations=[Operation(method="GET", path="/flavors/{flavor_id}/os-flavor-access")], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:show", check_str=("rule:project_reader_or_admin"), description="Show an extra spec for a flavor", scope_types=["project"], - operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], + operations=[Operation(method="GET", path="/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}")], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:create", check_str=("rule:context_is_admin"), description="Create extra specs for a flavor", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors/{flavor_id}/os-extra_specs/"}], + operations=[Operation(method="POST", path="/flavors/{flavor_id}/os-extra_specs/")], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:update", check_str=("rule:context_is_admin"), description="Update an extra spec for a flavor", scope_types=["project"], - operations=[{"method": "PUT", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], + operations=[Operation(method="PUT", path="/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}")], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:delete", check_str=("rule:context_is_admin"), description="Delete an extra spec for a flavor", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}"}], + operations=[Operation(method="DELETE", path="/flavors/{flavor_id}/os-extra_specs/{flavor_extra_spec_key}")], ), base.APIRule( name="os_compute_api:os-flavor-extra-specs:index", check_str=("rule:project_reader_or_admin"), description="List extra specs for a flavor. Starting with microversion 2.61, extra specs may be returned in responses for the flavor resource.", scope_types=["project"], - operations=[{"method": "GET", "path": "/flavors/{flavor_id}/os-extra_specs/"}, {"method": "POST", "path": "/flavors"}, {"method": "GET", "path": "/flavors/detail"}, {"method": "GET", "path": "/flavors/{flavor_id}"}, {"method": "PUT", "path": "/flavors/{flavor_id}"}], + operations=[Operation(method="GET", path="/flavors/{flavor_id}/os-extra_specs/"), Operation(method="POST", path="/flavors"), Operation(method="GET", path="/flavors/detail"), Operation(method="GET", path="/flavors/{flavor_id}"), Operation(method="PUT", path="/flavors/{flavor_id}")], ), base.APIRule( name="os_compute_api:os-flavor-manage:create", check_str=("rule:context_is_admin"), description="Create a flavor", scope_types=["project"], - operations=[{"method": "POST", "path": "/flavors"}], + operations=[Operation(method="POST", path="/flavors")], ), base.APIRule( name="os_compute_api:os-flavor-manage:update", check_str=("rule:context_is_admin"), description="Update a flavor", scope_types=["project"], - operations=[{"method": "PUT", "path": "/flavors/{flavor_id}"}], + operations=[Operation(method="PUT", path="/flavors/{flavor_id}")], ), base.APIRule( name="os_compute_api:os-flavor-manage:delete", check_str=("rule:context_is_admin"), description="Delete a flavor", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/flavors/{flavor_id}"}], + operations=[Operation(method="DELETE", path="/flavors/{flavor_id}")], ), base.APIRule( name="os_compute_api:os-floating-ip-pools", check_str=("@"), description="List floating IP pools. This API is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-floating-ip-pools"}], + operations=[Operation(method="GET", path="/os-floating-ip-pools")], ), base.APIRule( name="os_compute_api:os-floating-ips:add", check_str=("rule:project_member_or_admin"), description="Associate floating IPs to server. This API is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (addFloatingIp)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (addFloatingIp)")], ), base.APIRule( name="os_compute_api:os-floating-ips:remove", check_str=("rule:project_member_or_admin"), description="Disassociate floating IPs to server. This API is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (removeFloatingIp)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (removeFloatingIp)")], ), base.APIRule( name="os_compute_api:os-floating-ips:list", check_str=("rule:project_reader_or_admin"), description="List floating IPs. This API is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-floating-ips"}], + operations=[Operation(method="GET", path="/os-floating-ips")], ), base.APIRule( name="os_compute_api:os-floating-ips:create", check_str=("rule:project_member_or_admin"), description="Create floating IPs. This API is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-floating-ips"}], + operations=[Operation(method="POST", path="/os-floating-ips")], ), base.APIRule( name="os_compute_api:os-floating-ips:show", check_str=("rule:project_reader_or_admin"), description="Show floating IPs. This API is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-floating-ips/{floating_ip_id}"}], + operations=[Operation(method="GET", path="/os-floating-ips/{floating_ip_id}")], ), base.APIRule( name="os_compute_api:os-floating-ips:delete", check_str=("rule:project_member_or_admin"), description="Delete floating IPs. This API is deprecated.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-floating-ips/{floating_ip_id}"}], + operations=[Operation(method="DELETE", path="/os-floating-ips/{floating_ip_id}")], ), base.APIRule( name="os_compute_api:os-hosts:list", check_str=("rule:context_is_admin"), description="List physical hosts.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts"}], + operations=[Operation(method="GET", path="/os-hosts")], ), base.APIRule( name="os_compute_api:os-hosts:show", check_str=("rule:context_is_admin"), description="Show physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts/{host_name}"}], + operations=[Operation(method="GET", path="/os-hosts/{host_name}")], ), base.APIRule( name="os_compute_api:os-hosts:update", check_str=("rule:context_is_admin"), description="Update physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-hosts/{host_name}"}], + operations=[Operation(method="PUT", path="/os-hosts/{host_name}")], ), base.APIRule( name="os_compute_api:os-hosts:reboot", check_str=("rule:context_is_admin"), description="Reboot physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts/{host_name}/reboot"}], + operations=[Operation(method="GET", path="/os-hosts/{host_name}/reboot")], ), base.APIRule( name="os_compute_api:os-hosts:shutdown", check_str=("rule:context_is_admin"), description="Shutdown physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts/{host_name}/shutdown"}], + operations=[Operation(method="GET", path="/os-hosts/{host_name}/shutdown")], ), base.APIRule( name="os_compute_api:os-hosts:start", check_str=("rule:context_is_admin"), description="Start physical host.\n#\n#This API is deprecated in favor of os-hypervisors and os-services.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hosts/{host_name}/startup"}], + operations=[Operation(method="GET", path="/os-hosts/{host_name}/startup")], ), base.APIRule( name="os_compute_api:os-hypervisors:list", check_str=("rule:context_is_admin"), description="List all hypervisors.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors"}], + operations=[Operation(method="GET", path="/os-hypervisors")], ), base.APIRule( name="os_compute_api:os-hypervisors:list-detail", check_str=("rule:context_is_admin"), description="List all hypervisors with details", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/details"}], + operations=[Operation(method="GET", path="/os-hypervisors/details")], ), base.APIRule( name="os_compute_api:os-hypervisors:statistics", check_str=("rule:context_is_admin"), description="Show summary statistics for all hypervisors over all compute nodes.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/statistics"}], + operations=[Operation(method="GET", path="/os-hypervisors/statistics")], ), base.APIRule( name="os_compute_api:os-hypervisors:show", check_str=("rule:context_is_admin"), description="Show details for a hypervisor.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}"}], + operations=[Operation(method="GET", path="/os-hypervisors/{hypervisor_id}")], ), base.APIRule( name="os_compute_api:os-hypervisors:uptime", check_str=("rule:context_is_admin"), description="Show the uptime of a hypervisor.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_id}/uptime"}], + operations=[Operation(method="GET", path="/os-hypervisors/{hypervisor_id}/uptime")], ), base.APIRule( name="os_compute_api:os-hypervisors:search", check_str=("rule:context_is_admin"), description="Search hypervisor by hypervisor_hostname pattern.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/search"}], + operations=[Operation(method="GET", path="/os-hypervisors/{hypervisor_hostname_pattern}/search")], ), base.APIRule( name="os_compute_api:os-hypervisors:servers", check_str=("rule:context_is_admin"), description="List all servers on hypervisors that can match the provided hypervisor_hostname pattern.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-hypervisors/{hypervisor_hostname_pattern}/servers"}], + operations=[Operation(method="GET", path="/os-hypervisors/{hypervisor_hostname_pattern}/servers")], ), base.APIRule( name="os_compute_api:os-instance-actions:events:details", check_str=("rule:context_is_admin"), description="Add \"details\" key in action events for a server.\n#\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.84, new field 'details' is exposed via API which can have more details about\n#event failure. That field is controlled by this policy which is system reader\n#by default. Making the 'details' field visible to the non-admin user helps to\n#understand the nature of the problem (i.e. if the action can be retried),\n#but in the other hand it might leak information about the deployment\n#(e.g. the type of the hypervisor).\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-instance-actions/{request_id}")], ), base.APIRule( name="os_compute_api:os-instance-actions:events", check_str=("rule:context_is_admin"), description="Add events details in action details for a server.\n#This check is performed only after the check\n#os_compute_api:os-instance-actions:show passes. Beginning with Microversion\n#2.51, events details are always included; traceback information is provided\n#per event if policy enforcement passes. Beginning with Microversion 2.62,\n#each event includes a hashed host identifier and, if policy enforcement\n#passes, the name of the host.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-instance-actions/{request_id}")], ), base.APIRule( name="os_compute_api:os-instance-actions:list", check_str=("rule:project_reader_or_admin"), description="List actions for a server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-instance-actions"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-instance-actions")], ), base.APIRule( name="os_compute_api:os-instance-actions:show", check_str=("rule:project_reader_or_admin"), description="Show action details for a server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-instance-actions/{request_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-instance-actions/{request_id}")], ), base.APIRule( name="os_compute_api:os-instance-usage-audit-log:list", check_str=("rule:context_is_admin"), description="List all usage audits.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-instance_usage_audit_log"}], + operations=[Operation(method="GET", path="/os-instance_usage_audit_log")], ), base.APIRule( name="os_compute_api:os-instance-usage-audit-log:show", check_str=("rule:context_is_admin"), description="List all usage audits occurred before a specified time for all servers on all compute hosts where usage auditing is configured", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-instance_usage_audit_log/{before_timestamp}"}], + operations=[Operation(method="GET", path="/os-instance_usage_audit_log/{before_timestamp}")], ), base.APIRule( name="os_compute_api:ips:show", check_str=("rule:project_reader_or_admin"), description="Show IP addresses details for a network label of a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/ips/{network_label}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/ips/{network_label}")], ), base.APIRule( name="os_compute_api:ips:index", check_str=("rule:project_reader_or_admin"), description="List IP addresses that are assigned to a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/ips"}], + operations=[Operation(method="GET", path="/servers/{server_id}/ips")], ), base.APIRule( name="os_compute_api:os-keypairs:index", check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), description="List all keypairs", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-keypairs"}], + operations=[Operation(method="GET", path="/os-keypairs")], ), base.APIRule( name="os_compute_api:os-keypairs:create", check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), description="Create a keypair", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-keypairs"}], + operations=[Operation(method="POST", path="/os-keypairs")], ), base.APIRule( name="os_compute_api:os-keypairs:delete", check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), description="Delete a keypair", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-keypairs/{keypair_name}"}], + operations=[Operation(method="DELETE", path="/os-keypairs/{keypair_name}")], ), base.APIRule( name="os_compute_api:os-keypairs:show", check_str=("(rule:context_is_admin) or user_id:%(user_id)s"), description="Show details of a keypair", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-keypairs/{keypair_name}"}], + operations=[Operation(method="GET", path="/os-keypairs/{keypair_name}")], ), base.APIRule( name="os_compute_api:limits", check_str=("@"), description="Show rate and absolute limits for the current user project", scope_types=["project"], - operations=[{"method": "GET", "path": "/limits"}], + operations=[Operation(method="GET", path="/limits")], ), base.APIRule( name="os_compute_api:limits:other_project", check_str=("rule:context_is_admin"), description="Show rate and absolute limits of other project.\n#\n#This policy only checks if the user has access to the requested\n#project limits. And this check is performed only after the check\n#os_compute_api:limits passes", scope_types=["project"], - operations=[{"method": "GET", "path": "/limits"}], + operations=[Operation(method="GET", path="/limits")], ), base.APIRule( name="os_compute_api:os-lock-server:lock", check_str=("rule:project_member_or_admin"), description="Lock a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (lock)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (lock)")], ), base.APIRule( name="os_compute_api:os-lock-server:unlock", check_str=("rule:project_member_or_admin"), description="Unlock a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unlock)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unlock)")], ), base.APIRule( name="os_compute_api:os-lock-server:unlock:unlock_override", check_str=("rule:context_is_admin"), description="Unlock a server, regardless who locked the server.\n#\n#This check is performed only after the check\n#os_compute_api:os-lock-server:unlock passes", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unlock)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unlock)")], ), base.APIRule( name="os_compute_api:os-migrate-server:migrate", check_str=("rule:context_is_admin"), description="Cold migrate a server to a host", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (migrate)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (migrate)")], ), base.APIRule( name="os_compute_api:os-migrate-server:migrate_live", check_str=("rule:context_is_admin"), description="Live migrate a server to a new host without a reboot", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-migrateLive)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-migrateLive)")], ), base.APIRule( name="os_compute_api:os-migrations:index", check_str=("rule:context_is_admin"), description="List migrations", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-migrations"}], + operations=[Operation(method="GET", path="/os-migrations")], ), base.APIRule( name="os_compute_api:os-multinic:add", check_str=("rule:project_member_or_admin"), description="Add a fixed IP address to a server.\n#\n#This API is proxy calls to the Network service. This is\n#deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (addFixedIp)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (addFixedIp)")], ), base.APIRule( name="os_compute_api:os-multinic:remove", check_str=("rule:project_member_or_admin"), description="Remove a fixed IP address from a server.\n#\n#This API is proxy calls to the Network service. This is\n#deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (removeFixedIp)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (removeFixedIp)")], ), base.APIRule( name="os_compute_api:os-networks:list", check_str=("rule:project_reader_or_admin"), description="List networks for the project.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-networks"}], + operations=[Operation(method="GET", path="/os-networks")], ), base.APIRule( name="os_compute_api:os-networks:show", check_str=("rule:project_reader_or_admin"), description="Show network details.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-networks/{network_id}"}], + operations=[Operation(method="GET", path="/os-networks/{network_id}")], ), base.APIRule( name="os_compute_api:os-pause-server:pause", check_str=("rule:project_member_or_admin"), description="Pause a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (pause)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (pause)")], ), base.APIRule( name="os_compute_api:os-pause-server:unpause", check_str=("rule:project_member_or_admin"), description="Unpause a paused server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unpause)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unpause)")], ), base.APIRule( name="os_compute_api:os-quota-class-sets:show", check_str=("rule:context_is_admin"), description="List quotas for specific quota classs", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-class-sets/{quota_class}"}], + operations=[Operation(method="GET", path="/os-quota-class-sets/{quota_class}")], ), base.APIRule( name="os_compute_api:os-quota-class-sets:update", check_str=("rule:context_is_admin"), description="Update quotas for specific quota class", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-quota-class-sets/{quota_class}"}], + operations=[Operation(method="PUT", path="/os-quota-class-sets/{quota_class}")], ), base.APIRule( name="os_compute_api:os-quota-sets:update", check_str=("rule:context_is_admin"), description="Update the quotas", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-quota-sets/{tenant_id}"}], + operations=[Operation(method="PUT", path="/os-quota-sets/{tenant_id}")], ), base.APIRule( name="os_compute_api:os-quota-sets:defaults", check_str=("@"), description="List default quotas", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/defaults"}], + operations=[Operation(method="GET", path="/os-quota-sets/{tenant_id}/defaults")], ), base.APIRule( name="os_compute_api:os-quota-sets:show", check_str=("rule:project_reader_or_admin"), description="Show a quota", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}"}], + operations=[Operation(method="GET", path="/os-quota-sets/{tenant_id}")], ), base.APIRule( name="os_compute_api:os-quota-sets:delete", check_str=("rule:context_is_admin"), description="Revert quotas to defaults", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-quota-sets/{tenant_id}"}], + operations=[Operation(method="DELETE", path="/os-quota-sets/{tenant_id}")], ), base.APIRule( name="os_compute_api:os-quota-sets:detail", check_str=("rule:project_reader_or_admin"), description="Show the detail of quota", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-quota-sets/{tenant_id}/detail"}], + operations=[Operation(method="GET", path="/os-quota-sets/{tenant_id}/detail")], ), base.APIRule( name="os_compute_api:os-remote-consoles", check_str=("rule:project_member_or_admin"), - description="Generate a URL to access remove server console.\n#\n#This policy is for ``POST /remote-consoles`` API and below Server actions APIs\n#are deprecated:\n#\n#- ``os-getRDPConsole``\n#- ``os-getSerialConsole``\n#- ``os-getSPICEConsole``\n#- ``os-getVNCConsole``.", + description="Generate a URL to access remove server console.\n#\n#This policy is for ``POST /remote-consoles`` API and below Server actions APIs\n#are deprecated:\n#\n#- ``os-getRDPConsole``\n#- ``os-getSerialConsole``\n#- ``os-getSPICEConsole``\n#- ``os-getVNCConsole\".", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-getRDPConsole)"}, {"method": "POST", "path": "/servers/{server_id}/action (os-getSerialConsole)"}, {"method": "POST", "path": "/servers/{server_id}/action (os-getSPICEConsole)"}, {"method": "POST", "path": "/servers/{server_id}/action (os-getVNCConsole)"}, {"method": "POST", "path": "/servers/{server_id}/remote-consoles"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-getRDPConsole)"), Operation(method="POST", path="/servers/{server_id}/action (os-getSerialConsole)"), Operation(method="POST", path="/servers/{server_id}/action (os-getSPICEConsole)"), Operation(method="POST", path="/servers/{server_id}/action (os-getVNCConsole)"), Operation(method="POST", path="/servers/{server_id}/remote-consoles")], ), base.APIRule( name="os_compute_api:os-rescue", check_str=("rule:project_member_or_admin"), description="Rescue a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (rescue)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (rescue)")], ), base.APIRule( name="os_compute_api:os-unrescue", check_str=("rule:project_member_or_admin"), description="Unrescue a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unrescue)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unrescue)")], ), base.APIRule( name="os_compute_api:os-security-groups:get", check_str=("rule:project_reader_or_admin"), description="List security groups. This API is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-security-groups"}], + operations=[Operation(method="GET", path="/os-security-groups")], ), base.APIRule( name="os_compute_api:os-security-groups:show", check_str=("rule:project_reader_or_admin"), description="Show security group. This API is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-security-groups/{security_group_id}"}], + operations=[Operation(method="GET", path="/os-security-groups/{security_group_id}")], ), base.APIRule( name="os_compute_api:os-security-groups:create", check_str=("rule:project_member_or_admin"), description="Create security group. This API is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-security-groups"}], + operations=[Operation(method="POST", path="/os-security-groups")], ), base.APIRule( name="os_compute_api:os-security-groups:update", check_str=("rule:project_member_or_admin"), description="Update security group. This API is deprecated.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-security-groups/{security_group_id}"}], + operations=[Operation(method="PUT", path="/os-security-groups/{security_group_id}")], ), base.APIRule( name="os_compute_api:os-security-groups:delete", check_str=("rule:project_member_or_admin"), description="Delete security group. This API is deprecated.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-security-groups/{security_group_id}"}], + operations=[Operation(method="DELETE", path="/os-security-groups/{security_group_id}")], ), base.APIRule( name="os_compute_api:os-security-groups:rule:create", check_str=("rule:project_member_or_admin"), description="Create security group Rule. This API is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-security-group-rules"}], + operations=[Operation(method="POST", path="/os-security-group-rules")], ), base.APIRule( name="os_compute_api:os-security-groups:rule:delete", check_str=("rule:project_member_or_admin"), description="Delete security group Rule. This API is deprecated.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-security-group-rules/{security_group_id}"}], + operations=[Operation(method="DELETE", path="/os-security-group-rules/{security_group_id}")], ), base.APIRule( name="os_compute_api:os-security-groups:list", check_str=("rule:project_reader_or_admin"), description="List security groups of server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-security-groups"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-security-groups")], ), base.APIRule( name="os_compute_api:os-security-groups:add", check_str=("rule:project_member_or_admin"), description="Add security groups to server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (addSecurityGroup)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (addSecurityGroup)")], ), base.APIRule( name="os_compute_api:os-security-groups:remove", check_str=("rule:project_member_or_admin"), description="Remove security groups from server.", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (removeSecurityGroup)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (removeSecurityGroup)")], ), base.APIRule( name="os_compute_api:os-server-diagnostics", check_str=("rule:context_is_admin"), description="Show the usage data for a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/diagnostics"}], + operations=[Operation(method="GET", path="/servers/{server_id}/diagnostics")], ), base.APIRule( name="os_compute_api:os-server-external-events:create", check_str=("rule:context_is_admin"), description="Create one or more external events", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-server-external-events"}], + operations=[Operation(method="POST", path="/os-server-external-events")], ), base.APIRule( name="os_compute_api:os-server-groups:create", check_str=("rule:project_member_or_admin"), description="Create a new server group", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-server-groups"}], + operations=[Operation(method="POST", path="/os-server-groups")], ), base.APIRule( name="os_compute_api:os-server-groups:delete", check_str=("rule:project_member_or_admin"), description="Delete a server group", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-server-groups/{server_group_id}"}], + operations=[Operation(method="DELETE", path="/os-server-groups/{server_group_id}")], ), base.APIRule( name="os_compute_api:os-server-groups:index", check_str=("rule:project_reader_or_admin"), description="List all server groups", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-server-groups"}], + operations=[Operation(method="GET", path="/os-server-groups")], ), base.APIRule( name="os_compute_api:os-server-groups:index:all_projects", check_str=("rule:context_is_admin"), description="List all server groups for all projects", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-server-groups"}], + operations=[Operation(method="GET", path="/os-server-groups")], ), base.APIRule( name="os_compute_api:os-server-groups:show", check_str=("rule:project_reader_or_admin"), description="Show details of a server group", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-server-groups/{server_group_id}"}], + operations=[Operation(method="GET", path="/os-server-groups/{server_group_id}")], ), base.APIRule( name="os_compute_api:server-metadata:index", check_str=("rule:project_reader_or_admin"), description="List all metadata of a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/metadata"}], + operations=[Operation(method="GET", path="/servers/{server_id}/metadata")], ), base.APIRule( name="os_compute_api:server-metadata:show", check_str=("rule:project_reader_or_admin"), description="Show metadata for a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/metadata/{key}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/metadata/{key}")], ), base.APIRule( name="os_compute_api:server-metadata:create", check_str=("rule:project_member_or_admin"), description="Create metadata for a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/metadata"}], + operations=[Operation(method="POST", path="/servers/{server_id}/metadata")], ), base.APIRule( name="os_compute_api:server-metadata:update_all", check_str=("rule:project_member_or_admin"), description="Replace metadata for a server", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/metadata"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/metadata")], ), base.APIRule( name="os_compute_api:server-metadata:update", check_str=("rule:project_member_or_admin"), description="Update metadata from a server", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/metadata/{key}"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/metadata/{key}")], ), base.APIRule( name="os_compute_api:server-metadata:delete", check_str=("rule:project_member_or_admin"), description="Delete metadata from a server", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/metadata/{key}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/metadata/{key}")], ), base.APIRule( name="os_compute_api:os-server-password:show", check_str=("rule:project_reader_or_admin"), description="Show the encrypted administrative password of a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-server-password"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-server-password")], ), base.APIRule( name="os_compute_api:os-server-password:clear", check_str=("rule:project_member_or_admin"), description="Clear the encrypted administrative password of a server", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/os-server-password"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/os-server-password")], ), base.APIRule( name="os_compute_api:os-server-tags:delete_all", check_str=("rule:project_member_or_admin"), description="Delete all the server tags", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/tags"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/tags")], ), base.APIRule( name="os_compute_api:os-server-tags:index", check_str=("rule:project_reader_or_admin"), description="List all tags for given server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/tags"}], + operations=[Operation(method="GET", path="/servers/{server_id}/tags")], ), base.APIRule( name="os_compute_api:os-server-tags:update_all", check_str=("rule:project_member_or_admin"), description="Replace all tags on specified server with the new set of tags.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/tags"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/tags")], ), base.APIRule( name="os_compute_api:os-server-tags:delete", check_str=("rule:project_member_or_admin"), description="Delete a single tag from the specified server", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/tags/{tag}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/tags/{tag}")], ), base.APIRule( name="os_compute_api:os-server-tags:update", check_str=("rule:project_member_or_admin"), description="Add a single tag to the server if server has no specified tag", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/tags/{tag}"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/tags/{tag}")], ), base.APIRule( name="os_compute_api:os-server-tags:show", check_str=("rule:project_reader_or_admin"), description="Check tag existence on the server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/tags/{tag}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/tags/{tag}")], ), base.APIRule( name="compute:server:topology:index", check_str=("rule:project_reader_or_admin"), description="Show the NUMA topology data for a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/topology"}], + operations=[Operation(method="GET", path="/servers/{server_id}/topology")], ), base.APIRule( name="compute:server:topology:host:index", check_str=("rule:context_is_admin"), description="Show the NUMA topology data for a server with host NUMA ID and CPU pinning information", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/topology"}], + operations=[Operation(method="GET", path="/servers/{server_id}/topology")], ), base.APIRule( name="os_compute_api:servers:index", check_str=("rule:project_reader_or_admin"), description="List all servers", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers"}], + operations=[Operation(method="GET", path="/servers")], ), base.APIRule( name="os_compute_api:servers:detail", check_str=("rule:project_reader_or_admin"), description="List all servers with detailed information", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/detail"}], + operations=[Operation(method="GET", path="/servers/detail")], ), base.APIRule( name="os_compute_api:servers:index:get_all_tenants", check_str=("rule:context_is_admin"), description="List all servers for all projects", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers"}], + operations=[Operation(method="GET", path="/servers")], ), base.APIRule( name="os_compute_api:servers:detail:get_all_tenants", check_str=("rule:context_is_admin"), description="List all servers with detailed information for all projects", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/detail"}], + operations=[Operation(method="GET", path="/servers/detail")], ), base.APIRule( name="os_compute_api:servers:allow_all_filters", check_str=("rule:context_is_admin"), description="Allow all filters when listing servers", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers"}, {"method": "GET", "path": "/servers/detail"}], + operations=[Operation(method="GET", path="/servers"), Operation(method="GET", path="/servers/detail")], ), base.APIRule( name="os_compute_api:servers:show", check_str=("rule:project_reader_or_admin"), description="Show a server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}")], ), base.APIRule( name="os_compute_api:servers:show:flavor-extra-specs", check_str=("rule:project_reader_or_admin"), description="Starting with microversion 2.47, the flavor and its extra specs used for a server is also returned in the response when showing server details, updating a server or rebuilding a server.", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/detail"}, {"method": "GET", "path": "/servers/{server_id}"}, {"method": "PUT", "path": "/servers/{server_id}"}, {"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="GET", path="/servers/detail"), Operation(method="GET", path="/servers/{server_id}"), Operation(method="PUT", path="/servers/{server_id}"), Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:servers:show:host_status", check_str=("rule:context_is_admin"), description="\n#Show a server with additional host status information.\n#\n#This means host_status will be shown irrespective of status value. If showing\n#only host_status UNKNOWN is desired, use the\n#``os_compute_api:servers:show:host_status:unknown-only`` policy rule.\n#\n#Microvision 2.75 added the ``host_status`` attribute in the\n#``PUT /servers/{server_id}`` and ``POST /servers/{server_id}/action (rebuild)``\n#API responses which are also controlled by this policy rule, like the\n#``GET /servers*`` APIs.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}"}, {"method": "GET", "path": "/servers/detail"}, {"method": "PUT", "path": "/servers/{server_id}"}, {"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="GET", path="/servers/{server_id}"), Operation(method="GET", path="/servers/detail"), Operation(method="PUT", path="/servers/{server_id}"), Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:servers:show:host_status:unknown-only", check_str=("rule:context_is_admin"), description="\n#Show a server with additional host status information, only if host status is\n#UNKNOWN.\n#\n#This policy rule will only be enforced when the\n#``os_compute_api:servers:show:host_status`` policy rule does not pass for the\n#request. An example policy configuration could be where the\n#``os_compute_api:servers:show:host_status`` rule is set to allow admin-only and\n#the ``os_compute_api:servers:show:host_status:unknown-only`` rule is set to\n#allow everyone.\n#", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}"}, {"method": "GET", "path": "/servers/detail"}, {"method": "PUT", "path": "/servers/{server_id}"}, {"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="GET", path="/servers/{server_id}"), Operation(method="GET", path="/servers/detail"), Operation(method="PUT", path="/servers/{server_id}"), Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:servers:create", check_str=("rule:project_member_or_admin"), description="Create a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="os_compute_api:servers:create:forced_host", check_str=("rule:context_is_admin"), description="\n#Create a server on the specified host and/or node.\n#\n#In this case, the server is forced to launch on the specified\n#host and/or node by bypassing the scheduler filters unlike the\n#``compute:servers:create:requested_destination`` rule.\n#", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="compute:servers:create:requested_destination", check_str=("rule:context_is_admin"), description="\n#Create a server on the requested compute service host and/or\n#hypervisor_hostname.\n#\n#In this case, the requested host and/or hypervisor_hostname is\n#validated by the scheduler filters unlike the\n#``os_compute_api:servers:create:forced_host`` rule.\n#", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="os_compute_api:servers:create:attach_volume", check_str=("rule:project_member_or_admin"), description="Create a server with the requested volume attached to it", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="os_compute_api:servers:create:attach_network", check_str=("rule:project_member_or_admin"), description="Create a server with the requested network attached to it", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="os_compute_api:servers:create:trusted_certs", check_str=("rule:project_member_or_admin"), description="Create a server with trusted image certificate IDs", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="os_compute_api:servers:create:zero_disk_flavor", check_str=("rule:context_is_admin"), description="\n#This rule controls the compute API validation behavior of creating a server\n#with a flavor that has 0 disk, indicating the server should be volume-backed.\n#\n#For a flavor with disk=0, the root disk will be set to exactly the size of the\n#image used to deploy the instance. However, in this case the filter_scheduler\n#cannot select the compute host based on the virtual image size. Therefore, 0\n#should only be used for volume booted instances or for testing purposes.\n#\n#WARNING: It is a potential security exposure to enable this policy rule\n#if users can upload their own images since repeated attempts to\n#create a disk=0 flavor instance with a large image can exhaust\n#the local disk of the compute (or shared storage cluster). See bug\n#https://bugs.launchpad.net/nova/+bug/1739646 for details.\n#", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}], + operations=[Operation(method="POST", path="/servers")], ), base.APIRule( name="network:attach_external_network", check_str=("rule:context_is_admin"), description="Attach an unshared external network to a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers"}, {"method": "POST", "path": "/servers/{server_id}/os-interface"}], + operations=[Operation(method="POST", path="/servers"), Operation(method="POST", path="/servers/{server_id}/os-interface")], ), base.APIRule( name="os_compute_api:servers:delete", check_str=("rule:project_member_or_admin"), description="Delete a server", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}")], ), base.APIRule( name="os_compute_api:servers:update", check_str=("rule:project_member_or_admin"), description="Update a server", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}"}], + operations=[Operation(method="PUT", path="/servers/{server_id}")], ), base.APIRule( name="os_compute_api:servers:confirm_resize", check_str=("rule:project_member_or_admin"), description="Confirm a server resize", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (confirmResize)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (confirmResize)")], ), base.APIRule( name="os_compute_api:servers:revert_resize", check_str=("rule:project_member_or_admin"), description="Revert a server resize", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (revertResize)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (revertResize)")], ), base.APIRule( name="os_compute_api:servers:reboot", check_str=("rule:project_member_or_admin"), description="Reboot a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (reboot)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (reboot)")], ), base.APIRule( name="os_compute_api:servers:resize", check_str=("rule:project_member_or_admin"), description="Resize a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (resize)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (resize)")], ), base.APIRule( name="compute:servers:resize:cross_cell", check_str=("!"), description="Resize a server across cells. By default, this is disabled for all users and recommended to be tested in a deployment for admin users before opening it up to non-admin users. Resizing within a cell is the default preferred behavior even if this is enabled. ", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (resize)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (resize)")], ), base.APIRule( name="os_compute_api:servers:rebuild", check_str=("rule:project_member_or_admin"), description="Rebuild a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:servers:rebuild:trusted_certs", check_str=("rule:project_member_or_admin"), description="Rebuild a server with trusted image certificate IDs", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (rebuild)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (rebuild)")], ), base.APIRule( name="os_compute_api:servers:create_image", check_str=("rule:project_member_or_admin"), description="Create an image from a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (createImage)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (createImage)")], ), base.APIRule( name="os_compute_api:servers:create_image:allow_volume_backed", check_str=("rule:project_member_or_admin"), description="Create an image from a volume backed server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (createImage)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (createImage)")], ), base.APIRule( name="os_compute_api:servers:start", check_str=("rule:project_member_or_admin"), description="Start a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-start)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-start)")], ), base.APIRule( name="os_compute_api:servers:stop", check_str=("rule:project_member_or_admin"), description="Stop a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (os-stop)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (os-stop)")], ), base.APIRule( name="os_compute_api:servers:trigger_crash_dump", check_str=("rule:project_member_or_admin"), description="Trigger crash dump in a server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (trigger_crash_dump)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (trigger_crash_dump)")], ), base.APIRule( name="os_compute_api:servers:migrations:show", check_str=("rule:context_is_admin"), description="Show details for an in-progress live migration for a given server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/migrations/{migration_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/migrations/{migration_id}")], ), base.APIRule( name="os_compute_api:servers:migrations:force_complete", check_str=("rule:context_is_admin"), description="Force an in-progress live migration for a given server to complete", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/migrations/{migration_id}/action (force_complete)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/migrations/{migration_id}/action (force_complete)")], ), base.APIRule( name="os_compute_api:servers:migrations:delete", check_str=("rule:context_is_admin"), description="Delete(Abort) an in-progress live migration", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/migrations/{migration_id}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/migrations/{migration_id}")], ), base.APIRule( name="os_compute_api:servers:migrations:index", check_str=("rule:context_is_admin"), description="Lists in-progress live migrations for a given server", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/migrations"}], + operations=[Operation(method="GET", path="/servers/{server_id}/migrations")], ), base.APIRule( name="os_compute_api:os-services:list", check_str=("rule:context_is_admin"), description="List all running Compute services in a region.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-services"}], + operations=[Operation(method="GET", path="/os-services")], ), base.APIRule( name="os_compute_api:os-services:update", check_str=("rule:context_is_admin"), description="Update a Compute service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/os-services/{service_id}"}], + operations=[Operation(method="PUT", path="/os-services/{service_id}")], ), base.APIRule( name="os_compute_api:os-services:delete", check_str=("rule:context_is_admin"), description="Delete a Compute service.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-services/{service_id}"}], + operations=[Operation(method="DELETE", path="/os-services/{service_id}")], ), base.APIRule( name="os_compute_api:os-shelve:shelve", check_str=("rule:project_member_or_admin"), description="Shelve server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (shelve)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (shelve)")], ), base.APIRule( name="os_compute_api:os-shelve:unshelve", check_str=("rule:project_member_or_admin"), description="Unshelve (restore) shelved server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unshelve)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unshelve)")], ), base.APIRule( name="os_compute_api:os-shelve:unshelve_to_host", check_str=("rule:context_is_admin"), description="Unshelve (restore) shelve offloaded server to a specific host", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (unshelve)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (unshelve)")], ), base.APIRule( name="os_compute_api:os-shelve:shelve_offload", check_str=("rule:context_is_admin"), description="Shelf-offload (remove) server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (shelveOffload)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (shelveOffload)")], ), base.APIRule( name="os_compute_api:os-simple-tenant-usage:show", check_str=("rule:project_reader_or_admin"), description="Show usage statistics for a specific tenant", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-simple-tenant-usage/{tenant_id}"}], + operations=[Operation(method="GET", path="/os-simple-tenant-usage/{tenant_id}")], ), base.APIRule( name="os_compute_api:os-simple-tenant-usage:list", check_str=("rule:context_is_admin"), description="List per tenant usage statistics for all tenants", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-simple-tenant-usage"}], + operations=[Operation(method="GET", path="/os-simple-tenant-usage")], ), base.APIRule( name="os_compute_api:os-suspend-server:resume", check_str=("rule:project_member_or_admin"), description="Resume suspended server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (resume)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (resume)")], ), base.APIRule( name="os_compute_api:os-suspend-server:suspend", check_str=("rule:project_member_or_admin"), description="Suspend server", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/action (suspend)"}], + operations=[Operation(method="POST", path="/servers/{server_id}/action (suspend)")], ), base.APIRule( name="os_compute_api:os-tenant-networks:list", check_str=("rule:project_reader_api"), description="List project networks.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-tenant-networks"}], + operations=[Operation(method="GET", path="/os-tenant-networks")], ), base.APIRule( name="os_compute_api:os-tenant-networks:show", check_str=("rule:project_reader_api"), description="Show project network details.\n#\n#This API is proxy calls to the Network service. This is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-tenant-networks/{network_id}"}], + operations=[Operation(method="GET", path="/os-tenant-networks/{network_id}")], ), base.APIRule( name="os_compute_api:os-volumes:list", check_str=("rule:project_reader_or_admin"), description="List volumes.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-volumes"}], + operations=[Operation(method="GET", path="/os-volumes")], ), base.APIRule( name="os_compute_api:os-volumes:create", check_str=("rule:project_member_or_admin"), description="Create volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-volumes"}], + operations=[Operation(method="POST", path="/os-volumes")], ), base.APIRule( name="os_compute_api:os-volumes:detail", check_str=("rule:project_reader_or_admin"), description="List volumes detail.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-volumes/detail"}], + operations=[Operation(method="GET", path="/os-volumes/detail")], ), base.APIRule( name="os_compute_api:os-volumes:show", check_str=("rule:project_reader_or_admin"), description="Show volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-volumes/{volume_id}"}], + operations=[Operation(method="GET", path="/os-volumes/{volume_id}")], ), base.APIRule( name="os_compute_api:os-volumes:delete", check_str=("rule:project_member_or_admin"), description="Delete volume.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-volumes/{volume_id}"}], + operations=[Operation(method="DELETE", path="/os-volumes/{volume_id}")], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:list", check_str=("rule:project_reader_or_admin"), description="List snapshots.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-snapshots"}], + operations=[Operation(method="GET", path="/os-snapshots")], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:create", check_str=("rule:project_member_or_admin"), description="Create snapshots.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "POST", "path": "/os-snapshots"}], + operations=[Operation(method="POST", path="/os-snapshots")], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:detail", check_str=("rule:project_reader_or_admin"), description="List snapshots details.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-snapshots/detail"}], + operations=[Operation(method="GET", path="/os-snapshots/detail")], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:show", check_str=("rule:project_reader_or_admin"), description="Show snapshot.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "GET", "path": "/os-snapshots/{snapshot_id}"}], + operations=[Operation(method="GET", path="/os-snapshots/{snapshot_id}")], ), base.APIRule( name="os_compute_api:os-volumes:snapshots:delete", check_str=("rule:project_member_or_admin"), description="Delete snapshot.\n#\n#This API is a proxy call to the Volume service. It is deprecated.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/os-snapshots/{snapshot_id}"}], + operations=[Operation(method="DELETE", path="/os-snapshots/{snapshot_id}")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:index", check_str=("rule:project_reader_or_admin"), description="List volume attachments for an instance", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-volume_attachments")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:create", check_str=("rule:project_member_or_admin"), description="Attach a volume to an instance", scope_types=["project"], - operations=[{"method": "POST", "path": "/servers/{server_id}/os-volume_attachments"}], + operations=[Operation(method="POST", path="/servers/{server_id}/os-volume_attachments")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:show", check_str=("rule:project_reader_or_admin"), description="Show details of a volume attachment", scope_types=["project"], - operations=[{"method": "GET", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}], + operations=[Operation(method="GET", path="/servers/{server_id}/os-volume_attachments/{volume_id}")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:update", check_str=("rule:project_member_or_admin"), description="Update a volume attachment.\n#New 'update' policy about 'swap + update' request (which is possible\n#only >2.85) only is checked. We expect to be\n#always superset of this policy permission.\n#", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/os-volume_attachments/{volume_id}")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:swap", check_str=("rule:context_is_admin"), description="Update a volume attachment with a different volumeId", scope_types=["project"], - operations=[{"method": "PUT", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}], + operations=[Operation(method="PUT", path="/servers/{server_id}/os-volume_attachments/{volume_id}")], ), base.APIRule( name="os_compute_api:os-volumes-attachments:delete", check_str=("rule:project_member_or_admin"), description="Detach a volume from an instance", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/servers/{server_id}/os-volume_attachments/{volume_id}"}], + operations=[Operation(method="DELETE", path="/servers/{server_id}/os-volume_attachments/{volume_id}")], ), ) diff --git a/skyline_apiserver/policy/manager/octavia.py b/skyline_apiserver/policy/manager/octavia.py index 76332e1..a45871d 100644 --- a/skyline_apiserver/policy/manager/octavia.py +++ b/skyline_apiserver/policy/manager/octavia.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -103,553 +105,553 @@ list_rules = ( check_str=("rule:load-balancer:read"), description="List Flavors", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/flavors")], ), base.APIRule( name="os_load-balancer_api:flavor:post", check_str=("rule:load-balancer:admin"), description="Create a Flavor", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2.0/lbaas/flavors"}], + operations=[Operation(method="POST", path="/v2.0/lbaas/flavors")], ), base.APIRule( name="os_load-balancer_api:flavor:put", check_str=("rule:load-balancer:admin"), description="Update a Flavor", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], + operations=[Operation(method="PUT", path="/v2.0/lbaas/flavors/{flavor_id}")], ), base.APIRule( name="os_load-balancer_api:flavor:get_one", check_str=("rule:load-balancer:read"), description="Show Flavor details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/flavors/{flavor_id}")], ), base.APIRule( name="os_load-balancer_api:flavor:delete", check_str=("rule:load-balancer:admin"), description="Remove a Flavor", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavors/{flavor_id}"}], + operations=[Operation(method="DELETE", path="/v2.0/lbaas/flavors/{flavor_id}")], ), base.APIRule( name="os_load-balancer_api:flavor-profile:get_all", check_str=("rule:load-balancer:admin"), description="List Flavor Profiles", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/flavorprofiles"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/flavorprofiles")], ), base.APIRule( name="os_load-balancer_api:flavor-profile:post", check_str=("rule:load-balancer:admin"), description="Create a Flavor Profile", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2.0/lbaas/flavorprofiles"}], + operations=[Operation(method="POST", path="/v2.0/lbaas/flavorprofiles")], ), base.APIRule( name="os_load-balancer_api:flavor-profile:put", check_str=("rule:load-balancer:admin"), description="Update a Flavor Profile", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], + operations=[Operation(method="PUT", path="/v2.0/lbaas/flavorprofiles/{flavor_profile_id}")], ), base.APIRule( name="os_load-balancer_api:flavor-profile:get_one", check_str=("rule:load-balancer:admin"), description="Show Flavor Profile details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/flavorprofiles/{flavor_profile_id}")], ), base.APIRule( name="os_load-balancer_api:flavor-profile:delete", check_str=("rule:load-balancer:admin"), description="Remove a Flavor Profile", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2.0/lbaas/flavorprofiles/{flavor_profile_id}"}], + operations=[Operation(method="DELETE", path="/v2.0/lbaas/flavorprofiles/{flavor_profile_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone:get_all", check_str=("rule:load-balancer:read"), description="List Availability Zones", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/availabilityzones")], ), base.APIRule( name="os_load-balancer_api:availability-zone:post", check_str=("rule:load-balancer:admin"), description="Create an Availability Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2.0/lbaas/availabilityzones"}], + operations=[Operation(method="POST", path="/v2.0/lbaas/availabilityzones")], ), base.APIRule( name="os_load-balancer_api:availability-zone:put", check_str=("rule:load-balancer:admin"), description="Update an Availability Zone", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], + operations=[Operation(method="PUT", path="/v2.0/lbaas/availabilityzones/{availability_zone_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone:get_one", check_str=("rule:load-balancer:read"), description="Show Availability Zone details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/availabilityzones/{availability_zone_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone:delete", check_str=("rule:load-balancer:admin"), description="Remove an Availability Zone", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzones/{availability_zone_id}"}], + operations=[Operation(method="DELETE", path="/v2.0/lbaas/availabilityzones/{availability_zone_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:get_all", check_str=("rule:load-balancer:admin"), description="List Availability Zones", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/availabilityzoneprofiles")], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:post", check_str=("rule:load-balancer:admin"), description="Create an Availability Zone", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2.0/lbaas/availabilityzoneprofiles"}], + operations=[Operation(method="POST", path="/v2.0/lbaas/availabilityzoneprofiles")], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:put", check_str=("rule:load-balancer:admin"), description="Update an Availability Zone", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], + operations=[Operation(method="PUT", path="/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:get_one", check_str=("rule:load-balancer:admin"), description="Show Availability Zone details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], + operations=[Operation(method="GET", path="/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}")], ), base.APIRule( name="os_load-balancer_api:availability-zone-profile:delete", check_str=("rule:load-balancer:admin"), description="Remove an Availability Zone", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}"}], + operations=[Operation(method="DELETE", path="/v2.0/lbaas/availabilityzoneprofiles/{availability_zone_profile_id}")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:get_all", check_str=("rule:load-balancer:read"), description="List Health Monitors of a Pool", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}], + operations=[Operation(method="GET", path="/v2/lbaas/healthmonitors")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:get_all-global", check_str=("rule:load-balancer:read-global"), description="List Health Monitors including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors"}], + operations=[Operation(method="GET", path="/v2/lbaas/healthmonitors")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:post", check_str=("rule:load-balancer:write"), description="Create a Health Monitor", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/healthmonitors"}], + operations=[Operation(method="POST", path="/v2/lbaas/healthmonitors")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:get_one", check_str=("rule:load-balancer:read"), description="Show Health Monitor details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/healthmonitors/{healthmonitor_id}")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:put", check_str=("rule:load-balancer:write"), description="Update a Health Monitor", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/healthmonitors/{healthmonitor_id}")], ), base.APIRule( name="os_load-balancer_api:healthmonitor:delete", check_str=("rule:load-balancer:write"), description="Remove a Health Monitor", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/healthmonitors/{healthmonitor_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/healthmonitors/{healthmonitor_id}")], ), base.APIRule( name="os_load-balancer_api:l7policy:get_all", check_str=("rule:load-balancer:read"), description="List L7 Policys", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}], + operations=[Operation(method="GET", path="/v2/lbaas/l7policies")], ), base.APIRule( name="os_load-balancer_api:l7policy:get_all-global", check_str=("rule:load-balancer:read-global"), description="List L7 Policys including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/l7policies"}], + operations=[Operation(method="GET", path="/v2/lbaas/l7policies")], ), base.APIRule( name="os_load-balancer_api:l7policy:post", check_str=("rule:load-balancer:write"), description="Create a L7 Policy", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/l7policies"}], + operations=[Operation(method="POST", path="/v2/lbaas/l7policies")], ), base.APIRule( name="os_load-balancer_api:l7policy:get_one", check_str=("rule:load-balancer:read"), description="Show L7 Policy details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/l7policies/{l7policy_id}")], ), base.APIRule( name="os_load-balancer_api:l7policy:put", check_str=("rule:load-balancer:write"), description="Update a L7 Policy", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/l7policies/{l7policy_id}")], ), base.APIRule( name="os_load-balancer_api:l7policy:delete", check_str=("rule:load-balancer:write"), description="Remove a L7 Policy", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/l7policies/{l7policy_id}")], ), base.APIRule( name="os_load-balancer_api:l7rule:get_all", check_str=("rule:load-balancer:read"), description="List L7 Rules", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], + operations=[Operation(method="GET", path="/v2/lbaas/l7policies/{l7policy_id}/rules")], ), base.APIRule( name="os_load-balancer_api:l7rule:post", check_str=("rule:load-balancer:write"), description="Create a L7 Rule", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules"}], + operations=[Operation(method="POST", path="/v2/lbaas/l7policies/{l7policy_id}/rules")], ), base.APIRule( name="os_load-balancer_api:l7rule:get_one", check_str=("rule:load-balancer:read"), description="Show L7 Rule details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}")], ), base.APIRule( name="os_load-balancer_api:l7rule:put", check_str=("rule:load-balancer:write"), description="Update a L7 Rule", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}")], ), base.APIRule( name="os_load-balancer_api:l7rule:delete", check_str=("rule:load-balancer:write"), description="Remove a L7 Rule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/l7policies/{l7policy_id}/rules/{l7rule_id}")], ), base.APIRule( name="os_load-balancer_api:listener:get_all", check_str=("rule:load-balancer:read"), description="List Listeners", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}], + operations=[Operation(method="GET", path="/v2/lbaas/listeners")], ), base.APIRule( name="os_load-balancer_api:listener:get_all-global", check_str=("rule:load-balancer:read-global"), description="List Listeners including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/listeners"}], + operations=[Operation(method="GET", path="/v2/lbaas/listeners")], ), base.APIRule( name="os_load-balancer_api:listener:post", check_str=("rule:load-balancer:write"), description="Create a Listener", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/listeners"}], + operations=[Operation(method="POST", path="/v2/lbaas/listeners")], ), base.APIRule( name="os_load-balancer_api:listener:get_one", check_str=("rule:load-balancer:read"), description="Show Listener details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/listeners/{listener_id}")], ), base.APIRule( name="os_load-balancer_api:listener:put", check_str=("rule:load-balancer:write"), description="Update a Listener", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/listeners/{listener_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/listeners/{listener_id}")], ), base.APIRule( name="os_load-balancer_api:listener:delete", check_str=("rule:load-balancer:write"), description="Remove a Listener", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/listeners/{listener_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/listeners/{listener_id}")], ), base.APIRule( name="os_load-balancer_api:listener:get_stats", check_str=("rule:load-balancer:read"), description="Show Listener statistics", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/listeners/{listener_id}/stats"}], + operations=[Operation(method="GET", path="/v2/lbaas/listeners/{listener_id}/stats")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_all", check_str=("rule:load-balancer:read"), description="List Load Balancers", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}], + operations=[Operation(method="GET", path="/v2/lbaas/loadbalancers")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_all-global", check_str=("rule:load-balancer:read-global"), description="List Load Balancers including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers"}], + operations=[Operation(method="GET", path="/v2/lbaas/loadbalancers")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:post", check_str=("rule:load-balancer:write"), description="Create a Load Balancer", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/loadbalancers"}], + operations=[Operation(method="POST", path="/v2/lbaas/loadbalancers")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_one", check_str=("rule:load-balancer:read"), description="Show Load Balancer details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/loadbalancers/{loadbalancer_id}")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:put", check_str=("rule:load-balancer:write"), description="Update a Load Balancer", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/loadbalancers/{loadbalancer_id}")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:delete", check_str=("rule:load-balancer:write"), description="Remove a Load Balancer", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/loadbalancers/{loadbalancer_id}")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_stats", check_str=("rule:load-balancer:read"), description="Show Load Balancer statistics", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/stats"}], + operations=[Operation(method="GET", path="/v2/lbaas/loadbalancers/{loadbalancer_id}/stats")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:get_status", check_str=("rule:load-balancer:read"), description="Show Load Balancer status", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/status"}], + operations=[Operation(method="GET", path="/v2/lbaas/loadbalancers/{loadbalancer_id}/status")], ), base.APIRule( name="os_load-balancer_api:loadbalancer:put_failover", check_str=("rule:load-balancer:admin"), description="Failover a Load Balancer", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/loadbalancers/{loadbalancer_id}/failover"}], + operations=[Operation(method="PUT", path="/v2/lbaas/loadbalancers/{loadbalancer_id}/failover")], ), base.APIRule( name="os_load-balancer_api:member:get_all", check_str=("rule:load-balancer:read"), description="List Members of a Pool", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members"}], + operations=[Operation(method="GET", path="/v2/lbaas/pools/{pool_id}/members")], ), base.APIRule( name="os_load-balancer_api:member:post", check_str=("rule:load-balancer:write"), description="Create a Member", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/pools/{pool_id}/members"}], + operations=[Operation(method="POST", path="/v2/lbaas/pools/{pool_id}/members")], ), base.APIRule( name="os_load-balancer_api:member:get_one", check_str=("rule:load-balancer:read"), description="Show Member details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/pools/{pool_id}/members/{member_id}")], ), base.APIRule( name="os_load-balancer_api:member:put", check_str=("rule:load-balancer:write"), description="Update a Member", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/pools/{pool_id}/members/{member_id}")], ), base.APIRule( name="os_load-balancer_api:member:delete", check_str=("rule:load-balancer:write"), description="Remove a Member", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}/members/{member_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/pools/{pool_id}/members/{member_id}")], ), base.APIRule( name="os_load-balancer_api:pool:get_all", check_str=("rule:load-balancer:read"), description="List Pools", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/pools"}], + operations=[Operation(method="GET", path="/v2/lbaas/pools")], ), base.APIRule( name="os_load-balancer_api:pool:get_all-global", check_str=("rule:load-balancer:read-global"), description="List Pools including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/pools"}], + operations=[Operation(method="GET", path="/v2/lbaas/pools")], ), base.APIRule( name="os_load-balancer_api:pool:post", check_str=("rule:load-balancer:write"), description="Create a Pool", scope_types=["project"], - operations=[{"method": "POST", "path": "/v2/lbaas/pools"}], + operations=[Operation(method="POST", path="/v2/lbaas/pools")], ), base.APIRule( name="os_load-balancer_api:pool:get_one", check_str=("rule:load-balancer:read"), description="Show Pool details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/pools/{pool_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/pools/{pool_id}")], ), base.APIRule( name="os_load-balancer_api:pool:put", check_str=("rule:load-balancer:write"), description="Update a Pool", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/pools/{pool_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/pools/{pool_id}")], ), base.APIRule( name="os_load-balancer_api:pool:delete", check_str=("rule:load-balancer:write"), description="Remove a Pool", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/pools/{pool_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/pools/{pool_id}")], ), base.APIRule( name="os_load-balancer_api:provider:get_all", check_str=("rule:load-balancer:read"), description="List enabled providers", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/providers"}], + operations=[Operation(method="GET", path="/v2/lbaas/providers")], ), base.APIRule( name="os_load-balancer_api:quota:get_all", check_str=("rule:load-balancer:read-quota"), description="List Quotas", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}], + operations=[Operation(method="GET", path="/v2/lbaas/quotas")], ), base.APIRule( name="os_load-balancer_api:quota:get_all-global", check_str=("rule:load-balancer:read-quota-global"), description="List Quotas including resources owned by others", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/quotas"}], + operations=[Operation(method="GET", path="/v2/lbaas/quotas")], ), base.APIRule( name="os_load-balancer_api:quota:get_one", check_str=("rule:load-balancer:read-quota"), description="Show Quota details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}"}], + operations=[Operation(method="GET", path="/v2/lbaas/quotas/{project_id}")], ), base.APIRule( name="os_load-balancer_api:quota:put", check_str=("rule:load-balancer:write-quota"), description="Update a Quota", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/lbaas/quotas/{project_id}"}], + operations=[Operation(method="PUT", path="/v2/lbaas/quotas/{project_id}")], ), base.APIRule( name="os_load-balancer_api:quota:delete", check_str=("rule:load-balancer:write-quota"), description="Reset a Quota", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/lbaas/quotas/{project_id}"}], + operations=[Operation(method="DELETE", path="/v2/lbaas/quotas/{project_id}")], ), base.APIRule( name="os_load-balancer_api:quota:get_defaults", check_str=("rule:load-balancer:read-quota"), description="Show Default Quota for a Project", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/quotas/{project_id}/default"}], + operations=[Operation(method="GET", path="/v2/lbaas/quotas/{project_id}/default")], ), base.APIRule( name="os_load-balancer_api:amphora:get_all", check_str=("rule:load-balancer:admin"), description="List Amphorae", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/octavia/amphorae"}], + operations=[Operation(method="GET", path="/v2/octavia/amphorae")], ), base.APIRule( name="os_load-balancer_api:amphora:get_one", check_str=("rule:load-balancer:admin"), description="Show Amphora details", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/octavia/amphorae/{amphora_id}"}], + operations=[Operation(method="GET", path="/v2/octavia/amphorae/{amphora_id}")], ), base.APIRule( name="os_load-balancer_api:amphora:delete", check_str=("rule:load-balancer:admin"), description="Delete an Amphora", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v2/octavia/amphorae/{amphora_id}"}], + operations=[Operation(method="DELETE", path="/v2/octavia/amphorae/{amphora_id}")], ), base.APIRule( name="os_load-balancer_api:amphora:put_config", check_str=("rule:load-balancer:admin"), description="Update Amphora Agent Configuration", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/octavia/amphorae/{amphora_id}/config"}], + operations=[Operation(method="PUT", path="/v2/octavia/amphorae/{amphora_id}/config")], ), base.APIRule( name="os_load-balancer_api:amphora:put_failover", check_str=("rule:load-balancer:admin"), description="Failover Amphora", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v2/octavia/amphorae/{amphora_id}/failover"}], + operations=[Operation(method="PUT", path="/v2/octavia/amphorae/{amphora_id}/failover")], ), base.APIRule( name="os_load-balancer_api:amphora:get_stats", check_str=("rule:load-balancer:admin"), description="Show Amphora statistics", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/octavia/amphorae/{amphora_id}/stats"}], + operations=[Operation(method="GET", path="/v2/octavia/amphorae/{amphora_id}/stats")], ), base.APIRule( name="os_load-balancer_api:provider-flavor:get_all", check_str=("rule:load-balancer:admin"), description="List the provider flavor capabilities.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/flavor_capabilities"}], + operations=[Operation(method="GET", path="/v2/lbaas/providers/{provider}/flavor_capabilities")], ), base.APIRule( name="os_load-balancer_api:provider-availability-zone:get_all", check_str=("rule:load-balancer:admin"), description="List the provider availability zone capabilities.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v2/lbaas/providers/{provider}/availability_zone_capabilities"}], + operations=[Operation(method="GET", path="/v2/lbaas/providers/{provider}/availability_zone_capabilities")], ), ) diff --git a/skyline_apiserver/policy/manager/placement.py b/skyline_apiserver/policy/manager/placement.py index 0b43e11..edd588d 100644 --- a/skyline_apiserver/policy/manager/placement.py +++ b/skyline_apiserver/policy/manager/placement.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -48,231 +50,231 @@ list_rules = ( check_str=("rule:system_reader_api"), description="List resource providers.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers"}], + operations=[Operation(method="GET", path="/resource_providers")], ), base.APIRule( name="placement:resource_providers:create", check_str=("rule:system_admin_api"), description="Create resource provider.", scope_types=["system"], - operations=[{"method": "POST", "path": "/resource_providers"}], + operations=[Operation(method="POST", path="/resource_providers")], ), base.APIRule( name="placement:resource_providers:show", check_str=("rule:system_reader_api"), description="Show resource provider.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}")], ), base.APIRule( name="placement:resource_providers:update", check_str=("rule:system_admin_api"), description="Update resource provider.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/resource_providers/{uuid}"}], + operations=[Operation(method="PUT", path="/resource_providers/{uuid}")], ), base.APIRule( name="placement:resource_providers:delete", check_str=("rule:system_admin_api"), description="Delete resource provider.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}"}], + operations=[Operation(method="DELETE", path="/resource_providers/{uuid}")], ), base.APIRule( name="placement:resource_classes:list", check_str=("rule:system_reader_api"), description="List resource classes.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_classes"}], + operations=[Operation(method="GET", path="/resource_classes")], ), base.APIRule( name="placement:resource_classes:create", check_str=("rule:system_admin_api"), description="Create resource class.", scope_types=["system"], - operations=[{"method": "POST", "path": "/resource_classes"}], + operations=[Operation(method="POST", path="/resource_classes")], ), base.APIRule( name="placement:resource_classes:show", check_str=("rule:system_reader_api"), description="Show resource class.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_classes/{name}"}], + operations=[Operation(method="GET", path="/resource_classes/{name}")], ), base.APIRule( name="placement:resource_classes:update", check_str=("rule:system_admin_api"), description="Update resource class.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/resource_classes/{name}"}], + operations=[Operation(method="PUT", path="/resource_classes/{name}")], ), base.APIRule( name="placement:resource_classes:delete", check_str=("rule:system_admin_api"), description="Delete resource class.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/resource_classes/{name}"}], + operations=[Operation(method="DELETE", path="/resource_classes/{name}")], ), base.APIRule( name="placement:resource_providers:inventories:list", check_str=("rule:system_reader_api"), description="List resource provider inventories.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/inventories")], ), base.APIRule( name="placement:resource_providers:inventories:create", check_str=("rule:system_admin_api"), description="Create one resource provider inventory.", scope_types=["system"], - operations=[{"method": "POST", "path": "/resource_providers/{uuid}/inventories"}], + operations=[Operation(method="POST", path="/resource_providers/{uuid}/inventories")], ), base.APIRule( name="placement:resource_providers:inventories:show", check_str=("rule:system_reader_api"), description="Show resource provider inventory.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/inventories/{resource_class}")], ), base.APIRule( name="placement:resource_providers:inventories:update", check_str=("rule:system_admin_api"), description="Update resource provider inventory.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/inventories"}, {"method": "PUT", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], + operations=[Operation(method="PUT", path="/resource_providers/{uuid}/inventories"), Operation(method="PUT", path="/resource_providers/{uuid}/inventories/{resource_class}")], ), base.APIRule( name="placement:resource_providers:inventories:delete", check_str=("rule:system_admin_api"), description="Delete resource provider inventory.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/inventories"}, {"method": "DELETE", "path": "/resource_providers/{uuid}/inventories/{resource_class}"}], + operations=[Operation(method="DELETE", path="/resource_providers/{uuid}/inventories"), Operation(method="DELETE", path="/resource_providers/{uuid}/inventories/{resource_class}")], ), base.APIRule( name="placement:resource_providers:aggregates:list", check_str=("rule:system_reader_api"), description="List resource provider aggregates.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/aggregates"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/aggregates")], ), base.APIRule( name="placement:resource_providers:aggregates:update", check_str=("rule:system_admin_api"), description="Update resource provider aggregates.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/aggregates"}], + operations=[Operation(method="PUT", path="/resource_providers/{uuid}/aggregates")], ), base.APIRule( name="placement:resource_providers:usages", check_str=("rule:system_reader_api"), description="List resource provider usages.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/usages"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/usages")], ), base.APIRule( name="placement:usages", check_str=("rule:system_or_project_reader"), description="List total resource usages for a given project.", scope_types=["system", "project"], - operations=[{"method": "GET", "path": "/usages"}], + operations=[Operation(method="GET", path="/usages")], ), base.APIRule( name="placement:traits:list", check_str=("rule:system_reader_api"), description="List traits.", scope_types=["system"], - operations=[{"method": "GET", "path": "/traits"}], + operations=[Operation(method="GET", path="/traits")], ), base.APIRule( name="placement:traits:show", check_str=("rule:system_reader_api"), description="Show trait.", scope_types=["system"], - operations=[{"method": "GET", "path": "/traits/{name}"}], + operations=[Operation(method="GET", path="/traits/{name}")], ), base.APIRule( name="placement:traits:update", check_str=("rule:system_admin_api"), description="Update trait.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/traits/{name}"}], + operations=[Operation(method="PUT", path="/traits/{name}")], ), base.APIRule( name="placement:traits:delete", check_str=("rule:system_admin_api"), description="Delete trait.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/traits/{name}"}], + operations=[Operation(method="DELETE", path="/traits/{name}")], ), base.APIRule( name="placement:resource_providers:traits:list", check_str=("rule:system_reader_api"), description="List resource provider traits.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/traits"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/traits")], ), base.APIRule( name="placement:resource_providers:traits:update", check_str=("rule:system_admin_api"), description="Update resource provider traits.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/resource_providers/{uuid}/traits"}], + operations=[Operation(method="PUT", path="/resource_providers/{uuid}/traits")], ), base.APIRule( name="placement:resource_providers:traits:delete", check_str=("rule:system_admin_api"), description="Delete resource provider traits.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/resource_providers/{uuid}/traits"}], + operations=[Operation(method="DELETE", path="/resource_providers/{uuid}/traits")], ), base.APIRule( name="placement:allocations:manage", check_str=("rule:system_admin_api"), description="Manage allocations.", scope_types=["system"], - operations=[{"method": "POST", "path": "/allocations"}], + operations=[Operation(method="POST", path="/allocations")], ), base.APIRule( name="placement:allocations:list", check_str=("rule:system_reader_api"), description="List allocations.", scope_types=["system"], - operations=[{"method": "GET", "path": "/allocations/{consumer_uuid}"}], + operations=[Operation(method="GET", path="/allocations/{consumer_uuid}")], ), base.APIRule( name="placement:allocations:update", check_str=("rule:system_admin_api"), description="Update allocations.", scope_types=["system"], - operations=[{"method": "PUT", "path": "/allocations/{consumer_uuid}"}], + operations=[Operation(method="PUT", path="/allocations/{consumer_uuid}")], ), base.APIRule( name="placement:allocations:delete", check_str=("rule:system_admin_api"), description="Delete allocations.", scope_types=["system"], - operations=[{"method": "DELETE", "path": "/allocations/{consumer_uuid}"}], + operations=[Operation(method="DELETE", path="/allocations/{consumer_uuid}")], ), base.APIRule( name="placement:resource_providers:allocations:list", check_str=("rule:system_reader_api"), description="List resource provider allocations.", scope_types=["system"], - operations=[{"method": "GET", "path": "/resource_providers/{uuid}/allocations"}], + operations=[Operation(method="GET", path="/resource_providers/{uuid}/allocations")], ), base.APIRule( name="placement:allocation_candidates:list", check_str=("rule:system_reader_api"), description="List allocation candidates.", scope_types=["system"], - operations=[{"method": "GET", "path": "/allocation_candidates"}], + operations=[Operation(method="GET", path="/allocation_candidates")], ), base.APIRule( name="placement:reshaper:reshape", check_str=("rule:system_admin_api"), description="Reshape Inventory and Allocations.", scope_types=["system"], - operations=[{"method": "POST", "path": "/reshaper"}], + operations=[Operation(method="POST", path="/reshaper")], ), ) diff --git a/skyline_apiserver/policy/manager/trove.py b/skyline_apiserver/policy/manager/trove.py index 8147ece..8062f33 100644 --- a/skyline_apiserver/policy/manager/trove.py +++ b/skyline_apiserver/policy/manager/trove.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -38,588 +40,588 @@ list_rules = ( check_str=("rule:admin_or_owner"), description="Create a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:delete", check_str=("rule:admin_or_owner"), description="Delete a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}")], ), base.APIRule( name="instance:force_delete", check_str=("rule:admin_or_owner"), description="Forcibly delete a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}")], ), base.APIRule( name="instance:index", check_str=("rule:admin_or_owner"), description="List database instances.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:detail", check_str=("rule:admin_or_owner"), description="List database instances with details.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/detail"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/detail")], ), base.APIRule( name="instance:show", check_str=("rule:admin_or_owner"), description="Get details of a specific database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}")], ), base.APIRule( name="instance:update", check_str=("rule:admin_or_owner"), description="Update a database instance to attach/detach configuration", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/instances/{instance_id}"), Operation(method="POST", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:edit", check_str=("rule:admin_or_owner"), description="Updates the instance to set or unset one or more attributes.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/instances/{instance_id}"}], + operations=[Operation(method="PATCH", path="/v1.0/{account_id}/instances/{instance_id}")], ), base.APIRule( name="instance:restart", check_str=("rule:admin_or_owner"), description="Restart a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (restart)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (restart)")], ), base.APIRule( name="instance:resize_volume", check_str=("rule:admin_or_owner"), description="Resize a database instance volume.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (resize)")], ), base.APIRule( name="instance:resize_flavor", check_str=("rule:admin_or_owner"), description="Resize a database instance flavor.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (resize)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (resize)")], ), base.APIRule( name="instance:reset_status", check_str=("rule:admin"), description="Reset the status of a database instance to ERROR.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (reset_status)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (reset_status)")], ), base.APIRule( name="instance:promote_to_replica_source", check_str=("rule:admin_or_owner"), description="Promote instance to replica source.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)")], ), base.APIRule( name="instance:eject_replica_source", check_str=("rule:admin_or_owner"), description="Eject the replica source from its replica set.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)")], ), base.APIRule( name="instance:configuration", check_str=("rule:admin_or_owner"), description="Get the default configuration template applied to the instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/configuration"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/configuration")], ), base.APIRule( name="instance:guest_log_list", check_str=("rule:admin_or_owner"), description="Get all informations about all logs of a database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/log"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/log")], ), base.APIRule( name="instance:backups", check_str=("rule:admin_or_owner"), description="Get all backups of a database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/backups"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/backups")], ), base.APIRule( name="instance:module_list", check_str=("rule:admin_or_owner"), description="Get informations about modules on a database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/modules")], ), base.APIRule( name="instance:module_apply", check_str=("rule:admin_or_owner"), description="Apply modules to a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/modules"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/modules"), Operation(method="POST", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:module_remove", check_str=("rule:admin_or_owner"), description="Remove a module from a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}")], ), base.APIRule( name="instance:extension:root:create", check_str=("rule:admin_or_owner"), description="Enable the root user of a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/root")], ), base.APIRule( name="instance:extension:root:delete", check_str=("rule:admin_or_owner"), description="Disable the root user of a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}/root")], ), base.APIRule( name="instance:extension:root:index", check_str=("rule:admin_or_owner"), description="Show whether the root user of a database instance has been ever enabled.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/root"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/root")], ), base.APIRule( name="cluster:extension:root:create", check_str=("rule:admin_or_owner"), description="Enable the root user of the instances in a cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/clusters/{cluster}/root")], ), base.APIRule( name="cluster:extension:root:delete", check_str=("rule:admin_or_owner"), description="Enable the root user of the instances in a cluster.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/clusters/{cluster}/root")], ), base.APIRule( name="cluster:extension:root:index", check_str=("rule:admin_or_owner"), description="Disable the root of the instances in a cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/root"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/clusters/{cluster}/root")], ), base.APIRule( name="instance:extension:user:create", check_str=("rule:admin_or_owner"), description="Create users for a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/users"), Operation(method="POST", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:extension:user:delete", check_str=("rule:admin_or_owner"), description="Delete a user from a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}")], ), base.APIRule( name="instance:extension:user:index", check_str=("rule:admin_or_owner"), description="Get all users of a database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/users")], ), base.APIRule( name="instance:extension:user:show", check_str=("rule:admin_or_owner"), description="Get the information of a single user of a database instance.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}")], ), base.APIRule( name="instance:extension:user:update", check_str=("rule:admin_or_owner"), description="Update attributes for a user of a database instance.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}")], ), base.APIRule( name="instance:extension:user:update_all", check_str=("rule:admin_or_owner"), description="Update the password for one or more users a database instance.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/instances/{instance_id}/users")], ), base.APIRule( name="instance:extension:user_access:update", check_str=("rule:admin_or_owner"), description="Grant access for a user to one or more databases.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases")], ), base.APIRule( name="instance:extension:user_access:delete", check_str=("rule:admin_or_owner"), description="Revoke access for a user to a databases.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}")], ), base.APIRule( name="instance:extension:user_access:index", check_str=("rule:admin_or_owner"), description="Get permissions of a user", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases")], ), base.APIRule( name="instance:extension:database:create", check_str=("rule:admin_or_owner"), description="Create a set of Schemas", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}, {"method": "POST", "path": "/v1.0/{account_id}/instances"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/instances/{instance_id}/databases"), Operation(method="POST", path="/v1.0/{account_id}/instances")], ), base.APIRule( name="instance:extension:database:delete", check_str=("rule:admin_or_owner"), description="Delete a schema from a database.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/instances/{instance_id}/databases/{database}")], ), base.APIRule( name="instance:extension:database:index", check_str=("rule:admin_or_owner"), description="List all schemas from a database.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/databases"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/databases")], ), base.APIRule( name="instance:extension:database:show", check_str=("rule:admin_or_owner"), description="Get informations of a schema(Currently Not Implemented).", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/instances/{instance_id}/databases/{database}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/instances/{instance_id}/databases/{database}")], ), base.APIRule( name="cluster:create", check_str=("rule:admin_or_owner"), description="Create a cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/clusters")], ), base.APIRule( name="cluster:delete", check_str=("rule:admin_or_owner"), description="Delete a cluster.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/clusters/{cluster}")], ), base.APIRule( name="cluster:force_delete", check_str=("rule:admin_or_owner"), description="Forcibly delete a cluster.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/clusters/{cluster} (reset-status)")], ), base.APIRule( name="cluster:index", check_str=("rule:admin_or_owner"), description="List all clusters", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/clusters")], ), base.APIRule( name="cluster:show", check_str=("rule:admin_or_owner"), description="Get informations of a cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/clusters/{cluster}")], ), base.APIRule( name="cluster:show_instance", check_str=("rule:admin_or_owner"), description="Get informations of a instance in a cluster.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/clusters/{cluster}/instances/{instance}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/clusters/{cluster}/instances/{instance}")], ), base.APIRule( name="cluster:action", check_str=("rule:admin_or_owner"), description="Commit an action against a cluster", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster}"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/clusters/{cluster}")], ), base.APIRule( name="cluster:reset-status", check_str=("rule:admin"), description="Reset the status of a cluster to NONE.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/clusters/{cluster} (reset-status)"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/clusters/{cluster} (reset-status)")], ), base.APIRule( name="backup:create", check_str=("rule:admin_or_owner"), description="Create a backup of a database instance.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/backups"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/backups")], ), base.APIRule( name="backup:delete", check_str=("rule:admin_or_owner"), description="Delete a backup of a database instance.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backups/{backup}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/backups/{backup}")], ), base.APIRule( name="backup:index", check_str=("rule:admin_or_owner"), description="List all backups.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/backups")], ), base.APIRule( name="backup:index:all_projects", check_str=("role:admin"), description="List backups for all the projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/backups")], ), base.APIRule( name="backup:show", check_str=("rule:admin_or_owner"), description="Get informations of a backup.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/backups/{backup}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/backups/{backup}")], ), base.APIRule( name="backup_strategy:create", check_str=("rule:admin_or_owner"), description="Create a backup strategy.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/backup_strategies"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/backup_strategies")], ), base.APIRule( name="backup_strategy:index", check_str=("rule:admin_or_owner"), description="List all backup strategies.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/backup_strategies"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/backup_strategies")], ), base.APIRule( name="backup_strategy:delete", check_str=("rule:admin_or_owner"), description="Delete backup strategies.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/backup_strategies"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/backup_strategies")], ), base.APIRule( name="configuration:create", check_str=("rule:admin_or_owner"), description="Create a configuration group.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/configurations"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/configurations")], ), base.APIRule( name="configuration:delete", check_str=("rule:admin_or_owner"), description="Delete a configuration group.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/configurations/{config}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/configurations/{config}")], ), base.APIRule( name="configuration:index", check_str=("rule:admin_or_owner"), description="List all configuration groups.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/configurations")], ), base.APIRule( name="configuration:show", check_str=("rule:admin_or_owner"), description="Get informations of a configuration group.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/configurations/{config}")], ), base.APIRule( name="configuration:instances", check_str=("rule:admin_or_owner"), description="List all instances which a configuration group has be assigned to.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/configurations/{config}/instances"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/configurations/{config}/instances")], ), base.APIRule( name="configuration:update", check_str=("rule:admin_or_owner"), description="Update a configuration group(the configuration group will be replaced completely).", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/configurations/{config}"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/configurations/{config}")], ), base.APIRule( name="configuration:edit", check_str=("rule:admin_or_owner"), description="Patch a configuration group.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1.0/{account_id}/configurations/{config}"}], + operations=[Operation(method="PATCH", path="/v1.0/{account_id}/configurations/{config}")], ), base.APIRule( name="configuration-parameter:index", check_str=("rule:admin_or_owner"), description="List all parameters bind to a datastore version.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters")], ), base.APIRule( name="configuration-parameter:show", check_str=("rule:admin_or_owner"), description="Get a paramter of a datastore version.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}")], ), base.APIRule( name="configuration-parameter:index_by_version", check_str=("rule:admin_or_owner"), description="List all paramters bind to a datastore version by the id of the version(datastore is not provided).", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/versions/{version}/paramters")], ), base.APIRule( name="configuration-parameter:show_by_version", check_str=("rule:admin_or_owner"), description="Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}")], ), base.APIRule( name="datastore:index", check_str=(""), description="List all datastores.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores")], ), base.APIRule( name="datastore:show", check_str=(""), description="Get informations of a datastore.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}")], ), base.APIRule( name="datastore:delete", check_str=("rule:admin"), description="Delete a datastore.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/datastores/{datastore}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/datastores/{datastore}")], ), base.APIRule( name="datastore:version_show", check_str=(""), description="Get a version of a datastore by the version id.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions/{version}")], ), base.APIRule( name="datastore:version_show_by_uuid", check_str=(""), description="Get a version of a datastore by the version id(without providing the datastore id).", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/versions/{version}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/versions/{version}")], ), base.APIRule( name="datastore:version_index", check_str=(""), description="Get all versions of a datastore.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions")], ), base.APIRule( name="datastore:list_associated_flavors", check_str=(""), description="List all flavors associated with a datastore version.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors")], ), base.APIRule( name="datastore:list_associated_volume_types", check_str=(""), description="List all volume-types associated with a datastore version.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types")], ), base.APIRule( name="flavor:index", check_str=(""), description="List all flavors.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/flavors")], ), base.APIRule( name="flavor:show", check_str=(""), description="Get information of a flavor.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/flavors/{flavor}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/flavors/{flavor}")], ), base.APIRule( name="limits:index", check_str=("rule:admin_or_owner"), description="List all absolute and rate limit informations.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/limits"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/limits")], ), base.APIRule( name="module:create", check_str=("rule:admin_or_owner"), description="Create a module.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1.0/{account_id}/modules"}], + operations=[Operation(method="POST", path="/v1.0/{account_id}/modules")], ), base.APIRule( name="module:delete", check_str=("rule:admin_or_owner"), description="Delete a module.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1.0/{account_id}/modules/{module}"}], + operations=[Operation(method="DELETE", path="/v1.0/{account_id}/modules/{module}")], ), base.APIRule( name="module:index", check_str=("rule:admin_or_owner"), description="List all modules.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/modules")], ), base.APIRule( name="module:show", check_str=("rule:admin_or_owner"), description="Get informations of a module.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/modules/{module}")], ), base.APIRule( name="module:instances", check_str=("rule:admin_or_owner"), description="List all instances to which a module is applied.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1.0/{account_id}/modules/{module}/instances"}], + operations=[Operation(method="GET", path="/v1.0/{account_id}/modules/{module}/instances")], ), base.APIRule( name="module:update", check_str=("rule:admin_or_owner"), description="Update a module.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/modules/{module}")], ), base.APIRule( name="module:reapply", check_str=("rule:admin_or_owner"), description="Reapply a module to all instances.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1.0/{account_id}/modules/{module}/instances"}], + operations=[Operation(method="PUT", path="/v1.0/{account_id}/modules/{module}/instances")], ), ) diff --git a/skyline_apiserver/policy/manager/zun.py b/skyline_apiserver/policy/manager/zun.py index 95c420f..e90890e 100644 --- a/skyline_apiserver/policy/manager/zun.py +++ b/skyline_apiserver/policy/manager/zun.py @@ -15,6 +15,8 @@ # flake8: noqa # fmt: off +from skyline_apiserver.schemas.policy_manager import Operation + from . import base list_rules = ( @@ -43,546 +45,546 @@ list_rules = ( check_str=("is_admin:True or project_id:%(project_id)s"), description="Create a new container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="container:create:runtime", check_str=("rule:context_is_admin"), description="Create a new container with specified runtime.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="container:create:privileged", check_str=("rule:deny_everybody"), description="Create a new privileged container.Warning: the privileged container has a big security risk so be caution if you want to enable this feature", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="container:create:requested_destination", check_str=("rule:context_is_admin"), description="Create a container on the requested compute host.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="container:create:image_pull_policy", check_str=("rule:context_is_admin"), description="Create a new container with specified image pull policy.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="container:delete", check_str=("is_admin:True or project_id:%(project_id)s"), description="Delete a container.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:delete_all_projects", check_str=("rule:context_is_admin"), description="Delete a container from all projects.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:delete_force", check_str=("rule:context_is_admin"), description="Forcibly delete a container.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="DELETE", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one", check_str=("is_admin:True or project_id:%(project_id)s"), description="Retrieve the details of a specific container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one:host", check_str=("rule:context_is_admin"), description="Retrieve the host field of containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}, {"method": "GET", "path": "/v1/containers"}, {"method": "POST", "path": "/v1/containers"}, {"method": "PATCH", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}"), Operation(method="GET", path="/v1/containers"), Operation(method="POST", path="/v1/containers"), Operation(method="PATCH", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one:image_pull_policy", check_str=("rule:context_is_admin"), description="Retrieve the image_pull_policy field of containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}, {"method": "GET", "path": "/v1/containers"}, {"method": "POST", "path": "/v1/containers"}, {"method": "PATCH", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}"), Operation(method="GET", path="/v1/containers"), Operation(method="POST", path="/v1/containers"), Operation(method="PATCH", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one:privileged", check_str=("rule:context_is_admin"), description="Retrieve the privileged field of containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}, {"method": "GET", "path": "/v1/containers"}, {"method": "POST", "path": "/v1/containers"}, {"method": "PATCH", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}"), Operation(method="GET", path="/v1/containers"), Operation(method="POST", path="/v1/containers"), Operation(method="PATCH", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one:runtime", check_str=("rule:context_is_admin"), description="Retrieve the runtime field of containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}, {"method": "GET", "path": "/v1/containers"}, {"method": "POST", "path": "/v1/containers"}, {"method": "PATCH", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}"), Operation(method="GET", path="/v1/containers"), Operation(method="POST", path="/v1/containers"), Operation(method="PATCH", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_one_all_projects", check_str=("rule:context_is_admin"), description="Retrieve the details of a specific container from all projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:get_all", check_str=("is_admin:True or project_id:%(project_id)s"), description="Retrieve the details of all containers.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers"}], + operations=[Operation(method="GET", path="/v1/containers")], ), base.APIRule( name="container:get_all_all_projects", check_str=("rule:context_is_admin"), description="Retrieve the details of all containers across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers"}], + operations=[Operation(method="GET", path="/v1/containers")], ), base.APIRule( name="container:update", check_str=("is_admin:True or project_id:%(project_id)s"), description="Update a container.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/containers/{container_ident}"}], + operations=[Operation(method="PATCH", path="/v1/containers/{container_ident}")], ), base.APIRule( name="container:start", check_str=("is_admin:True or project_id:%(project_id)s"), description="Start a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/start"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/start")], ), base.APIRule( name="container:stop", check_str=("is_admin:True or project_id:%(project_id)s"), description="Stop a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/stop"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/stop")], ), base.APIRule( name="container:reboot", check_str=("is_admin:True or project_id:%(project_id)s"), description="Reboot a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/reboot"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/reboot")], ), base.APIRule( name="container:pause", check_str=("is_admin:True or project_id:%(project_id)s"), description="Pause a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/pause"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/pause")], ), base.APIRule( name="container:unpause", check_str=("is_admin:True or project_id:%(project_id)s"), description="Unpause a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/unpause"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/unpause")], ), base.APIRule( name="container:logs", check_str=("is_admin:True or project_id:%(project_id)s"), description="Get the log of a container", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/logs"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/logs")], ), base.APIRule( name="container:execute", check_str=("is_admin:True or project_id:%(project_id)s"), description="Execute command in a running container", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/execute"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/execute")], ), base.APIRule( name="container:execute_resize", check_str=("is_admin:True or project_id:%(project_id)s"), description="Resize the TTY used by an execute command.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/execute_resize"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/execute_resize")], ), base.APIRule( name="container:kill", check_str=("is_admin:True or project_id:%(project_id)s"), description="Kill a running container", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/kill"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/kill")], ), base.APIRule( name="container:rename", check_str=("is_admin:True or project_id:%(project_id)s"), description="Rename a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/rename"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/rename")], ), base.APIRule( name="container:attach", check_str=("is_admin:True or project_id:%(project_id)s"), description="Attach to a running container", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/attach"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/attach")], ), base.APIRule( name="container:resize", check_str=("is_admin:True or project_id:%(project_id)s"), description="Resize a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/resize"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/resize")], ), base.APIRule( name="container:top", check_str=("is_admin:True or project_id:%(project_id)s"), description="Display the running processes inside the container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/top"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/top")], ), base.APIRule( name="container:get_archive", check_str=("is_admin:True or project_id:%(project_id)s"), description="Get a tar archive of a path of container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/get_archive"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/get_archive")], ), base.APIRule( name="container:put_archive", check_str=("is_admin:True or project_id:%(project_id)s"), description="Put a tar archive to be extracted to a path of container", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/containers/{container_ident}/put_archive"}], + operations=[Operation(method="PUT", path="/v1/containers/{container_ident}/put_archive")], ), base.APIRule( name="container:stats", check_str=("is_admin:True or project_id:%(project_id)s"), description="Display the statistics of a container", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/stats"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/stats")], ), base.APIRule( name="container:commit", check_str=("is_admin:True or project_id:%(project_id)s"), description="Commit a container", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/commit"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/commit")], ), base.APIRule( name="container:add_security_group", check_str=("is_admin:True or project_id:%(project_id)s"), description="Add a security group to a specific container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/add_security_group"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/add_security_group")], ), base.APIRule( name="container:network_detach", check_str=("is_admin:True or project_id:%(project_id)s"), description="Detach a network from a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/network_detach"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/network_detach")], ), base.APIRule( name="container:network_attach", check_str=("is_admin:True or project_id:%(project_id)s"), description="Attach a network from a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/network_attach"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/network_attach")], ), base.APIRule( name="container:remove_security_group", check_str=("is_admin:True or project_id:%(project_id)s"), description="Remove security group from a specific container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/remove_security_group"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/remove_security_group")], ), base.APIRule( name="container:rebuild", check_str=("is_admin:True or project_id:%(project_id)s"), description="Rebuild a container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/rebuild"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/rebuild")], ), base.APIRule( name="container:resize_container", check_str=("is_admin:True or project_id:%(project_id)s"), description="Resize an existing container.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers/{container_ident}/resize_container"}], + operations=[Operation(method="POST", path="/v1/containers/{container_ident}/resize_container")], ), base.APIRule( name="image:pull", check_str=("rule:context_is_admin"), description="Pull an image.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/images"}], + operations=[Operation(method="POST", path="/v1/images")], ), base.APIRule( name="image:get_all", check_str=("rule:context_is_admin"), description="Print a list of available images.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/images"}], + operations=[Operation(method="GET", path="/v1/images")], ), base.APIRule( name="image:get_one", check_str=("rule:context_is_admin"), description="Retrieve the details of a specific image.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/images/{image_id}"}], + operations=[Operation(method="GET", path="/v1/images/{image_id}")], ), base.APIRule( name="image:search", check_str=("is_admin:True or project_id:%(project_id)s"), description="Search an image.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/images/{image_ident}/search"}], + operations=[Operation(method="GET", path="/v1/images/{image_ident}/search")], ), base.APIRule( name="image:delete", check_str=("rule:context_is_admin"), description="Delete an image.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/images/{image_ident}"}], + operations=[Operation(method="DELETE", path="/v1/images/{image_ident}")], ), base.APIRule( name="zun-service:delete", check_str=("rule:context_is_admin"), description="Delete a service.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/services"}], + operations=[Operation(method="DELETE", path="/v1/services")], ), base.APIRule( name="zun-service:disable", check_str=("rule:context_is_admin"), description="Disable a service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/services/disable"}], + operations=[Operation(method="PUT", path="/v1/services/disable")], ), base.APIRule( name="zun-service:enable", check_str=("rule:context_is_admin"), description="Enable a service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/services/enable"}], + operations=[Operation(method="PUT", path="/v1/services/enable")], ), base.APIRule( name="zun-service:force_down", check_str=("rule:context_is_admin"), description="Forcibly shutdown a service.", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/services/force_down"}], + operations=[Operation(method="PUT", path="/v1/services/force_down")], ), base.APIRule( name="zun-service:get_all", check_str=("rule:context_is_admin"), description="Show the status of a service.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/services"}], + operations=[Operation(method="GET", path="/v1/services")], ), base.APIRule( name="host:get_all", check_str=("rule:context_is_admin"), description="List all compute hosts.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/hosts"}], + operations=[Operation(method="GET", path="/v1/hosts")], ), base.APIRule( name="host:get", check_str=("rule:context_is_admin"), description="Show the details of a specific compute host.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/hosts/{host_ident}"}], + operations=[Operation(method="GET", path="/v1/hosts/{host_ident}")], ), base.APIRule( name="capsule:create", check_str=("is_admin:True or project_id:%(project_id)s"), description="Create a capsule", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/capsules/"}], + operations=[Operation(method="POST", path="/v1/capsules/")], ), base.APIRule( name="capsule:delete", check_str=("is_admin:True or project_id:%(project_id)s"), description="Delete a capsule", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/capsules/{capsule_ident}"}], + operations=[Operation(method="DELETE", path="/v1/capsules/{capsule_ident}")], ), base.APIRule( name="capsule:delete_all_projects", check_str=("rule:context_is_admin"), description="Delete a container in any project.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/capsules/{capsule_ident}"}], + operations=[Operation(method="DELETE", path="/v1/capsules/{capsule_ident}")], ), base.APIRule( name="capsule:get", check_str=("is_admin:True or project_id:%(project_id)s"), description="Retrieve the details of a capsule.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/capsules/{capsule_ident}"}], + operations=[Operation(method="GET", path="/v1/capsules/{capsule_ident}")], ), base.APIRule( name="capsule:get:host", check_str=("rule:context_is_admin"), description="Retrieve the host field of a capsule.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/capsules/{capsule_ident}"}, {"method": "GET", "path": "/v1/capsules"}, {"method": "POST", "path": "/v1/capsules"}], + operations=[Operation(method="GET", path="/v1/capsules/{capsule_ident}"), Operation(method="GET", path="/v1/capsules"), Operation(method="POST", path="/v1/capsules")], ), base.APIRule( name="capsule:get_one_all_projects", check_str=("rule:context_is_admin"), description="Retrieve the details of a capsule in any project.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/capsules/{capsule_ident}"}], + operations=[Operation(method="GET", path="/v1/capsules/{capsule_ident}")], ), base.APIRule( name="capsule:get_all", check_str=("is_admin:True or project_id:%(project_id)s"), description="List all capsules.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/capsules/"}], + operations=[Operation(method="GET", path="/v1/capsules/")], ), base.APIRule( name="capsule:get_all_all_projects", check_str=("rule:context_is_admin"), description="List all capsules across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/capsules/"}], + operations=[Operation(method="GET", path="/v1/capsules/")], ), base.APIRule( name="network:attach_external_network", check_str=("role:admin"), description="Attach an unshared external network to a container", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/containers"}], + operations=[Operation(method="POST", path="/v1/containers")], ), base.APIRule( name="network:create", check_str=("role:admin"), description="Create a network", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/networks"}], + operations=[Operation(method="POST", path="/v1/networks")], ), base.APIRule( name="network:delete", check_str=("role:admin"), description="Delete a network", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/networks"}], + operations=[Operation(method="DELETE", path="/v1/networks")], ), base.APIRule( name="container:actions", check_str=("is_admin:True or project_id:%(project_id)s"), description="List actions and show action details for a container", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/container_actions/"}, {"method": "GET", "path": "/v1/containers/{container_ident}/container_actions/{request_id}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/container_actions/"), Operation(method="GET", path="/v1/containers/{container_ident}/container_actions/{request_id}")], ), base.APIRule( name="container:action:events", check_str=("rule:context_is_admin"), description="Add events details in action details for a container.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/containers/{container_ident}/container_actions/{request_id}"}], + operations=[Operation(method="GET", path="/v1/containers/{container_ident}/container_actions/{request_id}")], ), base.APIRule( name="availability_zones:get_all", check_str=("is_admin:True or project_id:%(project_id)s"), description="List availability zone", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/availability_zones"}], + operations=[Operation(method="GET", path="/v1/availability_zones")], ), base.APIRule( name="quota:update", check_str=("rule:context_is_admin"), description="Update quotas for a project", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/quotas/{project_id}"}], + operations=[Operation(method="PUT", path="/v1/quotas/{project_id}")], ), base.APIRule( name="quota:delete", check_str=("rule:context_is_admin"), description="Delete quotas for a project", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/quotas/{project_id}"}], + operations=[Operation(method="DELETE", path="/v1/quotas/{project_id}")], ), base.APIRule( name="quota:get", check_str=("is_admin:True or project_id:%(project_id)s"), description="Get quotas for a project", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quotas/{project_id}"}], + operations=[Operation(method="GET", path="/v1/quotas/{project_id}")], ), base.APIRule( name="quota:get_default", check_str=("is_admin:True or project_id:%(project_id)s"), description="Get default quotas for a project", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quotas/defaults"}], + operations=[Operation(method="GET", path="/v1/quotas/defaults")], ), base.APIRule( name="quota_class:update", check_str=("rule:context_is_admin"), description="Update quotas for specific quota class", scope_types=["project"], - operations=[{"method": "PUT", "path": "/v1/quota_classes/{quota_class_name}"}], + operations=[Operation(method="PUT", path="/v1/quota_classes/{quota_class_name}")], ), base.APIRule( name="quota_class:get", check_str=("rule:context_is_admin"), description="List quotas for specific quota class", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/quota_classes/{quota_class_name}"}], + operations=[Operation(method="GET", path="/v1/quota_classes/{quota_class_name}")], ), base.APIRule( name="registry:create", check_str=("is_admin:True or project_id:%(project_id)s"), description="Create a new registry.", scope_types=["project"], - operations=[{"method": "POST", "path": "/v1/registries"}], + operations=[Operation(method="POST", path="/v1/registries")], ), base.APIRule( name="registry:delete", check_str=("is_admin:True or project_id:%(project_id)s"), description="Delete a registry.", scope_types=["project"], - operations=[{"method": "DELETE", "path": "/v1/registries/{registry_ident}"}], + operations=[Operation(method="DELETE", path="/v1/registries/{registry_ident}")], ), base.APIRule( name="registry:get_one", check_str=("is_admin:True or project_id:%(project_id)s"), description="Retrieve the details of a specific registry.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/registries/{registry_ident}"}], + operations=[Operation(method="GET", path="/v1/registries/{registry_ident}")], ), base.APIRule( name="registry:get_all", check_str=("is_admin:True or project_id:%(project_id)s"), description="Retrieve the details of all registries.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/registries"}], + operations=[Operation(method="GET", path="/v1/registries")], ), base.APIRule( name="registry:get_all_all_projects", check_str=("rule:context_is_admin"), description="Retrieve the details of all registries across projects.", scope_types=["project"], - operations=[{"method": "GET", "path": "/v1/registries"}], + operations=[Operation(method="GET", path="/v1/registries")], ), base.APIRule( name="registry:update", check_str=("is_admin:True or project_id:%(project_id)s"), description="Update a registry.", scope_types=["project"], - operations=[{"method": "PATCH", "path": "/v1/registries/{registry_ident}"}], + operations=[Operation(method="PATCH", path="/v1/registries/{registry_ident}")], ), ) diff --git a/skyline_apiserver/schemas/extension.py b/skyline_apiserver/schemas/extension.py index 237ac84..b893d86 100644 --- a/skyline_apiserver/schemas/extension.py +++ b/skyline_apiserver/schemas/extension.py @@ -17,8 +17,7 @@ from __future__ import annotations from enum import Enum from typing import Any, Dict, List, Optional -from pydantic import BaseModel, Field -from pydantic.types import UUID4 +from pydantic import UUID4, BaseModel, Field SERVERS_LIST_DOCS_LINKS = "https://docs.openstack.org/api-ref/compute/?expanded=list-servers-detailed-detail#list-servers-detailed" # noqa VOLUMES_LIST_DOCS_LINKS = "https://docs.openstack.org/api-ref/block-storage/v3/index.html?expanded=list-accessible-volumes-with-details-detail#list-accessible-volumes-with-details" # noqa @@ -403,10 +402,12 @@ class VolumesResponse(BaseModel): class VolumeSnapshotChildVolume(BaseModel): - volume_id: str = Field( - None, description="ID of volume", example="00000000-0000-0000-0000-000000000000" + volume_id: Optional[str] = Field( + None, description="ID of volume", examples=["00000000-0000-0000-0000-000000000000"] + ) + volume_name: Optional[str] = Field( + None, description="Name of volume", examples=["child-volume-demo"] ) - volume_name: str = Field(None, description="Name of volume", example="child-volume-demo") class VolumeSnapshotsResponseBase(BaseModel): @@ -416,7 +417,9 @@ class VolumeSnapshotsResponseBase(BaseModel): ) project_name: Optional[str] = Field(None, description="Project name") host: Optional[str] = Field(None, description="Host name") - volume_name: Optional[str] = Field(None, description="Name of volume", example="volume-demo") + volume_name: Optional[str] = Field( + None, description="Name of volume", examples=["volume-demo"] + ) child_volumes: Optional[List[VolumeSnapshotChildVolume]] = Field( None, description="Child volumes" ) diff --git a/skyline_apiserver/schemas/login.py b/skyline_apiserver/schemas/login.py index 2b5d256..2974b00 100644 --- a/skyline_apiserver/schemas/login.py +++ b/skyline_apiserver/schemas/login.py @@ -29,15 +29,18 @@ class Credential(BaseModel): username: str = Field(..., description="Credential username") password: str = Field(..., description="Credential password for user") - class Config: - schema_extra = { - "example": { - "region": "RegionOne", - "username": "admin", - "domain": "default", - "password": "admin", - }, + model_config = { + "json_schema_extra": { + "examples": [ + { + "region": "RegionOne", + "username": "admin", + "domain": "default", + "password": "admin", + }, + ] } + } class Domain(BaseModel): diff --git a/skyline_apiserver/schemas/policy_manager.py b/skyline_apiserver/schemas/policy_manager.py index 16eb1c1..92af366 100644 --- a/skyline_apiserver/schemas/policy_manager.py +++ b/skyline_apiserver/schemas/policy_manager.py @@ -15,9 +15,9 @@ from __future__ import annotations from enum import Enum -from typing import List, TypedDict +from typing import List -from pydantic import BaseModel, Field +from pydantic import BaseModel, Field, RootModel class ScopeType(str, Enum): @@ -26,8 +26,8 @@ class ScopeType(str, Enum): project = "project" -class ScopeTypesSchema(BaseModel): - __root__: List[ScopeType] = Field(..., description="Scope types list") +class ScopeTypesSchema(RootModel[List[ScopeType]]): + pass class Method(str, Enum): @@ -39,7 +39,7 @@ class Method(str, Enum): HEAD = "HEAD" -class Operation(TypedDict): +class Operation(BaseModel): method: str path: str @@ -49,8 +49,8 @@ class OperationSchema(BaseModel): path: str = Field(..., description="Operation path") -class OperationsSchema(BaseModel): - __root__: List[OperationSchema] = Field(..., description="Operations list") +class OperationsSchema(RootModel[List[OperationSchema]]): + pass __all__ = ("ScopeTypesSchema", "Operation", "OperationsSchema") diff --git a/skyline_apiserver/tests/unit/config/test_base.py b/skyline_apiserver/tests/unit/config/test_base.py index 8468610..37ce0aa 100644 --- a/skyline_apiserver/tests/unit/config/test_base.py +++ b/skyline_apiserver/tests/unit/config/test_base.py @@ -20,8 +20,8 @@ from typing import Any, Dict, List, Optional, Sequence, Tuple, Type import pytest from _pytest.fixtures import SubRequest -from pydantic import StrictBool, StrictFloat, StrictInt, StrictStr -from pydantic.error_wrappers import ValidationError +from pydantic import StrictBool, StrictFloat, StrictInt, StrictStr, ValidationError +from pydantic.errors import PydanticSchemaGenerationError from skyline_apiserver.config.base import Configuration, Group, Opt from skyline_apiserver.tests.fake import FAKER, FakeOptData @@ -81,7 +81,7 @@ class TestOpt: "description": FAKER.text.word(), "schema": RuntimeError, }, - RuntimeError, + PydanticSchemaGenerationError, ), ), ], diff --git a/swagger.json b/swagger.json index 418a566..65c1f73 100644 --- a/swagger.json +++ b/swagger.json @@ -15,26 +15,26 @@ "operationId": "login_api_v1_login_post", "parameters": [ { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Credential" } } - }, - "required": true + } }, "responses": { "200": { @@ -48,14 +48,14 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "422": { "description": "Validation Error", @@ -102,44 +102,40 @@ "operationId": "websso_api_v1_websso_post", "parameters": [ { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "requestBody": { + "required": true, "content": { "application/x-www-form-urlencoded": { "schema": { "$ref": "#/components/schemas/Body_websso_api_v1_websso_post" } } - }, - "required": true + } }, "responses": { "302": { - "description": "Redirect", - "class": { - "__module__": "starlette.responses", - "__init__": {} - } + "description": "Redirect to SSO provider" }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "422": { "description": "Validation Error", @@ -164,15 +160,15 @@ "operationId": "get_profile_api_v1_profile_get", "parameters": [ { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -187,14 +183,14 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "422": { "description": "Validation Error", @@ -219,15 +215,15 @@ "operationId": "logout_api_v1_logout_post", "parameters": [ { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -264,24 +260,24 @@ "operationId": "switch_project_api_v1_switch_project__project_id__post", "parameters": [ { + "name": "project_id", + "in": "path", "required": true, "schema": { "type": "string", "title": "Project Id" - }, - "name": "project_id", - "in": "path" + } }, { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -296,14 +292,14 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "422": { "description": "Validation Error", @@ -328,156 +324,214 @@ "operationId": "list_servers_api_v1_extension_servers_get", "parameters": [ { - "description": "Requests a page size of items. Returns a number of items up to a limit value.", - "required": false, - "schema": { - "type": "integer", - "exclusiveMinimum": 0.0, - "title": "Limit", - "description": "Requests a page size of items. Returns a number of items up to a limit value." - }, "name": "limit", - "in": "query" - }, - { - "description": "The ID of the last-seen item.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Marker", - "description": "The ID of the last-seen item." - }, - "name": "marker", - "in": "query" - }, - { - "description": "Indicates in which directions to sort.", - "required": false, - "schema": { - "allOf": [ + "anyOf": [ { - "$ref": "#/components/schemas/SortDir" + "type": "integer", + "exclusiveMinimum": 0 + }, + { + "type": "null" } ], - "description": "Indicates in which directions to sort." + "description": "Requests a page size of items. Returns a number of items up to a limit value.", + "title": "Limit" }, - "name": "sort_dirs", - "in": "query" + "description": "Requests a page size of items. Returns a number of items up to a limit value." }, { - "description": "Indicates in which attributes to sort. Host is only used for admin role users", + "name": "marker", + "in": "query", "required": false, "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the last-seen item.", + "title": "Marker" + }, + "description": "The ID of the last-seen item." + }, + { + "name": "sort_dirs", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "$ref": "#/components/schemas/SortDir" + }, + { + "type": "null" + } + ], + "description": "Indicates in which directions to sort.", + "title": "Sort Dirs" + }, + "description": "Indicates in which directions to sort." + }, + { + "name": "sort_keys", + "in": "query", + "required": false, + "schema": { + "type": "array", "items": { "$ref": "#/components/schemas/ServerSortKey" }, - "type": "array", - "description": "Indicates in which attributes to sort. Host is only used for admin role users" + "description": "Indicates in which attributes to sort. Host is only used for admin role users", + "title": "Sort Keys" }, - "name": "sort_keys", - "in": "query" + "description": "Indicates in which attributes to sort. Host is only used for admin role users" }, { - "description": "List servers for all projects.", - "required": false, - "schema": { - "type": "boolean", - "title": "All Projects", - "description": "List servers for all projects." - }, "name": "all_projects", - "in": "query" - }, - { - "description": "Filter the list of servers by the given project ID. Only works when the all_projects filter is also specified.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Id", - "description": "Filter the list of servers by the given project ID. Only works when the all_projects filter is also specified." - }, - "name": "project_id", - "in": "query" - }, - { - "description": "Filter the list of servers by the given project name. Only works when the all_projects filter is also specified.", - "required": false, - "schema": { - "type": "string", - "title": "Project Name", - "description": "Filter the list of servers by the given project name. Only works when the all_projects filter is also specified." - }, - "name": "project_name", - "in": "query" - }, - { - "description": "Filter the list of servers by the given server name. Support fuzzy query.", - "required": false, - "schema": { - "type": "string", - "title": "Name", - "description": "Filter the list of servers by the given server name. Support fuzzy query." - }, - "name": "name", - "in": "query" - }, - { - "description": "Filter the list of servers by the given server status.", - "required": false, - "schema": { - "allOf": [ + "anyOf": [ { - "$ref": "#/components/schemas/ServerStatus" + "type": "boolean" + }, + { + "type": "null" } ], - "description": "Filter the list of servers by the given server status." + "description": "List servers for all projects.", + "title": "All Projects" }, + "description": "List servers for all projects." + }, + { + "name": "project_id", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of servers by the given project ID. Only works when the all_projects filter is also specified.", + "title": "Project Id" + }, + "description": "Filter the list of servers by the given project ID. Only works when the all_projects filter is also specified." + }, + { + "name": "project_name", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of servers by the given project name. Only works when the all_projects filter is also specified.", + "title": "Project Name" + }, + "description": "Filter the list of servers by the given project name. Only works when the all_projects filter is also specified." + }, + { + "name": "name", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of servers by the given server name. Support fuzzy query.", + "title": "Name" + }, + "description": "Filter the list of servers by the given server name. Support fuzzy query." + }, + { "name": "status", - "in": "query" - }, - { - "description": "Filter the list of servers by the given host. It will be ignored for non-admin user.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Host", - "description": "Filter the list of servers by the given host. It will be ignored for non-admin user." + "anyOf": [ + { + "$ref": "#/components/schemas/ServerStatus" + }, + { + "type": "null" + } + ], + "description": "Filter the list of servers by the given server status.", + "title": "Status" }, + "description": "Filter the list of servers by the given server status." + }, + { "name": "host", - "in": "query" - }, - { - "description": "Filter the list of servers by the given flavor ID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Flavor Id", - "description": "Filter the list of servers by the given flavor ID." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of servers by the given host. It will be ignored for non-admin user.", + "title": "Host" }, + "description": "Filter the list of servers by the given host. It will be ignored for non-admin user." + }, + { "name": "flavor_id", - "in": "query" - }, - { - "description": "Filter the list of servers by the given server UUID.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Uuid", - "description": "Filter the list of servers by the given server UUID." + "description": "Filter the list of servers by the given flavor ID.", + "title": "Flavor Id" }, - "name": "uuid", - "in": "query" + "description": "Filter the list of servers by the given flavor ID." }, { + "name": "uuid", + "in": "query", + "required": false, + "schema": { + "type": "string", + "description": "Filter the list of servers by the given server UUID.", + "title": "Uuid" + }, + "description": "Filter the list of servers by the given server UUID." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -492,44 +546,44 @@ } }, "400": { - "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BadRequestMessage" } } - } + }, + "description": "Bad Request" }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -554,120 +608,181 @@ "operationId": "list_recycle_servers_api_v1_extension_recycle_servers_get", "parameters": [ { - "description": "Requests a page size of items. Returns a number of items up to a limit value.", - "required": false, - "schema": { - "type": "integer", - "exclusiveMinimum": 0.0, - "title": "Limit", - "description": "Requests a page size of items. Returns a number of items up to a limit value." - }, "name": "limit", - "in": "query" - }, - { - "description": "The ID of the last-seen item.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Marker", - "description": "The ID of the last-seen item." - }, - "name": "marker", - "in": "query" - }, - { - "description": "Indicates in which directions to sort.", - "required": false, - "schema": { - "allOf": [ + "anyOf": [ { - "$ref": "#/components/schemas/SortDir" + "type": "integer", + "exclusiveMinimum": 0 + }, + { + "type": "null" } ], - "description": "Indicates in which directions to sort." + "description": "Requests a page size of items. Returns a number of items up to a limit value.", + "title": "Limit" }, + "description": "Requests a page size of items. Returns a number of items up to a limit value." + }, + { + "name": "marker", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the last-seen item.", + "title": "Marker" + }, + "description": "The ID of the last-seen item." + }, + { "name": "sort_dirs", - "in": "query" - }, - { - "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at", + "in": "query", "required": false, "schema": { - "items": { - "$ref": "#/components/schemas/RecycleServerSortKey" - }, - "type": "array", - "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at" + "anyOf": [ + { + "$ref": "#/components/schemas/SortDir" + }, + { + "type": "null" + } + ], + "description": "Indicates in which directions to sort.", + "title": "Sort Dirs" }, + "description": "Indicates in which directions to sort." + }, + { "name": "sort_keys", - "in": "query" - }, - { - "description": "List recycle servers for all projects.", + "in": "query", "required": false, "schema": { - "type": "boolean", - "title": "All Projects", - "description": "List recycle servers for all projects." + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/RecycleServerSortKey" + } + }, + { + "type": "null" + } + ], + "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at", + "title": "Sort Keys" }, + "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at" + }, + { "name": "all_projects", - "in": "query" - }, - { - "description": "Filter the list of recycle servers by the given project ID. Only works when the all_projects filter is also specified.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Id", - "description": "Filter the list of recycle servers by the given project ID. Only works when the all_projects filter is also specified." + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "List recycle servers for all projects.", + "title": "All Projects" }, + "description": "List recycle servers for all projects." + }, + { "name": "project_id", - "in": "query" - }, - { - "description": "Filter the list of recycle servers by the given project name. Only works when the all_projects filter is also specified.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Name", - "description": "Filter the list of recycle servers by the given project name. Only works when the all_projects filter is also specified." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of recycle servers by the given project ID. Only works when the all_projects filter is also specified.", + "title": "Project Id" }, + "description": "Filter the list of recycle servers by the given project ID. Only works when the all_projects filter is also specified." + }, + { "name": "project_name", - "in": "query" - }, - { - "description": "Filter the list of recycle servers by the given server name. Support fuzzy query.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Name", - "description": "Filter the list of recycle servers by the given server name. Support fuzzy query." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of recycle servers by the given project name. Only works when the all_projects filter is also specified.", + "title": "Project Name" }, + "description": "Filter the list of recycle servers by the given project name. Only works when the all_projects filter is also specified." + }, + { "name": "name", - "in": "query" - }, - { - "description": "Filter the list of recycle servers by the given recycle server UUID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Uuid", - "description": "Filter the list of recycle servers by the given recycle server UUID." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of recycle servers by the given server name. Support fuzzy query.", + "title": "Name" }, - "name": "uuid", - "in": "query" + "description": "Filter the list of recycle servers by the given server name. Support fuzzy query." }, { + "name": "uuid", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of recycle servers by the given recycle server UUID.", + "title": "Uuid" + }, + "description": "Filter the list of recycle servers by the given recycle server UUID." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -682,44 +797,44 @@ } }, "400": { - "description": "Bad Request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BadRequestMessage" } } - } + }, + "description": "Bad Request" }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -744,148 +859,220 @@ "operationId": "list_volumes_api_v1_extension_volumes_get", "parameters": [ { - "description": "Requests a page size of items. Returns a number of items up to a limit value.", - "required": false, - "schema": { - "type": "integer", - "exclusiveMinimum": 0.0, - "title": "Limit", - "description": "Requests a page size of items. Returns a number of items up to a limit value." - }, "name": "limit", - "in": "query" - }, - { - "description": "The ID of the last-seen item.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Marker", - "description": "The ID of the last-seen item." + "anyOf": [ + { + "type": "integer", + "exclusiveMinimum": 0 + }, + { + "type": "null" + } + ], + "description": "Requests a page size of items. Returns a number of items up to a limit value.", + "title": "Limit" }, - "name": "marker", - "in": "query" + "description": "Requests a page size of items. Returns a number of items up to a limit value." }, { - "description": "Indicates in which directions to sort.", + "name": "marker", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the last-seen item.", + "title": "Marker" + }, + "description": "The ID of the last-seen item." + }, + { + "name": "sort_dirs", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/SortDir" + }, + { + "type": "null" } ], - "description": "Indicates in which directions to sort." + "description": "Indicates in which directions to sort.", + "title": "Sort Dirs" }, - "name": "sort_dirs", - "in": "query" + "description": "Indicates in which directions to sort." }, { - "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at", - "required": false, - "schema": { - "items": { - "$ref": "#/components/schemas/VolumeSortKey" - }, - "type": "array", - "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at" - }, "name": "sort_keys", - "in": "query" - }, - { - "description": "List volumes for all projects.", + "in": "query", "required": false, "schema": { - "type": "boolean", - "title": "All Projects", - "description": "List volumes for all projects." + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/VolumeSortKey" + } + }, + { + "type": "null" + } + ], + "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at", + "title": "Sort Keys" }, + "description": "Indicates in which attributes to sort. Updated_at is used as deleted_at" + }, + { "name": "all_projects", - "in": "query" - }, - { - "description": "Filter the list of volumes by the given project ID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Id", - "description": "Filter the list of volumes by the given project ID." + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "List volumes for all projects.", + "title": "All Projects" }, + "description": "List volumes for all projects." + }, + { "name": "project_id", - "in": "query" - }, - { - "description": "Filter the list of volumes by the given server name.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Name", - "description": "Filter the list of volumes by the given server name." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of volumes by the given project ID.", + "title": "Project Id" }, + "description": "Filter the list of volumes by the given project ID." + }, + { "name": "name", - "in": "query" - }, - { - "description": "Filter the list of volumes by the given multiattach.", + "in": "query", "required": false, "schema": { - "type": "boolean", - "title": "Multiattach", - "description": "Filter the list of volumes by the given multiattach." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of volumes by the given server name.", + "title": "Name" }, - "name": "multiattach", - "in": "query" + "description": "Filter the list of volumes by the given server name." }, { - "description": "Filter the list of volumes by the given status.", + "name": "multiattach", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "Filter the list of volumes by the given multiattach.", + "title": "Multiattach" + }, + "description": "Filter the list of volumes by the given multiattach." + }, + { + "name": "status", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/VolumeStatus" + }, + { + "type": "null" } ], - "description": "Filter the list of volumes by the given status." + "description": "Filter the list of volumes by the given status.", + "title": "Status" }, - "name": "status", - "in": "query" + "description": "Filter the list of volumes by the given status." }, { - "description": "Filter the list of volumes by the given bootable.", - "required": false, - "schema": { - "type": "boolean", - "title": "Bootable", - "description": "Filter the list of volumes by the given bootable." - }, "name": "bootable", - "in": "query" - }, - { - "description": "Filter the list of volumes by the given volumes UUID.", + "in": "query", "required": false, "schema": { - "items": { - "type": "string" - }, - "type": "array", - "title": "Uuid", - "description": "Filter the list of volumes by the given volumes UUID." + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "Filter the list of volumes by the given bootable.", + "title": "Bootable" }, - "name": "uuid", - "in": "query" + "description": "Filter the list of volumes by the given bootable." }, { + "name": "uuid", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "null" + } + ], + "description": "Filter the list of volumes by the given volumes UUID.", + "title": "Uuid" + }, + "description": "Filter the list of volumes by the given volumes UUID." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -900,34 +1087,34 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -952,134 +1139,199 @@ "operationId": "list_volume_snapshots_api_v1_extension_volume_snapshots_get", "parameters": [ { - "description": "Requests a page size of items. Return items up to the limit value.", - "required": false, - "schema": { - "type": "integer", - "exclusiveMinimum": 0.0, - "title": "Limit", - "description": "Requests a page size of items. Return items up to the limit value." - }, "name": "limit", - "in": "query" - }, - { - "description": "The ID of the last-seen item.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Marker", - "description": "The ID of the last-seen item." + "anyOf": [ + { + "type": "integer", + "exclusiveMinimum": 0 + }, + { + "type": "null" + } + ], + "description": "Requests a page size of items. Return items up to the limit value.", + "title": "Limit" }, - "name": "marker", - "in": "query" + "description": "Requests a page size of items. Return items up to the limit value." }, { - "description": "Indicates in which directions to sort.", + "name": "marker", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the last-seen item.", + "title": "Marker" + }, + "description": "The ID of the last-seen item." + }, + { + "name": "sort_dirs", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/SortDir" + }, + { + "type": "null" } ], - "description": "Indicates in which directions to sort." + "description": "Indicates in which directions to sort.", + "title": "Sort Dirs" }, - "name": "sort_dirs", - "in": "query" + "description": "Indicates in which directions to sort." }, { - "description": "Indicates in which attributes to sort.", - "required": false, - "schema": { - "items": { - "$ref": "#/components/schemas/VolumeSnapshotSortKey" - }, - "type": "array", - "description": "Indicates in which attributes to sort." - }, "name": "sort_keys", - "in": "query" - }, - { - "description": "List snapshots for all projects.", + "in": "query", "required": false, "schema": { - "type": "boolean", - "title": "All Projects", - "description": "List snapshots for all projects." + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/VolumeSnapshotSortKey" + } + }, + { + "type": "null" + } + ], + "description": "Indicates in which attributes to sort.", + "title": "Sort Keys" }, + "description": "Indicates in which attributes to sort." + }, + { "name": "all_projects", - "in": "query" - }, - { - "description": "Filter the list of snapshots by the given project ID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Id", - "description": "Filter the list of snapshots by the given project ID." + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "List snapshots for all projects.", + "title": "All Projects" }, + "description": "List snapshots for all projects." + }, + { "name": "project_id", - "in": "query" - }, - { - "description": "Filter the list of snapshots by the given snapshot name.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Name", - "description": "Filter the list of snapshots by the given snapshot name." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of snapshots by the given project ID.", + "title": "Project Id" }, - "name": "name", - "in": "query" + "description": "Filter the list of snapshots by the given project ID." }, { - "description": "Filter the list of snapshots by the given snapshot status.", + "name": "name", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of snapshots by the given snapshot name.", + "title": "Name" + }, + "description": "Filter the list of snapshots by the given snapshot name." + }, + { + "name": "status", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/VolumeSnapshotStatus" + }, + { + "type": "null" } ], - "description": "Filter the list of snapshots by the given snapshot status." + "description": "Filter the list of snapshots by the given snapshot status.", + "title": "Status" }, - "name": "status", - "in": "query" + "description": "Filter the list of snapshots by the given snapshot status." }, { - "description": "Filter the list of snapshots by the given volume ID.", - "required": false, - "schema": { - "type": "string", - "title": "Volume Id", - "description": "Filter the list of snapshots by the given volume ID." - }, "name": "volume_id", - "in": "query" - }, - { - "description": "Filter the list of snapshots by the given snapshot UUID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Uuid", - "description": "Filter the list of snapshots by the given snapshot UUID." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of snapshots by the given volume ID.", + "title": "Volume Id" }, - "name": "uuid", - "in": "query" + "description": "Filter the list of snapshots by the given volume ID." }, { + "name": "uuid", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of snapshots by the given snapshot UUID.", + "title": "Uuid" + }, + "description": "Filter the list of snapshots by the given snapshot UUID." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -1094,34 +1346,34 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -1146,172 +1398,259 @@ "operationId": "list_ports_api_v1_extension_ports_get", "parameters": [ { - "description": "Requests a page size of items. Returns a number of items up to a limit value.", - "required": false, - "schema": { - "type": "integer", - "exclusiveMinimum": 0.0, - "title": "Limit", - "description": "Requests a page size of items. Returns a number of items up to a limit value." - }, "name": "limit", - "in": "query" - }, - { - "description": "The ID of the last-seen item.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Marker", - "description": "The ID of the last-seen item." + "anyOf": [ + { + "type": "integer", + "exclusiveMinimum": 0 + }, + { + "type": "null" + } + ], + "description": "Requests a page size of items. Returns a number of items up to a limit value.", + "title": "Limit" }, - "name": "marker", - "in": "query" + "description": "Requests a page size of items. Returns a number of items up to a limit value." }, { - "description": "Indicates in which directions to sort.", + "name": "marker", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the last-seen item.", + "title": "Marker" + }, + "description": "The ID of the last-seen item." + }, + { + "name": "sort_dirs", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/SortDir" + }, + { + "type": "null" } ], - "description": "Indicates in which directions to sort." + "description": "Indicates in which directions to sort.", + "title": "Sort Dirs" }, - "name": "sort_dirs", - "in": "query" + "description": "Indicates in which directions to sort." }, { - "description": "Indicates in which attributes to sort.", - "required": false, - "schema": { - "items": { - "$ref": "#/components/schemas/PortSortKey" - }, - "type": "array", - "description": "Indicates in which attributes to sort." - }, "name": "sort_keys", - "in": "query" - }, - { - "description": "List ports for all projects.", + "in": "query", "required": false, "schema": { - "type": "boolean", - "title": "All Projects", - "description": "List ports for all projects." + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/PortSortKey" + } + }, + { + "type": "null" + } + ], + "description": "Indicates in which attributes to sort.", + "title": "Sort Keys" }, + "description": "Indicates in which attributes to sort." + }, + { "name": "all_projects", - "in": "query" - }, - { - "description": "Filter the list of ports by the given project ID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Project Id", - "description": "Filter the list of ports by the given project ID." + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], + "description": "List ports for all projects.", + "title": "All Projects" }, + "description": "List ports for all projects." + }, + { "name": "project_id", - "in": "query" - }, - { - "description": "Filter the list of ports by the given port name.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Name", - "description": "Filter the list of ports by the given port name." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of ports by the given project ID.", + "title": "Project Id" }, - "name": "name", - "in": "query" + "description": "Filter the list of ports by the given project ID." }, { - "description": "Filter the list of ports by the given port status.", + "name": "name", + "in": "query", "required": false, "schema": { - "allOf": [ + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of ports by the given port name.", + "title": "Name" + }, + "description": "Filter the list of ports by the given port name." + }, + { + "name": "status", + "in": "query", + "required": false, + "schema": { + "anyOf": [ { "$ref": "#/components/schemas/PortStatus" + }, + { + "type": "null" } ], - "description": "Filter the list of ports by the given port status." + "description": "Filter the list of ports by the given port status.", + "title": "Status" }, - "name": "status", - "in": "query" + "description": "Filter the list of ports by the given port status." }, { - "description": "Filter the list of ports by the given network name.", - "required": false, - "schema": { - "type": "string", - "title": "Network Name", - "description": "Filter the list of ports by the given network name." - }, "name": "network_name", - "in": "query" - }, - { - "description": "Filter the list of ports by the given network ID.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Network Id", - "description": "Filter the list of ports by the given network ID." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of ports by the given network name.", + "title": "Network Name" }, + "description": "Filter the list of ports by the given network name." + }, + { "name": "network_id", - "in": "query" - }, - { - "description": "The ID of the device that uses this port. For example, a server instance or a logical router.", + "in": "query", "required": false, "schema": { - "type": "string", - "title": "Device Id", - "description": "The ID of the device that uses this port. For example, a server instance or a logical router." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "Filter the list of ports by the given network ID.", + "title": "Network Id" }, + "description": "Filter the list of ports by the given network ID." + }, + { "name": "device_id", - "in": "query" - }, - { - "description": "The entity type that uses this port.", + "in": "query", "required": false, "schema": { - "items": { - "$ref": "#/components/schemas/PortDeviceOwner" - }, - "type": "array", - "description": "The entity type that uses this port." + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "description": "The ID of the device that uses this port. For example, a server instance or a logical router.", + "title": "Device Id" }, + "description": "The ID of the device that uses this port. For example, a server instance or a logical router." + }, + { "name": "device_owner", - "in": "query" - }, - { - "description": "Filter the list of ports by the given port UUID.", + "in": "query", "required": false, "schema": { - "items": { - "type": "string" - }, - "type": "array", - "title": "Uuid", - "description": "Filter the list of ports by the given port UUID." + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/PortDeviceOwner" + } + }, + { + "type": "null" + } + ], + "description": "The entity type that uses this port.", + "title": "Device Owner" }, - "name": "uuid", - "in": "query" + "description": "The entity type that uses this port." }, { + "name": "uuid", + "in": "query", + "required": false, + "schema": { + "anyOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "type": "null" + } + ], + "description": "Filter the list of ports by the given port UUID.", + "title": "Uuid" + }, + "description": "Filter the list of ports by the given port UUID." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -1326,34 +1665,34 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -1378,37 +1717,37 @@ "operationId": "compute_services_api_v1_extension_compute_services_get", "parameters": [ { - "description": "Filter the list of compute services by the given binary.", - "required": false, - "schema": { - "type": "string", - "title": "Binary", - "description": "Filter the list of compute services by the given binary." - }, "name": "binary", - "in": "query" - }, - { - "description": "Filter the list of compute services by the given host.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Host", - "description": "Filter the list of compute services by the given host." + "description": "Filter the list of compute services by the given binary.", + "title": "Binary" }, - "name": "host", - "in": "query" + "description": "Filter the list of compute services by the given binary." }, { + "name": "host", + "in": "query", + "required": false, + "schema": { + "type": "string", + "description": "Filter the list of compute services by the given host.", + "title": "Host" + }, + "description": "Filter the list of compute services by the given host." + }, + { + "name": "X-Openstack-Request-Id", + "in": "header", "required": false, "schema": { "type": "string", "pattern": "^req-\\w{8}(-\\w{4}){3}-\\w{12}", - "title": "X-Openstack-Request-Id", - "default": "" - }, - "name": "X-Openstack-Request-Id", - "in": "header" + "default": "", + "title": "X-Openstack-Request-Id" + } } ], "responses": { @@ -1423,24 +1762,24 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -1465,37 +1804,37 @@ "operationId": "prometheus_query_api_v1_query_get", "parameters": [ { - "description": "The query expression of prometheus to filter.", - "required": false, - "schema": { - "type": "string", - "title": "Query", - "description": "The query expression of prometheus to filter." - }, "name": "query", - "in": "query" - }, - { - "description": "The time to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Time", - "description": "The time to filter." + "description": "The query expression of prometheus to filter.", + "title": "Query" }, + "description": "The query expression of prometheus to filter." + }, + { "name": "time", - "in": "query" - }, - { - "description": "The timeout to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Timeout", - "description": "The timeout to filter." + "description": "The time to filter.", + "title": "Time" }, + "description": "The time to filter." + }, + { "name": "timeout", - "in": "query" + "in": "query", + "required": false, + "schema": { + "type": "string", + "description": "The timeout to filter.", + "title": "Timeout" + }, + "description": "The timeout to filter." } ], "responses": { @@ -1510,24 +1849,24 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -1552,59 +1891,59 @@ "operationId": "prometheus_query_range_api_v1_query_range_get", "parameters": [ { - "description": "The query expression of prometheus to filter.", - "required": false, - "schema": { - "type": "string", - "title": "Query", - "description": "The query expression of prometheus to filter." - }, "name": "query", - "in": "query" - }, - { - "description": "The start time to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Start", - "description": "The start time to filter." + "description": "The query expression of prometheus to filter.", + "title": "Query" }, + "description": "The query expression of prometheus to filter." + }, + { "name": "start", - "in": "query" - }, - { - "description": "The end time to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "End", - "description": "The end time to filter." + "description": "The start time to filter.", + "title": "Start" }, + "description": "The start time to filter." + }, + { "name": "end", - "in": "query" - }, - { - "description": "The step to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Step", - "description": "The step to filter." + "description": "The end time to filter.", + "title": "End" }, + "description": "The end time to filter." + }, + { "name": "step", - "in": "query" - }, - { - "description": "The timeout to filter.", + "in": "query", "required": false, "schema": { "type": "string", - "title": "Timeout", - "description": "The timeout to filter." + "description": "The step to filter.", + "title": "Step" }, + "description": "The step to filter." + }, + { "name": "timeout", - "in": "query" + "in": "query", + "required": false, + "schema": { + "type": "string", + "description": "The timeout to filter.", + "title": "Timeout" + }, + "description": "The timeout to filter." } ], "responses": { @@ -1619,24 +1958,24 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "500": { - "description": "Internal Server Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InternalServerErrorMessage" } } - } + }, + "description": "Internal Server Error" }, "422": { "description": "Validation Error", @@ -1883,13 +2222,13 @@ "operationId": "show_setting_api_v1_setting__key__get", "parameters": [ { + "name": "key", + "in": "path", "required": true, "schema": { "type": "string", "title": "Key" - }, - "name": "key", - "in": "path" + } } ], "responses": { @@ -1904,24 +2243,24 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "404": { - "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NotFoundMessage" } } - } + }, + "description": "Not Found" }, "422": { "description": "Validation Error", @@ -1944,13 +2283,13 @@ "operationId": "reset_setting_api_v1_setting__key__delete", "parameters": [ { + "name": "key", + "in": "path", "required": true, "schema": { "type": "string", "title": "Key" - }, - "name": "key", - "in": "path" + } } ], "responses": { @@ -1965,34 +2304,34 @@ } }, "401": { - "description": "Unauthorized", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnauthorizedMessage" } } - } + }, + "description": "Unauthorized" }, "403": { - "description": "Forbidden", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForbiddenMessage" } } - } + }, + "description": "Forbidden" }, "404": { - "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NotFoundMessage" } } - } + }, + "description": "Not Found" }, "422": { "description": "Validation Error", @@ -2161,7 +2500,14 @@ "ComputeServicesResponseBase": { "properties": { "id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Id", "description": "Service id" }, @@ -2171,7 +2517,14 @@ "description": "Service binary" }, "disabled_reason": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Disabled Reason", "description": "Disabled reason" }, @@ -2181,7 +2534,14 @@ "description": "Host name" }, "state": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "State", "description": "Service state" }, @@ -2191,17 +2551,38 @@ "description": "Service status" }, "updated_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Updated At", "description": "Updated at" }, "forced_down": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Forced Down", "description": "Forced down" }, "zone": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Zone", "description": "Zone" } @@ -2217,7 +2598,14 @@ "Credential": { "properties": { "region": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Region", "description": "Credential identity service region" }, @@ -2244,12 +2632,14 @@ "password" ], "title": "Credential", - "example": { - "region": "RegionOne", - "username": "admin", - "domain": "default", - "password": "admin" - } + "examples": [ + { + "domain": "default", + "password": "admin", + "region": "RegionOne", + "username": "admin" + } + ] }, "Domain": { "properties": { @@ -2274,37 +2664,87 @@ "FlavorInServer": { "properties": { "ephemeral": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Ephemeral", "description": "Ephemeral disk size in GB" }, "ram": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Ram", "description": "RAM size in MB" }, "original_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Original Name", "description": "Original flavor name" }, "vcpus": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Vcpus", "description": "Number of vCPUs" }, "extra_specs": { - "type": "object", + "anyOf": [ + { + "additionalProperties": true, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Extra Specs", "description": "Extra specs" }, "swap": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Swap", "description": "Swap size in MB" }, "disk": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Disk", "description": "Disk size in GB" } @@ -2441,10 +2881,17 @@ "description": "Policies rules list" }, "target": { - "additionalProperties": { - "type": "string" - }, - "type": "object", + "anyOf": [ + { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Target", "description": "Policies targets" } @@ -2495,8 +2942,7 @@ "network:distributed", "Octavia" ], - "title": "PortDeviceOwner", - "description": "An enumeration." + "title": "PortDeviceOwner" }, "PortSortKey": { "type": "string", @@ -2507,8 +2953,7 @@ "status", "project_id" ], - "title": "PortSortKey", - "description": "An enumeration." + "title": "PortSortKey" }, "PortStatus": { "type": "string", @@ -2519,8 +2964,7 @@ "ERROR", "N/A" ], - "title": "PortStatus", - "description": "An enumeration." + "title": "PortStatus" }, "PortsResponse": { "properties": { @@ -2547,107 +2991,227 @@ "description": "Port ID" }, "origin_data": { + "additionalProperties": true, "type": "object", "title": "Origin Data", "description": "The origin_data is the same like the response of https://docs.openstack.org/api-ref/network/v2/index.html?expanded=list-ports-detail#list-ports" }, "server_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Server Name", "description": "Server name" }, "network_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Network Name", "description": "Network name" }, "ipv4": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Ipv4", "description": "IPv4 addresses" }, "ipv6": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Ipv6", "description": "IPv6 addresses" }, "name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Name", "description": "Will be removed, please use origin_data[name]", "deprecated": true }, "mac_address": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Mac Address", "description": "Will be removed, please use origin_data[mac_address]", "deprecated": true }, "project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Id", "description": "Will be removed, please use origin_data[project_id]", "deprecated": true }, "device_owner": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Device Owner", "description": "Will be removed, please use origin_data[device_owner]", "deprecated": true }, "device_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Device Id", "description": "Will be removed, please use origin_data[device_id]", "deprecated": true }, "status": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Status", "description": "Will be removed, please use origin_data[status]", "deprecated": true }, "created_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Created At", "description": "Will be removed, please use origin_data[created_at]", "deprecated": true }, "network_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Network Id", "description": "Will be removed, please use origin_data[network_id]", "deprecated": true }, "binding_vnic_type": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Binding Vnic Type", "description": "Will be removed, please use origin_data[binding:vnic_type]", "deprecated": true }, "description": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Description", "description": "Will be removed, please use origin_data[description]", "deprecated": true }, "port_security_enabled": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Port Security Enabled", "description": "Will be removed, please use origin_data[port_security_enabled]", "deprecated": true }, "qos_policy_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Qos Policy Id", "description": "Will be removed, please use origin_data[qos_policy_id]", "deprecated": true }, "fixed_ips": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Fixed Ips", "description": "Will be removed, please use origin_data[fixed_ips]", "deprecated": true @@ -2656,7 +3220,20 @@ "type": "object", "required": [ "id", - "origin_data" + "origin_data", + "name", + "mac_address", + "project_id", + "device_owner", + "device_id", + "status", + "created_at", + "network_id", + "binding_vnic_type", + "description", + "port_security_enabled", + "qos_policy_id", + "fixed_ips" ], "title": "PortsResponseBase" }, @@ -2683,21 +3260,11 @@ "description": "UUID" }, "project": { - "allOf": [ - { - "$ref": "#/components/schemas/Project" - } - ], - "title": "Project", + "$ref": "#/components/schemas/Project", "description": "User project" }, "user": { - "allOf": [ - { - "$ref": "#/components/schemas/User" - } - ], - "title": "User", + "$ref": "#/components/schemas/User", "description": "User" }, "roles": { @@ -2714,25 +3281,55 @@ "description": "Keystone token expiration time" }, "base_domains": { - "items": { - "type": "string" - }, - "type": "array", + "anyOf": [ + { + "items": { + "type": "string" + }, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Base Domains", "description": "User base domains" }, "endpoints": { - "type": "object", + "anyOf": [ + { + "additionalProperties": true, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Endpoints", "description": "Keystone endpoints" }, "projects": { - "type": "object", + "anyOf": [ + { + "additionalProperties": true, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Projects", "description": "User projects" }, "default_project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Default Project Id", "description": "User default project ID" }, @@ -2769,12 +3366,7 @@ "description": "Project name" }, "domain": { - "allOf": [ - { - "$ref": "#/components/schemas/Domain" - } - ], - "title": "Domain", + "$ref": "#/components/schemas/Domain", "description": "Project domain" } }, @@ -2840,27 +3432,50 @@ "description": "Prometheus status" }, "errorType": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Errortype", "description": "Prometheus error type" }, "error": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Error", "description": "Prometheus error" }, "warnings": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Warnings", "description": "Prometheus warnings" }, "data": { - "allOf": [ + "anyOf": [ { "$ref": "#/components/schemas/PrometheusQueryRangeData" + }, + { + "type": "null" } ], - "title": "Data", "description": "Prometheus query range data" } }, @@ -2902,27 +3517,50 @@ "description": "Prometheus status" }, "errorType": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Errortype", "description": "Prometheus error type" }, "error": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Error", "description": "Prometheus error" }, "warnings": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Warnings", "description": "Prometheus warnings" }, "data": { - "allOf": [ + "anyOf": [ { "$ref": "#/components/schemas/PrometheusQueryData" + }, + { + "type": "null" } ], - "title": "Data", "description": "Prometheus query data" } }, @@ -2964,8 +3602,7 @@ "updated_at", "project_id" ], - "title": "RecycleServerSortKey", - "description": "An enumeration." + "title": "RecycleServerSortKey" }, "RecycleServersResponse": { "properties": { @@ -2993,50 +3630,107 @@ "description": "Recycle server id" }, "origin_data": { + "additionalProperties": true, "type": "object", "title": "Origin Data", "description": "The origin_data is the same like the response of https://docs.openstack.org/api-ref/compute/?expanded=list-servers-detailed-detail#list-servers-detailed" }, "project_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Name", "description": "Project name" }, "image": { - "type": "string", - "format": "uuid4", + "anyOf": [ + { + "type": "string", + "format": "uuid4" + }, + { + "type": "null" + } + ], "title": "Image", "description": "Image id" }, "image_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Image Name", "description": "Image name" }, "image_os_distro": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Image Os Distro", "description": "Image os distro" }, "fixed_addresses": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Fixed Addresses", "description": "Fixed addresses" }, "floating_addresses": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Floating Addresses", "description": "Floating addresses" }, "deleted_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Deleted At", "description": "Deleted at" }, "updated_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Updated At", "description": "Updated at" }, @@ -3046,47 +3740,91 @@ "description": "Reclaim timestamp" }, "name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Name", "description": "Will be removed, please use origin_data[name]", "deprecated": true }, "project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Id", "description": "Will be removed, please use origin_data[tenant_id]", "deprecated": true }, "host": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Host", "description": "Will be removed, please use origin_data[OS-EXT-SRV-ATTR:host]", "deprecated": true }, "hostname": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Hostname", "description": "Will be removed, please use origin_data[OS-EXT-SRV-ATTR:hostname]", "deprecated": true }, "flavor": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Flavor", "description": "Will be removed, please use origin_data[flavor][original_name]", "deprecated": true }, "flavor_info": { - "allOf": [ + "anyOf": [ { "$ref": "#/components/schemas/FlavorInServer" + }, + { + "type": "null" } ], - "title": "Flavor Info", "description": "Will be removed, please use origin_data[flavor]", "deprecated": true }, "status": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Status", "description": "Will be removed, please use origin_data[status]", "deprecated": true @@ -3096,7 +3834,14 @@ "required": [ "id", "origin_data", - "reclaim_timestamp" + "reclaim_timestamp", + "name", + "project_id", + "host", + "hostname", + "flavor", + "flavor_info", + "status" ], "title": "RecycleServersResponseBase" }, @@ -3170,8 +3915,7 @@ "host", "project_id" ], - "title": "ServerSortKey", - "description": "An enumeration." + "title": "ServerSortKey" }, "ServerStatus": { "type": "string", @@ -3193,8 +3937,7 @@ "SUSPENDED", "UNKNOWN" ], - "title": "ServerStatus", - "description": "An enumeration." + "title": "ServerStatus" }, "ServersResponse": { "properties": { @@ -3222,127 +3965,264 @@ "description": "Server ID" }, "origin_data": { + "additionalProperties": true, "type": "object", "title": "Origin Data", "description": "The origin_data is the same like the response of https://docs.openstack.org/api-ref/compute/?expanded=list-servers-detailed-detail#list-servers-detailed" }, "project_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Name", "description": "Project name" }, "image": { - "type": "string", - "format": "uuid4", + "anyOf": [ + { + "type": "string", + "format": "uuid4" + }, + { + "type": "null" + } + ], "title": "Image", "description": "Image ID" }, "image_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Image Name", "description": "Image name" }, "image_os_distro": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Image Os Distro", "description": "Image OS distro" }, "fixed_addresses": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Fixed Addresses", "description": "Fixed addresses" }, "floating_addresses": { - "items": {}, - "type": "array", + "anyOf": [ + { + "items": {}, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Floating Addresses", "description": "Floating addresses" }, "name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Name", "description": "Will be removed, please use origin_data[name]", "deprecated": true }, "project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Id", "description": "Will be removed, please use origin_data[tenant_id]", "deprecated": true }, "host": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Host", "description": "Will be removed, please use origin_data[OS-EXT-SRV-ATTR:host]", "deprecated": true }, "hostname": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Hostname", "description": "Will be removed, please use origin_data[OS-EXT-SRV-ATTR:hostname]", "deprecated": true }, "flavor": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Flavor", "description": "Will be removed, please use origin_data[flavor][original_name]", "deprecated": true }, "flavor_info": { - "allOf": [ + "anyOf": [ { "$ref": "#/components/schemas/FlavorInServer" + }, + { + "type": "null" } ], - "title": "Flavor Info", "description": "Will be removed, please use origin_data[flavor]", "deprecated": true }, "status": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Status", "description": "Will be removed, please use origin_data[status]", "deprecated": true }, "locked": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Locked", "description": "Will be removed, please use origin_data[locked]", "deprecated": true }, "created_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Created At", "description": "Will be removed, please use origin_data[created]", "deprecated": true }, "task_state": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Task State", "description": "Will be removed, please use origin_data[OS-EXT-STS:task_state]", "deprecated": true }, "vm_state": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Vm State", "description": "Will be removed, please use origin_data[OS-EXT-STS:vm_state]", "deprecated": true }, "power_state": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Power State", "description": "Will be removed, please use origin_data[OS-EXT-STS:power_state]", "deprecated": true }, "root_device_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Root Device Name", "description": "Will be removed, please use origin_data[OS-EXT-SRV-ATTR:root_device_name]", "deprecated": true }, "metadata": { - "type": "object", + "anyOf": [ + { + "additionalProperties": true, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Metadata", "description": "Will be removed, please use origin_data[metadata]", "deprecated": true @@ -3351,7 +4231,21 @@ "type": "object", "required": [ "id", - "origin_data" + "origin_data", + "name", + "project_id", + "host", + "hostname", + "flavor", + "flavor_info", + "status", + "locked", + "created_at", + "task_state", + "vm_state", + "power_state", + "root_device_name", + "metadata" ], "title": "ServersResponseBase" }, @@ -3367,7 +4261,14 @@ "description": "Value of setting" }, "hidden": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Hidden", "description": "Hidden setting or not" }, @@ -3408,8 +4309,7 @@ "desc", "asc" ], - "title": "SortDir", - "description": "An enumeration." + "title": "SortDir" }, "UnauthorizedMessage": { "properties": { @@ -3457,12 +4357,7 @@ "description": "User name" }, "domain": { - "allOf": [ - { - "$ref": "#/components/schemas/Domain" - } - ], - "title": "Domain", + "$ref": "#/components/schemas/Domain", "description": "User domain" } }, @@ -3515,17 +4410,38 @@ "description": "Volume attachment id" }, "device": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Device", "description": "Device name" }, "server_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Server Id", "description": "Server id" }, "server_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Server Name", "description": "Server name" } @@ -3539,16 +4455,34 @@ "VolumeSnapshotChildVolume": { "properties": { "volume_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Volume Id", "description": "ID of volume", - "example": "00000000-0000-0000-0000-000000000000" + "examples": [ + "00000000-0000-0000-0000-000000000000" + ] }, "volume_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Volume Name", "description": "Name of volume", - "example": "child-volume-demo" + "examples": [ + "child-volume-demo" + ] } }, "type": "object", @@ -3562,8 +4496,7 @@ "status", "created_at" ], - "title": "VolumeSnapshotSortKey", - "description": "An enumeration." + "title": "VolumeSnapshotSortKey" }, "VolumeSnapshotStatus": { "type": "string", @@ -3574,13 +4507,19 @@ "ERROR", "ERROR_DELETING" ], - "title": "VolumeSnapshotStatus", - "description": "An enumeration." + "title": "VolumeSnapshotStatus" }, "VolumeSnapshotsResponse": { "properties": { "count": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Count", "description": "Count of volume snapshots", "default": 0 @@ -3608,72 +4547,153 @@ "description": "Snapshot ID" }, "origin_data": { + "additionalProperties": true, "type": "object", "title": "Origin Data", "description": "The origin_data is the same like the response of https://docs.openstack.org/api-ref/block-storage/v3/index.html?expanded=list-snapshots-and-details-detail#list-snapshots-and-details" }, "project_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Name", "description": "Project name" }, "host": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Host", "description": "Host name" }, "volume_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Volume Name", "description": "Name of volume", - "example": "volume-demo" + "examples": [ + "volume-demo" + ] }, "child_volumes": { - "items": { - "$ref": "#/components/schemas/VolumeSnapshotChildVolume" - }, - "type": "array", + "anyOf": [ + { + "items": { + "$ref": "#/components/schemas/VolumeSnapshotChildVolume" + }, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Child Volumes", "description": "Child volumes" }, "name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Name", "description": "Will be removed, please use origin_data[name]", "deprecated": true }, "project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Id", "description": "Will be removed, please use origin_data[os-extended-snapshot-attributes:project_id]", "deprecated": true }, "size": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Size", "description": "Will be removed, please use origin_data[size]", "deprecated": true }, "status": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Status", "description": "Will be removed, please use origin_data[status]", "deprecated": true }, "volume_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Volume Id", "description": "Will be removed, please use origin_data[volume_id]", "deprecated": true }, "created_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Created At", "description": "Will be removed, please use origin_data[created_at]", "deprecated": true }, "metadata": { - "type": "object", + "anyOf": [ + { + "additionalProperties": true, + "type": "object" + }, + { + "type": "null" + } + ], "title": "Metadata", "description": "Will be removed, please use origin_data[metadata]", "deprecated": true @@ -3682,7 +4702,14 @@ "type": "object", "required": [ "id", - "origin_data" + "origin_data", + "name", + "project_id", + "size", + "status", + "volume_id", + "created_at", + "metadata" ], "title": "VolumeSnapshotsResponseBase" }, @@ -3696,8 +4723,7 @@ "bootable", "created_at" ], - "title": "VolumeSortKey", - "description": "An enumeration." + "title": "VolumeSortKey" }, "VolumeStatus": { "type": "string", @@ -3723,13 +4749,19 @@ "retyping", "extending" ], - "title": "VolumeStatus", - "description": "An enumeration." + "title": "VolumeStatus" }, "VolumesResponse": { "properties": { "count": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Count", "description": "Count of volumes", "default": 0 @@ -3758,97 +4790,203 @@ "description": "Volume ID" }, "origin_data": { + "additionalProperties": true, "type": "object", "title": "Origin Data", "description": "The origin_data is the same like the response of https://docs.openstack.org/api-ref/block-storage/v3/index.html?expanded=list-accessible-volumes-with-details-detail#list-accessible-volumes-with-details" }, "project_name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Name", "description": "Project name" }, "attachments": { - "items": { - "$ref": "#/components/schemas/VolumeAttachment" - }, - "type": "array", + "anyOf": [ + { + "items": { + "$ref": "#/components/schemas/VolumeAttachment" + }, + "type": "array" + }, + { + "type": "null" + } + ], "title": "Attachments", "description": "Volume attachments" }, "name": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Name", "description": "Will be removed, please use origin_data[name]", "deprecated": true }, "project_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Project Id", "description": "Will be removed, please use origin_data[os-vol-tenant-attr:tenant_id]", "deprecated": true }, "host": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Host", "description": "Will be removed, please use origin_data[os-vol-host-attr:host]", "deprecated": true }, "snapshot_id": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Snapshot Id", "description": "Will be removed, please use origin_data[snapshot_id]", "deprecated": true }, "source_volid": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Source Volid", "description": "Will be removed, please use origin_data[source_volid]", "deprecated": true }, "size": { - "type": "integer", + "anyOf": [ + { + "type": "integer" + }, + { + "type": "null" + } + ], "title": "Size", "description": "Will be removed, please use origin_data[size]", "deprecated": true }, "status": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Status", "description": "Will be removed, please use origin_data[status]", "deprecated": true }, "volume_type": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Volume Type", "description": "Will be removed, please use origin_data[volume_type]", "deprecated": true }, "encrypted": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Encrypted", "description": "Will be removed, please use origin_data[encrypted]", "deprecated": true }, "bootable": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Bootable", "description": "Will be removed, please use origin_data[bootable]", "deprecated": true }, "multiattach": { - "type": "boolean", + "anyOf": [ + { + "type": "boolean" + }, + { + "type": "null" + } + ], "title": "Multiattach", "description": "Will be removed, please use origin_data[multiattach]", "deprecated": true }, "availability_zone": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Availability Zone", "description": "Will be removed, please use origin_data[availability_zone]", "deprecated": true }, "created_at": { - "type": "string", + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], "title": "Created At", "description": "Will be removed, please use origin_data[created_at]", "deprecated": true @@ -3857,7 +4995,20 @@ "type": "object", "required": [ "id", - "origin_data" + "origin_data", + "name", + "project_id", + "host", + "snapshot_id", + "source_volid", + "size", + "status", + "volume_type", + "encrypted", + "bootable", + "multiattach", + "availability_zone", + "created_at" ], "title": "VolumesResponseBase" }