"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/common/policies/endpoint_group.py" (13 May 2020, 9124 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "endpoint_group.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 16.0.1_vs_17.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 #      http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 
   13 from oslo_log import versionutils
   14 from oslo_policy import policy
   15 
   16 from keystone.common.policies import base
   17 
   18 deprecated_list_endpoint_groups = policy.DeprecatedRule(
   19     name=base.IDENTITY % 'list_endpoint_groups',
   20     check_str=base.RULE_ADMIN_REQUIRED,
   21 )
   22 
   23 deprecated_get_endpoint_group = policy.DeprecatedRule(
   24     name=base.IDENTITY % 'get_endpoint_group',
   25     check_str=base.RULE_ADMIN_REQUIRED,
   26 )
   27 
   28 deprecated_list_projects_assoc_with_endpoint_group = policy.DeprecatedRule(
   29     name=base.IDENTITY % 'list_projects_associated_with_endpoint_group',
   30     check_str=base.RULE_ADMIN_REQUIRED,
   31 )
   32 
   33 deprecated_list_endpoints_assoc_with_endpoint_group = policy.DeprecatedRule(
   34     name=base.IDENTITY % 'list_endpoints_associated_with_endpoint_group',
   35     check_str=base.RULE_ADMIN_REQUIRED,
   36 )
   37 
   38 deprecated_get_endpoint_group_in_project = policy.DeprecatedRule(
   39     name=base.IDENTITY % 'get_endpoint_group_in_project',
   40     check_str=base.RULE_ADMIN_REQUIRED,
   41 )
   42 
   43 deprecated_list_endpoint_groups_for_project = policy.DeprecatedRule(
   44     name=base.IDENTITY % 'list_endpoint_groups_for_project',
   45     check_str=base.RULE_ADMIN_REQUIRED,
   46 )
   47 
   48 deprecated_create_endpoint_group = policy.DeprecatedRule(
   49     name=base.IDENTITY % 'create_endpoint_group',
   50     check_str=base.RULE_ADMIN_REQUIRED,
   51 )
   52 
   53 deprecated_update_endpoint_group = policy.DeprecatedRule(
   54     name=base.IDENTITY % 'update_endpoint_group',
   55     check_str=base.RULE_ADMIN_REQUIRED,
   56 )
   57 
   58 deprecated_delete_endpoint_group = policy.DeprecatedRule(
   59     name=base.IDENTITY % 'delete_endpoint_group',
   60     check_str=base.RULE_ADMIN_REQUIRED,
   61 )
   62 
   63 deprecated_add_endpoint_group_to_project = policy.DeprecatedRule(
   64     name=base.IDENTITY % 'add_endpoint_group_to_project',
   65     check_str=base.RULE_ADMIN_REQUIRED,
   66 )
   67 
   68 deprecated_remove_endpoint_group_from_project = policy.DeprecatedRule(
   69     name=base.IDENTITY % 'remove_endpoint_group_from_project',
   70     check_str=base.RULE_ADMIN_REQUIRED,
   71 )
   72 
   73 
   74 DEPRECATED_REASON = (
   75     "The endpoint groups API is now aware of system scope and default roles."
   76 )
   77 
   78 
   79 group_endpoint_policies = [
   80     policy.DocumentedRuleDefault(
   81         name=base.IDENTITY % 'create_endpoint_group',
   82         check_str=base.SYSTEM_ADMIN,
   83         scope_types=['system'],
   84         description='Create endpoint group.',
   85         operations=[{'path': '/v3/OS-EP-FILTER/endpoint_groups',
   86                      'method': 'POST'}],
   87         deprecated_rule=deprecated_create_endpoint_group,
   88         deprecated_reason=DEPRECATED_REASON,
   89         deprecated_since=versionutils.deprecated.TRAIN),
   90     policy.DocumentedRuleDefault(
   91         name=base.IDENTITY % 'list_endpoint_groups',
   92         check_str=base.SYSTEM_READER,
   93         scope_types=['system'],
   94         description='List endpoint groups.',
   95         operations=[{'path': '/v3/OS-EP-FILTER/endpoint_groups',
   96                      'method': 'GET'}],
   97         deprecated_rule=deprecated_list_endpoint_groups,
   98         deprecated_reason=DEPRECATED_REASON,
   99         deprecated_since=versionutils.deprecated.TRAIN),
  100     policy.DocumentedRuleDefault(
  101         name=base.IDENTITY % 'get_endpoint_group',
  102         check_str=base.SYSTEM_READER,
  103         scope_types=['system'],
  104         description='Get endpoint group.',
  105         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  106                               '{endpoint_group_id}'),
  107                      'method': 'GET'},
  108                     {'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  109                               '{endpoint_group_id}'),
  110                      'method': 'HEAD'}],
  111         deprecated_rule=deprecated_get_endpoint_group,
  112         deprecated_reason=DEPRECATED_REASON,
  113         deprecated_since=versionutils.deprecated.TRAIN),
  114     policy.DocumentedRuleDefault(
  115         name=base.IDENTITY % 'update_endpoint_group',
  116         check_str=base.SYSTEM_ADMIN,
  117         scope_types=['system'],
  118         description='Update endpoint group.',
  119         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  120                               '{endpoint_group_id}'),
  121                      'method': 'PATCH'}],
  122         deprecated_rule=deprecated_update_endpoint_group,
  123         deprecated_reason=DEPRECATED_REASON,
  124         deprecated_since=versionutils.deprecated.TRAIN),
  125     policy.DocumentedRuleDefault(
  126         name=base.IDENTITY % 'delete_endpoint_group',
  127         check_str=base.SYSTEM_ADMIN,
  128         scope_types=['system'],
  129         description='Delete endpoint group.',
  130         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  131                               '{endpoint_group_id}'),
  132                      'method': 'DELETE'}],
  133         deprecated_rule=deprecated_delete_endpoint_group,
  134         deprecated_reason=DEPRECATED_REASON,
  135         deprecated_since=versionutils.deprecated.TRAIN),
  136     policy.DocumentedRuleDefault(
  137         name=base.IDENTITY % 'list_projects_associated_with_endpoint_group',
  138         check_str=base.SYSTEM_READER,
  139         scope_types=['system'],
  140         description=('List all projects associated with a specific endpoint '
  141                      'group.'),
  142         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  143                               '{endpoint_group_id}/projects'),
  144                      'method': 'GET'}],
  145         deprecated_rule=deprecated_list_projects_assoc_with_endpoint_group,
  146         deprecated_reason=DEPRECATED_REASON,
  147         deprecated_since=versionutils.deprecated.TRAIN),
  148     policy.DocumentedRuleDefault(
  149         name=base.IDENTITY % 'list_endpoints_associated_with_endpoint_group',
  150         check_str=base.SYSTEM_READER,
  151         scope_types=['system'],
  152         description='List all endpoints associated with an endpoint group.',
  153         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  154                               '{endpoint_group_id}/endpoints'),
  155                      'method': 'GET'}],
  156         deprecated_rule=deprecated_list_endpoints_assoc_with_endpoint_group,
  157         deprecated_reason=DEPRECATED_REASON,
  158         deprecated_since=versionutils.deprecated.TRAIN),
  159     policy.DocumentedRuleDefault(
  160         name=base.IDENTITY % 'get_endpoint_group_in_project',
  161         check_str=base.SYSTEM_READER,
  162         scope_types=['system'],
  163         description=('Check if an endpoint group is associated with a '
  164                      'project.'),
  165         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  166                               '{endpoint_group_id}/projects/{project_id}'),
  167                      'method': 'GET'},
  168                     {'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  169                               '{endpoint_group_id}/projects/{project_id}'),
  170                      'method': 'HEAD'}],
  171         deprecated_rule=deprecated_get_endpoint_group_in_project,
  172         deprecated_reason=DEPRECATED_REASON,
  173         deprecated_since=versionutils.deprecated.TRAIN),
  174     policy.DocumentedRuleDefault(
  175         name=base.IDENTITY % 'list_endpoint_groups_for_project',
  176         check_str=base.SYSTEM_READER,
  177         scope_types=['system'],
  178         description='List endpoint groups associated with a specific project.',
  179         operations=[{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
  180                               'endpoint_groups'),
  181                      'method': 'GET'}],
  182         deprecated_rule=deprecated_list_endpoint_groups_for_project,
  183         deprecated_reason=DEPRECATED_REASON,
  184         deprecated_since=versionutils.deprecated.TRAIN),
  185     policy.DocumentedRuleDefault(
  186         name=base.IDENTITY % 'add_endpoint_group_to_project',
  187         check_str=base.SYSTEM_ADMIN,
  188         scope_types=['system'],
  189         description='Allow a project to access an endpoint group.',
  190         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  191                               '{endpoint_group_id}/projects/{project_id}'),
  192                      'method': 'PUT'}],
  193         deprecated_rule=deprecated_add_endpoint_group_to_project,
  194         deprecated_reason=DEPRECATED_REASON,
  195         deprecated_since=versionutils.deprecated.TRAIN),
  196     policy.DocumentedRuleDefault(
  197         name=base.IDENTITY % 'remove_endpoint_group_from_project',
  198         check_str=base.SYSTEM_ADMIN,
  199         scope_types=['system'],
  200         description='Remove endpoint group from project.',
  201         operations=[{'path': ('/v3/OS-EP-FILTER/endpoint_groups/'
  202                               '{endpoint_group_id}/projects/{project_id}'),
  203                      'method': 'DELETE'}],
  204         deprecated_rule=deprecated_remove_endpoint_group_from_project,
  205         deprecated_reason=DEPRECATED_REASON,
  206         deprecated_since=versionutils.deprecated.TRAIN)
  207 ]
  208 
  209 
  210 def list_rules():
  211     return group_endpoint_policies