aboutsummaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/bin/README.md8
-rw-r--r--tools/bin/api2rst.py145
-rw-r--r--tools/bin/bootstrap.py235
-rw-r--r--tools/bin/build_all.sh36
-rw-r--r--tools/bin/build_all_pip.sh16
-rw-r--r--tools/bin/delete_orchestrator.sh61
-rw-r--r--tools/bin/get_keystone_token.py71
-rw-r--r--tools/bin/moon_lib_upload.sh27
-rw-r--r--tools/bin/set_auth.src7
-rwxr-xr-xtools/bin/start.sh39
-rw-r--r--tools/moon_jenkins/Dockerfile8
-rw-r--r--tools/moon_jenkins/README.md37
-rw-r--r--tools/moon_jenkins/docker-compose.yml20
-rw-r--r--tools/moon_jenkins/images/Create Multibranch Pipeline.pngbin55639 -> 0 bytes
-rw-r--r--tools/moon_jenkins/images/Git Source Multibranch Pipeline.pngbin31054 -> 0 bytes
-rw-r--r--tools/moon_jenkins/images/Multibranch Pipeline Log.pngbin55231 -> 0 bytes
-rw-r--r--tools/moon_jenkins/images/Select Source Multibranch Pipeline.pngbin23375 -> 0 bytes
-rw-r--r--tools/moon_jenkins/plugins.txt100
-rw-r--r--tools/moon_jenkins/security.groovy20
-rw-r--r--tools/moon_keystone/Dockerfile25
-rw-r--r--tools/moon_keystone/README.md26
-rw-r--r--tools/moon_keystone/run.sh81
-rw-r--r--tools/moon_kubernetes/README.md141
-rw-r--r--tools/moon_kubernetes/conf/moon.conf90
-rw-r--r--tools/moon_kubernetes/conf/password_moon.txt1
-rw-r--r--tools/moon_kubernetes/conf/password_root.txt1
-rw-r--r--tools/moon_kubernetes/init_k8s_moon.sh280
-rw-r--r--tools/moon_kubernetes/templates/consul.yaml33
-rw-r--r--tools/moon_kubernetes/templates/db.yaml55
-rw-r--r--tools/moon_kubernetes/templates/keystone.yaml39
-rw-r--r--tools/moon_kubernetes/templates/kube-dns.yaml183
-rw-r--r--tools/moon_kubernetes/templates/moon_forming.yaml30
-rw-r--r--tools/moon_kubernetes/templates/moon_functest.yaml27
-rw-r--r--tools/moon_kubernetes/templates/moon_gui.yaml42
-rw-r--r--tools/moon_kubernetes/templates/moon_manager.yaml33
-rw-r--r--tools/moon_kubernetes/templates/moon_orchestrator.yaml40
-rw-r--r--tools/openstack/README.md73
-rw-r--r--tools/openstack/glance/policy.json62
-rw-r--r--tools/openstack/nova/policy.json488
-rw-r--r--tools/policies/generate_opst_policy.py167
-rw-r--r--tools/policies/policy.json.d/cinder.policy.json104
-rw-r--r--tools/policies/policy.json.d/glance.policy.json63
-rw-r--r--tools/policies/policy.json.d/keystone.policy.json260
-rw-r--r--tools/policies/policy.json.d/neutron.policy.json235
-rw-r--r--tools/policies/policy.json.d/nova.policy.json485
45 files changed, 0 insertions, 3894 deletions
diff --git a/tools/bin/README.md b/tools/bin/README.md
deleted file mode 100644
index 71ff4a44..00000000
--- a/tools/bin/README.md
+++ /dev/null
@@ -1,8 +0,0 @@
-# Automated Tools/Scripts
-
-## api2pdf
-```bash
-python3 $MOON_HOME/tools/bin/api2rst.py
-pandoc api.rst --toc -o api.pdf
-evince api.pdf
-```
diff --git a/tools/bin/api2rst.py b/tools/bin/api2rst.py
deleted file mode 100644
index 6d407bdf..00000000
--- a/tools/bin/api2rst.py
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
-# This software is distributed under the terms and conditions of the 'Apache-2.0'
-# license which can be found in the file 'LICENSE' in this package distribution
-# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-
-import os
-import sys
-import requests
-import logging
-import time
-import json
-
-os.unsetenv("http_proxy")
-logging.basicConfig(level=logging.INFO)
-logger = logging.getLogger(__name__)
-
-HOST = "172.18.0.11"
-PORT = 38001
-COMPONENT = sys.argv[2] if len(sys.argv) > 1 else "Interface"
-FILENAME = sys.argv[2] if len(sys.argv) > 2 else "api.rst"
-CURRENT_TIME = time.strftime("%Y/%m/%d %H:%M:%S %Z")
-REVISION = time.strftime("%Y%m%d_%H%M%S_%Z")
-AUTHOR = "Thomas Duval <thomas.duval@orange.com>"
-
-logger.info("Writing to {}".format(FILENAME))
-
-toc = (
- "generic",
- "models",
- "policies",
- "pdp",
- "meta_rules",
- "meta_data",
- "perimeter",
- "data",
- "assignments",
- "rules",
- "authz",
-)
-
-
-def get_api_list():
- url = "http://{}:{}/api".format(HOST, PORT)
- cnx = requests.get(url)
- try:
- return cnx.json()
- except json.decoder.JSONDecodeError:
- logger.error("Error decoding JSON on {}\n{}".format(url, cnx.content))
- sys.exit(1)
-
-
-def analyse_description(desc):
- result = ""
- if not desc:
- return "No description"
- for line in desc.splitlines():
- if line.strip().startswith(":"):
- if ":request body:" in line:
- result += ":request body:\n\n.. code-block:: json\n\n"
- result += line.replace(":request body: ", "") + "\n\n"
- elif ":return:" in line:
- result += ":return:\n\n.. code-block:: json\n\n"
- result += line.replace(":return: ", "") + "\n"
- else:
- result += line.strip() + "\n\n"
- else:
- result += line + "\n"
- return result
-
-
-def filter_and_sort(list_group_api):
- results = list()
- keys = list_group_api.keys()
- for element in toc:
- if element in keys:
- results.append(element)
- for element in keys:
- if element not in results:
- results.append(element)
- return results
-
-
-def main():
- list_group_api = get_api_list()
-
- _toc = filter_and_sort(list_group_api)
-
- file_desc = open(FILENAME, "w")
- length_of_title = len("Moon {component} API".format(component=COMPONENT))
- file_desc.write(HEADERS.format(
- component=COMPONENT,
- date=CURRENT_TIME,
- revision=REVISION,
- title_headers="="*length_of_title,
- author=AUTHOR
- ))
-
- for key in _toc:
- logger.info(key)
- file_desc.write("{}\n".format(key))
- file_desc.write("{}\n\n".format("="*len(key)))
- if "description" in list_group_api[key]:
- file_desc.write("{}\n\n".format(list_group_api[key]["description"]))
- version = "unknown"
- logger.debug(list_group_api.keys())
- if "version" in list_group_api[key]:
- version = list_group_api[key]["version"]
- file_desc.write("Version: {}\n\n".format(version))
- for api in list_group_api[key]:
- logger.info("\t{}".format(api))
- if api in ("description", "version"):
- continue
- file_desc.write("{}\n".format(api))
- file_desc.write("{}\n\n".format("-" * len(api)))
-
- file_desc.write("{}\n\n".format(list_group_api[key][api]["description"]))
-
- file_desc.write("URLs are:\n\n")
- for _url in list_group_api[key][api]["urls"]:
- file_desc.write("* {}\n".format(_url))
-
- file_desc.write("\nMethods are:\n\n")
- for _method in list_group_api[key][api]["methods"]:
- file_desc.write("→ {}\n".format(_method))
- file_desc.write("{}\n\n".format("~"*(len(_method) + 2)))
- file_desc.write("{}\n\n".format(analyse_description(list_group_api[key][api]["methods"][_method])))
-
-HEADERS = """{title_headers}
-Moon {component} API
-{title_headers}
-
-:Info: See <https://git.opnfv.org/cgit/moon/> for code.
-:Author: {author}
-:Date: {date}
-:Revision: $Revision: {revision} $
-:Description: List of the API served by the Moon {component} component
-
-This document list all of the API connectors served by the Moon {component} component
-Here are Moon API with some examples of posted data and returned data.
-All requests must be prefixed with the host and port, for example: http://localhost:38001/authz/123456789/123456789/servers/list
-
-"""
-
-if __name__ == "__main__":
- main()
diff --git a/tools/bin/bootstrap.py b/tools/bin/bootstrap.py
deleted file mode 100644
index 6f2a5e03..00000000
--- a/tools/bin/bootstrap.py
+++ /dev/null
@@ -1,235 +0,0 @@
-import os
-import sys
-import time
-import requests
-import yaml
-import logging
-import json
-import base64
-import mysql.connector
-import re
-import subprocess
-
-logging.basicConfig(level=logging.INFO)
-log = logging.getLogger("moon.bootstrap")
-requests_log = logging.getLogger("requests.packages.urllib3")
-requests_log.setLevel(logging.WARNING)
-requests_log.propagate = True
-
-if len(sys.argv) == 2:
- if os.path.isfile(sys.argv[1]):
- CONF_FILENAME = sys.argv[1]
- CONSUL_HOST = "consul"
- else:
- CONF_FILENAME = "moon.conf"
- CONSUL_HOST = sys.argv[1]
- CONSUL_PORT = 8500
-else:
- CONSUL_HOST = sys.argv[1] if len(sys.argv) > 1 else "consul"
- CONSUL_PORT = sys.argv[2] if len(sys.argv) > 2 else 8500
- CONF_FILENAME = sys.argv[3] if len(sys.argv) > 3 else "moon.conf"
-HEADERS = {"content-type": "application/json"}
-
-
-def search_config_file():
- data_config = None
- for _file in (
- CONF_FILENAME,
- "conf/moon.conf",
- "../moon.conf",
- "../conf/moon.conf",
- "/etc/moon/moon.conf",
- ):
- try:
- data_config = yaml.safe_load(open(_file))
- except FileNotFoundError:
- data_config = None
- continue
- else:
- break
- if not data_config:
- raise Exception("Configuration file not found...")
- return data_config
-
-
-def put(key, value):
- url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key)
- log.info(url)
- req = requests.put(
- url,
- headers=HEADERS,
- json=value
- )
- if req.status_code != 200:
- raise Exception("Error connecting to Consul ({}, {})".format(req.status_code, req.text))
-
-
-def get(key):
- url = "http://{host}:{port}/v1/kv/{key}".format(host=CONSUL_HOST, port=CONSUL_PORT, key=key)
- req = requests.get(url)
- data = req.json()
- for item in data:
- log.info("{} {} -> {}".format(
- req.status_code,
- item["Key"],
- json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
- ))
- yield json.loads(base64.b64decode(item["Value"]).decode("utf-8"))
-
-
-def start_consul(data_config):
- cmd = ["docker", "run", "-d", "--net=moon", "--name=consul", "--hostname=consul", "-p", "8500:8500", "consul"]
- output = subprocess.run(cmd,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- if output.returncode != 0:
- log.info(" ".join(cmd))
- log.info(output.returncode)
- log.error(output.stderr)
- log.error(output.stdout)
- raise Exception("Error starting Consul container!")
- while True:
- try:
- req = requests.get("http://{}:{}/ui".format(CONSUL_HOST, CONSUL_PORT))
- except requests.exceptions.ConnectionError:
- log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT))
- time.sleep(1)
- continue
- else:
- break
- # if req.status_code in (302, 200):
- # break
- # log.info("Waiting for Consul ({}:{})".format(CONSUL_HOST, CONSUL_PORT))
- # time.sleep(1)
- log.info("Consul is up")
-
- req = requests.get("http://{}:{}/v1/kv/database".format(CONSUL_HOST, CONSUL_PORT))
- if req.status_code == 200:
- log.info("Consul is already populated")
- return
-
- put("database", data_config["database"])
- put("messenger", data_config["messenger"])
- put("slave", data_config["slave"])
- put("docker", data_config["docker"])
- put("logging", data_config["logging"])
- put("components_port_start", data_config["components"]["port_start"])
-
- for _key, _value in data_config["components"].items():
- if type(_value) is dict:
- put("components/{}".format(_key), data_config["components"][_key])
-
- for _key, _value in data_config["plugins"].items():
- put("plugins/{}".format(_key), data_config["plugins"][_key])
-
- for _key, _value in data_config["openstack"].items():
- put("openstack/{}".format(_key), data_config["openstack"][_key])
-
-
-def start_database():
- cmd = ["docker", "run", "-dti", "--net=moon", "--hostname=db", "--name=db",
- "-e", "MYSQL_ROOT_PASSWORD=p4sswOrd1", "-e", "MYSQL_DATABASE=moon", "-e", "MYSQL_USER=moon",
- "-e", "MYSQL_PASSWORD=p4sswOrd1", "-p", "3306:3306", "mysql:latest"]
- output = subprocess.run(cmd,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- if output.returncode != 0:
- log.info(cmd)
- log.error(output.stderr)
- log.error(output.stdout)
- raise Exception("Error starting DB container!")
- for database in get("database"):
- database_url = database['url']
- match = re.search("(?P<proto>^[\\w+]+):\/\/(?P<user>\\w+):(?P<password>.+)@(?P<host>\\w+):*(?P<port>\\d*)",
- database_url)
- config = match.groupdict()
- while True:
- try:
- conn = mysql.connector.connect(
- host=config["host"],
- user=config["user"],
- password=config["password"],
- database="moon"
- )
- conn.close()
- except mysql.connector.errors.InterfaceError:
- log.info("Waiting for Database ({})".format(config["host"]))
- time.sleep(1)
- continue
- else:
- log.info("Database is up, populating it...")
- output = subprocess.run(["moon_db_manager", "upgrade"],
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- if output.returncode != 0:
- raise Exception("Error populating the database!")
- break
-
-
-def start_keystone():
- output = subprocess.run(["docker", "run", "-dti", "--net=moon", "--hostname=keystone", "--name=keystone",
- "-e", "DB_HOST=db", "-e", "DB_PASSWORD_ROOT=p4sswOrd1", "-p", "35357:35357",
- "-p", "5000:5000", "keystone:mitaka"],
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- if output.returncode != 0:
- raise Exception("Error starting Keystone container!")
- # TODO: Keystone answers request too quickly
- # even if it is not fully loaded
- # we must test if a token retrieval is possible or not
- # to see if Keystone is truly up and running
- for config in get("openstack/keystone"):
- while True:
- try:
- time.sleep(1)
- req = requests.get(config["url"])
- except requests.exceptions.ConnectionError:
- log.info("Waiting for Keystone ({})".format(config["url"]))
- time.sleep(1)
- continue
- else:
- log.info("Keystone is up")
- break
-
-
-def start_moon(data_config):
- cmds = [
- # ["docker", "run", "-dti", "--net=moon", "--name=wrapper", "--hostname=wrapper", "-p",
- # "{0}:{0}".format(data_config['components']['wrapper']['port']),
- # data_config['components']['wrapper']['container']],
- ["docker", "run", "-dti", "--net=moon", "--name=manager",
- "--hostname=manager", "-p",
- "{0}:{0}".format(data_config['components']['manager']['port']),
- data_config['components']['manager']['container']],
- ["docker", "run", "-dti", "--net=moon", "--name=interface",
- "--hostname=interface", "-p",
- "{0}:{0}".format(data_config['components']['interface']['port']),
- data_config['components']['interface']['container']],
- ]
- for cmd in cmds:
- log.warning("Start {}".format(cmd[-1]))
- # answer = input()
- # if answer.lower() in ("y", "yes", "o", "oui"):
- output = subprocess.run(cmd,
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- time.sleep(3)
- if output.returncode != 0:
- log.info(" ".join(cmd))
- log.info(output.returncode)
- log.error(output.stderr)
- log.error(output.stdout)
- raise Exception("Error starting {} container!".format(cmd[-1]))
- subprocess.run(["docker", "ps"])
-
-
-def main():
- data_config = search_config_file()
- subprocess.run(["docker", "rm", "-f", "consul", "db", "manager", "wrapper", "interface", "authz*", "keystone"])
- start_consul(data_config)
- start_database()
- start_keystone()
- start_moon(data_config)
-
-main()
-
diff --git a/tools/bin/build_all.sh b/tools/bin/build_all.sh
deleted file mode 100644
index 5bbf6a19..00000000
--- a/tools/bin/build_all.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-VERSION=v4.1
-export DOCKER_HOST=tcp://172.88.88.1:2376
-
-
-mkdir $MOON_HOME/moon_orchestrator/dist 2>/dev/null
-
-echo Building Moon_Orchestrator
-cd $MOON_HOME/moon_orchestrator
-docker build -t wukongsun/moon_orchestrator:${VERSION} .
-
-echo Building Moon_Interface
-cd $MOON_HOME/moon_interface
-docker build -t wukongsun/moon_interface:${VERSION} .
-
-echo Building Moon_Security_Router
-cd $MOON_HOME/moon_secrouter
-docker build -t wukongsun/moon_router:${VERSION} .
-
-echo Building Moon_Manager
-cd $MOON_HOME/moon_manager
-docker build -t wukongsun/moon_manager:${VERSION} .
-
-echo Building Moon_Authz
-cd $MOON_HOME/moon_authz
-docker build -t wukongsun/moon_authz:${VERSION} .
-
-
-echo Building Moon_DB
-cd $MOON_HOME/moon_db
-python3 setup.py sdist bdist_wheel > /tmp/moon_db.log
-
-echo Building Moon_Utilities
-cd $MOON_HOME/moon_utilities
-python3 setup.py sdist bdist_wheel > /tmp/moon_utilities.log
diff --git a/tools/bin/build_all_pip.sh b/tools/bin/build_all_pip.sh
deleted file mode 100644
index 2b415bf0..00000000
--- a/tools/bin/build_all_pip.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-
-echo Building Moon_DB
-cd $MOON_HOME/moon_db
-python3 setup.py sdist bdist_wheel> /tmp/moon_db.log
-
-
-echo Building Moon_Utilities
-cd $MOON_HOME/moon_utilities
-python3 setup.py sdist bdist_wheel> /tmp/moon_utilities.log
-
-
-echo Building Moon_Orchestrator
-cd $MOON_HOME/moon_orchestrator
-python3 setup.py sdist bdist_wheel> /tmp/moon_orchestrator.log \ No newline at end of file
diff --git a/tools/bin/delete_orchestrator.sh b/tools/bin/delete_orchestrator.sh
deleted file mode 100644
index 4d9d7c98..00000000
--- a/tools/bin/delete_orchestrator.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-
-set +x
-
-kubectl delete -n moon -f tools/moon_kubernetes/templates/moon_orchestrator.yaml
-for i in $(kubectl get deployments -n moon | grep wrapper | cut -d " " -f 1 | xargs); do
- echo deleting $i
- kubectl delete deployments/$i -n moon;
-done
-for i in $(kubectl get deployments -n moon | grep pipeline | cut -d " " -f 1 | xargs); do
- echo deleting $i
- kubectl delete deployments/$i -n moon;
-done
-for i in $(kubectl get services -n moon | grep wrapper | cut -d " " -f 1 | xargs); do
- echo deleting $i
- kubectl delete services/$i -n moon;
-done
-for i in $(kubectl get services -n moon | grep pipeline | cut -d " " -f 1 | xargs); do
- echo deleting $i
- kubectl delete services/$i -n moon;
-done
-
-if [ "$1" = "build" ]; then
-
- DOCKER_ARGS=""
-
- cd moon_manager
- docker build -t wukongsun/moon_manager:v4.3.1 . ${DOCKER_ARGS}
- if [ "$2" = "push" ]; then
- docker push wukongsun/moon_manager:v4.3.1
- fi
- cd -
-
- cd moon_orchestrator
- docker build -t wukongsun/moon_orchestrator:v4.3 . ${DOCKER_ARGS}
- if [ "$2" = "push" ]; then
- docker push wukongsun/moon_orchestrator:v4.3
- fi
- cd -
-
- cd moon_interface
- docker build -t wukongsun/moon_interface:v4.3 . ${DOCKER_ARGS}
- if [ "$2" = "push" ]; then
- docker push wukongsun/moon_interface:v4.3
- fi
- cd -
-
- cd moon_authz
- docker build -t wukongsun/moon_authz:v4.3 . ${DOCKER_ARGS}
- if [ "$2" = "push" ]; then
- docker push wukongsun/moon_authz:v4.3
- fi
- cd -
-
- cd moon_wrapper
- docker build -t wukongsun/moon_wrapper:v4.3 . ${DOCKER_ARGS}
- if [ "$2" = "push" ]; then
- docker push wukongsun/moon_wrapper:v4.3
- fi
- cd -
-fi
diff --git a/tools/bin/get_keystone_token.py b/tools/bin/get_keystone_token.py
deleted file mode 100644
index 1856aab8..00000000
--- a/tools/bin/get_keystone_token.py
+++ /dev/null
@@ -1,71 +0,0 @@
-import requests
-from oslo_config import cfg
-from oslo_log import log as logging
-from python_moonutilities import exceptions
-
-CONF = cfg.CONF
-LOG = logging.getLogger(__name__)
-
-
-def login(user=None, password=None, domain=None, project=None, url=None):
- print("""Configuration:
- user: {user}
- domain: {domain}
- project: {project}
- url: {url}""".format(
- user=CONF.keystone.user,
- domain=CONF.keystone.domain,
- project=CONF.keystone.project,
- url=CONF.keystone.url,
- ))
- if not user:
- user = CONF.keystone.user
- if not password:
- password = CONF.keystone.password
- if not domain:
- domain = CONF.keystone.domain
- if not project:
- project = CONF.keystone.project
- if not url:
- url = CONF.keystone.url
- headers = {
- "Content-Type": "application/json"
- }
- data_auth = {
- "auth": {
- "identity": {
- "methods": [
- "password"
- ],
- "password": {
- "user": {
- "domain": {
- "id": domain
- },
- "name": user,
- "password": password
- }
- }
- },
- "scope": {
- "project": {
- "domain": {
- "id": domain
- },
- "name": project
- }
- }
- }
- }
-
- req = requests.post("{}/auth/tokens".format(url),
- json=data_auth, headers=headers,
- verify=False)
-
- if req.status_code not in (200, 201):
- LOG.error(req.text)
- raise exceptions.KeystoneError
- headers['X-Auth-Token'] = req.headers['X-Subject-Token']
- return headers
-
-print(login()['X-Auth-Token'])
diff --git a/tools/bin/moon_lib_upload.sh b/tools/bin/moon_lib_upload.sh
deleted file mode 100644
index d2dc2a3f..00000000
--- a/tools/bin/moon_lib_upload.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/env bash
-
-# usage: moon_update.sh <GPG_ID>
-
-COMPONENT=$(basename $(pwd))
-GPG_ID=$1
-
-if [ -f setup.py ]; then
- echo
-else
- echo "Not a python package"
- exit 1
-fi
-
-VERSION=${COMPONENT}-$(grep __version__ ${COMPONENT}/__init__.py | cut -d "\"" -f 2)
-
-python3 setup.py sdist bdist_wheel
-
-echo $COMPONENT
-echo $VERSION
-
-# Instead of "A0A96E75", use your own GPG ID
-rm dist/*.asc 2>/dev/null
-gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION}-py3-none-any.whl
-gpg --detach-sign -u "${GPG_ID}" -a dist/${VERSION/_/-}.tar.gz
-twine upload dist/${VERSION}-py3-none-any.whl dist/${VERSION}-py3-none-any.whl.asc
-twine upload dist/${VERSION/_/-}.tar.gz dist/${VERSION/_/-}.tar.gz.asc
diff --git a/tools/bin/set_auth.src b/tools/bin/set_auth.src
deleted file mode 100644
index d955e30b..00000000
--- a/tools/bin/set_auth.src
+++ /dev/null
@@ -1,7 +0,0 @@
-export OS_USERNAME=admin
-export OS_PASSWORD=p4ssw0rd
-export OS_REGION_NAME=Orange
-export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://keystone:5000/v3
-export OS_DOMAIN_NAME=Default
-export MOON_URL=http://172.18.0.11:38001
diff --git a/tools/bin/start.sh b/tools/bin/start.sh
deleted file mode 100755
index e95ac393..00000000
--- a/tools/bin/start.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-
-VERSION=4.1
-export DOCKER_HOST=tcp://172.88.88.1:2376
-
-echo -e "\033[31mDeleting previous dockers\033[m"
-docker rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null
-docker rm -f messenger db keystone consul 2>/dev/null
-
-echo -e "\033[32mStarting Messenger\033[m"
-docker run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management
-
-echo -e "\033[32mStarting DB manager\033[m"
-docker run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest
-
-docker run -d --net=moon --name=consul --hostname=consul -p 8500:8500 consul
-
-echo "waiting for Database (it may takes time)..."
-echo -e "\033[35m"
-sed '/ready for connections/q' <(docker logs db -f)
-echo -e "\033[m"
-
-echo "waiting for Messenger (it may takes time)..."
-echo -e "\033[35m"
-sed '/Server startup complete;/q' <(docker logs messenger -f)
-echo -e "\033[m"
-
-docker run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka
-
-echo -e "\033[32mConfiguring Moon platform\033[m"
-sudo pip install moon_db
-moon_db_manager upgrade
-
-cd ${MOON_HOME}/moon_orchestrator
-python3 populate_consul.py
-
-echo -e "\033[32mStarting Moon platform\033[m"
-
-docker container run -dti --net moon --hostname orchestrator --name orchestrator wukongsun/moon_orchestrator:${VERSION}
diff --git a/tools/moon_jenkins/Dockerfile b/tools/moon_jenkins/Dockerfile
deleted file mode 100644
index 058f388c..00000000
--- a/tools/moon_jenkins/Dockerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM jenkinsci/blueocean
-
-ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
-
-COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy
-
-COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
-RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt \ No newline at end of file
diff --git a/tools/moon_jenkins/README.md b/tools/moon_jenkins/README.md
deleted file mode 100644
index 684b351c..00000000
--- a/tools/moon_jenkins/README.md
+++ /dev/null
@@ -1,37 +0,0 @@
-# Moon Jenkins
-The aim of this repo is to give a quick way to start with jenkins in containers.
-These were the aims of the automation:
-- minimal interaction with Jenkins GUI - the plugins in plugins.txt are installed automatically, the admin user is setup based on environment variables, proxy variables are inherited from environment
-- the build of the custom image is integrated in the same workflow
-
-## Prerequisites
-- one host running a newer version of the docker-engine
-- docker-compose 1.18.0
-
-## Usage
-- Setup secrets:
-```bash
-export JENKINS_USER=admin
-export JENKINS_PASSWORD=admin
-```
-- Deploy jenkins:
-```bash
-docker-compose up -d
- ```
-- Test: Jenkins GUI can be available on `http://<docker host IP>:8080`
-
-
-## Pipeline Creation
-You may find bellow an example of pipeline creation using BlueOcean interface.
-As example I used a clone (https://github.com/brutus333/moon.git) of the moon project (https://git.opnfv.org/moon/)
-
-Click on "Create a new job" in the classical Jenkins UI and follow the steps highlighted bellow:
-
-![Create Multibranch Pipeline](images/Create%20Multibranch%20Pipeline.png)
-![Select Source](images/Select%20Source%20Multibranch%20Pipeline.png)
-![Configure Source](images/Git%20Source%20Multibranch%20Pipeline.png)
-![Multibranch Pipeline Log](images/Multibranch%20Pipeline%20Log.png)
-
-Clicking on BlueOcean shows the pipeline in the blueocean interface:
-
-![Blue Ocean Pipeline success](images/blue%20ocean%20success%20pipeline.png)
diff --git a/tools/moon_jenkins/docker-compose.yml b/tools/moon_jenkins/docker-compose.yml
deleted file mode 100644
index eb9354ce..00000000
--- a/tools/moon_jenkins/docker-compose.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-version: '3.1'
-
-services:
- jenkins:
- build:
- context: .
- image: blueocean:v0.4
- ports:
- - 8080:8080
- - 50000:50000
- environment:
- - jenkins_user=${JENKINS_USER}
- - jenkins_password=${JENKINS_PASSWORD}
- volumes:
- - jenkins-data:/var/jenkins_home
- - /var/run/docker.sock:/var/run/docker.sock
- user: root
-
-volumes:
- jenkins-data: \ No newline at end of file
diff --git a/tools/moon_jenkins/images/Create Multibranch Pipeline.png b/tools/moon_jenkins/images/Create Multibranch Pipeline.png
deleted file mode 100644
index c71415c0..00000000
--- a/tools/moon_jenkins/images/Create Multibranch Pipeline.png
+++ /dev/null
Binary files differ
diff --git a/tools/moon_jenkins/images/Git Source Multibranch Pipeline.png b/tools/moon_jenkins/images/Git Source Multibranch Pipeline.png
deleted file mode 100644
index dd37f217..00000000
--- a/tools/moon_jenkins/images/Git Source Multibranch Pipeline.png
+++ /dev/null
Binary files differ
diff --git a/tools/moon_jenkins/images/Multibranch Pipeline Log.png b/tools/moon_jenkins/images/Multibranch Pipeline Log.png
deleted file mode 100644
index a1905934..00000000
--- a/tools/moon_jenkins/images/Multibranch Pipeline Log.png
+++ /dev/null
Binary files differ
diff --git a/tools/moon_jenkins/images/Select Source Multibranch Pipeline.png b/tools/moon_jenkins/images/Select Source Multibranch Pipeline.png
deleted file mode 100644
index eadbe916..00000000
--- a/tools/moon_jenkins/images/Select Source Multibranch Pipeline.png
+++ /dev/null
Binary files differ
diff --git a/tools/moon_jenkins/plugins.txt b/tools/moon_jenkins/plugins.txt
deleted file mode 100644
index 65bae872..00000000
--- a/tools/moon_jenkins/plugins.txt
+++ /dev/null
@@ -1,100 +0,0 @@
-ssh-credentials
-git
-blueocean-dashboard
-pipeline-model-api
-pipeline-graph-analysis
-workflow-support
-display-url-api
-blueocean-config
-workflow-cps
-branch-api
-blueocean-i18n
-workflow-job
-blueocean-bitbucket-pipeline
-favorite
-docker-commons
-pipeline-input-step
-blueocean-pipeline-api-impl
-workflow-api
-jackson2-api
-git-client
-blueocean-pipeline-scm-api
-blueocean
-pipeline-build-step
-jquery-detached
-matrix-project
-antisamy-markup-formatter
-pipeline-model-extensions
-docker-workflow
-github
-git-server
-authentication-tokens
-workflow-cps-global-lib
-pipeline-model-definition
-workflow-scm-step
-pipeline-model-declarative-agent
-cloudbees-bitbucket-branch-source
-script-security
-scm-api
-blueocean-rest
-variant
-sse-gateway
-htmlpublisher
-matrix-auth
-pubsub-light
-blueocean-github-pipeline
-token-macro
-credentials
-mercurial
-plain-credentials
-blueocean-events
-github-api
-blueocean-git-pipeline
-structs
-durable-task
-pipeline-milestone-step
-blueocean-pipeline-editor
-blueocean-web
-pipeline-stage-tags-metadata
-ace-editor
-blueocean-commons
-blueocean-jira
-blueocean-rest-impl
-workflow-step-api
-blueocean-personalization
-workflow-basic-steps
-blueocean-display-url
-jira
-pipeline-stage-step
-jsch
-blueocean-jwt
-cloudbees-folder
-credentials-binding
-github-branch-source
-apache-httpcomponents-client-4-api
-blueocean-autofavorite
-workflow-multibranch
-mailer
-workflow-durable-task-step
-junit
-command-launcher
-bouncycastle-api
-build-timeout
-timestamper
-resource-disposer
-ws-cleanup
-ant
-gradle
-pipeline-rest-api
-handlebars
-momentjs
-pipeline-stage-view
-workflow-aggregator
-pipeline-github-lib
-mapdb-api
-subversion
-ssh-slaves
-pam-auth
-ldap
-email-ext
-locale \ No newline at end of file
diff --git a/tools/moon_jenkins/security.groovy b/tools/moon_jenkins/security.groovy
deleted file mode 100644
index 0fb5ff6e..00000000
--- a/tools/moon_jenkins/security.groovy
+++ /dev/null
@@ -1,20 +0,0 @@
-#!groovy
-
-import jenkins.model.*
-import hudson.security.*
-
-def instance = Jenkins.getInstance()
-
-def user = System.getenv()['jenkins_user']
-def pass = System.getenv()['jenkins_password']
-// Create user account
-def hudsonRealm = new HudsonPrivateSecurityRealm(false)
-hudsonRealm.createAccount(user,pass)
-instance.setSecurityRealm(hudsonRealm)
-
-// Enable matrix auth strategy and set my_user as admin
-def strategy = new GlobalMatrixAuthorizationStrategy()
-strategy.add(Jenkins.ADMINISTER, user)
-instance.setAuthorizationStrategy(strategy)
-
-instance.save()
diff --git a/tools/moon_keystone/Dockerfile b/tools/moon_keystone/Dockerfile
deleted file mode 100644
index 2a43bd92..00000000
--- a/tools/moon_keystone/Dockerfile
+++ /dev/null
@@ -1,25 +0,0 @@
-FROM ubuntu:zesty
-
-ENV ADMIN_TOKEN=p4ssw0rd
-ENV ADMIN_PASSWORD=p4ssw0rd
-ENV DB_CONNECTION="mysql+pymysql"
-ENV DB_DRIVER=sql
-ENV DB_HOST=localhost
-ENV DB_DATABASE=keystonedb
-ENV DB_USER=keystone
-ENV DB_PASSWORD=p4ssw0rd
-ENV DB_USER_ROOT=root
-ENV DB_PASSWORD_ROOT=p4sswOrd1
-ENV RABBIT_NODE=server
-ENV INTERFACE_HOST="http://localhost:3001"
-
-RUN apt update && apt install apache2 rabbitmq-server keystone python-openstackclient libapache2-mod-wsgi mysql-client -y
-
-# RUN apt update && apt install iputils-ping net-tools -y
-
-ADD run.sh /root
-
-EXPOSE 35357
-EXPOSE 5000
-
-CMD ["/bin/bash", "/root/run.sh"] \ No newline at end of file
diff --git a/tools/moon_keystone/README.md b/tools/moon_keystone/README.md
deleted file mode 100644
index 7027324e..00000000
--- a/tools/moon_keystone/README.md
+++ /dev/null
@@ -1,26 +0,0 @@
-# Keystone container
-
-## build keystone image
-
-without proxy:
-```bash
-docker build -t keystone:mitaka .
-```
-
-with a proxy:
-```bash
-docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=http://proxy:3128 -t keystone:mitaka .
-```
-
-
-### access to the container
-```bash
-docker container exec -ti keystone /bin/bash
-export OS_USERNAME=admin
-export OS_PASSWORD=p4ssw0rd
-export OS_REGION_NAME=Orange
-export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://localhost:5000/v3
-export OS_DOMAIN_NAME=Default
-openstack project list
-``` \ No newline at end of file
diff --git a/tools/moon_keystone/run.sh b/tools/moon_keystone/run.sh
deleted file mode 100644
index 2a61901e..00000000
--- a/tools/moon_keystone/run.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/usr/bin/env bash
-
-MY_HOSTNAME=localhost
-
-echo DB_HOST=$DB_HOST
-echo DB_DATABASE=$DB_DATABASE
-echo RABBIT_NODE=$RABBIT_NODE
-echo RABBIT_NODE=$[RABBIT_NODE]
-echo INTERFACE_HOST=$INTERFACE_HOST
-
-sed "s/#admin_token = <None>/admin_token=$ADMIN_TOKEN/g" -i /etc/keystone/keystone.conf
-sed "s/#connection = <None>/connection = $DB_CONNECTION:\/\/$DB_USER:$DB_PASSWORD@$DB_HOST\/$DB_DATABASE/g" -i /etc/keystone/keystone.conf
-
-cat << EOF | tee -a /etc/keystone/keystone.conf
-[cors]
-allowed_origin = $INTERFACE_HOST
-max_age = 3600
-allow_methods = POST,GET,DELETE
-EOF
-
-until echo status | mysql -h${DB_HOST} -u${DB_USER_ROOT} -p${DB_PASSWORD_ROOT}; do
- >&2 echo "MySQL is unavailable - sleeping"
- sleep 1
-done
-
->&2 echo "Mysql is up - executing command"
-
-mysql -h $DB_HOST -u$DB_USER_ROOT -p$DB_PASSWORD_ROOT <<EOF
-CREATE DATABASE $DB_DATABASE DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
-GRANT ALL ON $DB_DATABASE.* TO '$DB_USER'@'%' IDENTIFIED BY '$DB_PASSWORD';
-GRANT ALL ON $DB_DATABASE.* TO '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
-EOF
-
-keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
-keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
-
-su -s /bin/sh -c "keystone-manage db_sync" keystone
-
-keystone-manage bootstrap \
- --bootstrap-password ${ADMIN_PASSWORD} \
- --bootstrap-username admin \
- --bootstrap-project-name admin \
- --bootstrap-role-name admin \
- --bootstrap-service-name keystone \
- --bootstrap-region-id Orange \
- --bootstrap-admin-url http://localhost:35357 \
- --bootstrap-public-url http://localhost:5000 \
- --bootstrap-internal-url http://localhost:5000
-
-
-service apache2 start
-
-export OS_USERNAME=admin
-export OS_PASSWORD=${ADMIN_PASSWORD}
-export OS_REGION_NAME=Orange
-export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://localhost:5000/v3
-export OS_DOMAIN_NAME=Default
-export OS_IDENTITY_API_VERSION=3
-
-openstack project create --description "Service Project" demo
-openstack role create user
-openstack role add --project demo --user demo user
-
-echo -e "\n Project list:"
-openstack project list
-
-echo -e "\n Users list:"
-openstack user list
-
-echo -e "\n Roles list:"
-openstack role list
-
-echo -e "\n Service list:"
-openstack service list
-
-echo -e "\n Endpoint list:"
-openstack endpoint list
-
-
-tail -f /var/log/apache2/keystone.log \ No newline at end of file
diff --git a/tools/moon_kubernetes/README.md b/tools/moon_kubernetes/README.md
deleted file mode 100644
index e75fe086..00000000
--- a/tools/moon_kubernetes/README.md
+++ /dev/null
@@ -1,141 +0,0 @@
-# Moon Platform Setup
-## Docker Installation
-```bash
-apt update
-apt install -y docker.io
-```
-
-## K8S Installation
-Choose the right K8S platform
-### Minikube
-```bash
-curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
-chmod +x ./kubectl
-sudo mv ./kubectl /usr/local/bin/kubectl
-curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.21.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
-```
-
-### Kubeadm
-see: https://kubernetes.io/docs/setup/independent/install-kubeadm/
-```bash
-apt-get update && apt-get install -y apt-transport-https
-curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
-cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
-deb http://apt.kubernetes.io/ kubernetes-xenial main
-EOF
-apt-get update
-apt-get install -y kubelet kubeadm kubectl
-```
-
-## Moon Deployment
-### Deploy kubernete and moon
-```bash
-cd $MOON_HOME
-bash tools/moon_kubernetes/init_k8s_moon.sh
-```
-This will wait for kubernetes and then moon to be up
-
-To check that the platform is running correctely,
-```bash
-watch kubectl get po --namespace=kube-system
-```
-You must see something like this:
-
- $ kubectl get po --namespace=kube-system
- NAME READY STATUS RESTARTS AGE
- calico-etcd-7qgjb 1/1 Running 0 1h
- calico-node-f8zvm 2/2 Running 1 1h
- calico-policy-controller-59fc4f7888-ns9kv 1/1 Running 0 1h
- etcd-varuna 1/1 Running 0 1h
- kube-apiserver-varuna 1/1 Running 0 1h
- kube-controller-manager-varuna 1/1 Running 0 1h
- kube-dns-bfbb49cd7-rgqxn 3/3 Running 0 1h
- kube-proxy-x88wg 1/1 Running 0 1h
- kube-scheduler-varuna 1/1 Running 0 1h
-
-```bash
-watch kubectl get po --namespace=moon
-```
-
-You must see something like this:
-
- $ kubectl get po --namespace=moon
- NAME READY STATUS RESTARTS AGE
- consul-57b6d66975-9qnfx 1/1 Running 0 52m
- db-867f9c6666-bq8cf 1/1 Running 0 52m
- gui-bc9878b58-q288x 1/1 Running 0 51m
- keystone-7d9cdbb69f-bl6ln 1/1 Running 0 52m
- manager-5bfbb96988-2nvhd 1/1 Running 0 51m
- manager-5bfbb96988-fg8vj 1/1 Running 0 51m
- manager-5bfbb96988-w9wnk 1/1 Running 0 51m
- orchestrator-65d8fb4574-tnfx2 1/1 Running 0 51m
- wrapper-astonishing-748b7dcc4f-ngsvp 1/1 Running 0 51m
-
-
-### Deploy or redeploy Moon only
-
-Kubernete shall be running.
-
-```bash
-cd $MOON_HOME
-sudo bash tools/moon_kubernetes/init_k8s_moon.sh moon
-```
-
-
-### Troubleshoot
-check *Consul* for:
-- *Components/Manager*, e.g.
-```json
-{
- "port": 8082,
- "bind": "0.0.0.0",
- "hostname": "manager",
- "container": "wukongsun/moon_manager:v4.3.1",
- "external": {
- "port": 30001,
- "hostname": "$MOON_HOST"
- }
-}
-```
-- *OpenStack/Keystone*: e.g.
-```json
-{
- "url": "http://keystone:5000/v3",
- "user": "admin",
- "password": "p4ssw0rd",
- "domain": "default",
- "project": "admin",
- "check_token": false,
- "certificate": false,
- "external": {
- "url": "http://$MOON_HOST:30006/v3"
- }
-}
-```
-
-
-### Docker-K8S Port Mapping
-```yamlex
-manager:
- port: 8082
- kport: 30001
-gui:
- port: 3000
- kport: 30002
-orchestrator:
- port: 8083
- kport: 30003
-consul:
- port: 8500
- kport: 30005
-keystone:
- port: 5000
- kport: 30006
-wrapper:
- port: 8080
- kport: 30010
-interface:
- port: 8080
-authz:
- port: 8081
-```
diff --git a/tools/moon_kubernetes/conf/moon.conf b/tools/moon_kubernetes/conf/moon.conf
deleted file mode 100644
index 5fc94edd..00000000
--- a/tools/moon_kubernetes/conf/moon.conf
+++ /dev/null
@@ -1,90 +0,0 @@
-database:
- url: mysql+pymysql://moon:p4sswOrd1@db/moon
- driver: sql
-
-openstack:
- keystone:
- url: http://keystone:5000/v3
- user: admin
- password: p4ssw0rd
- domain: default
- project: admin
- check_token: false
- certificate: false
- external:
- url: http://keystone:30006/v3
-
-components:
- port_start:
- 31001
- pipeline:
- interface:
- port: 8080
- bind: 0.0.0.0
- hostname: interface
- container: moonplatform/moon_interface:latest
- authz:
- port: 8081
- bind: 0.0.0.0
- hostname: interface
- container: moonplatform/moon_authz:latest
- session:
- container: asteroide/session:latest
- port: 8082
- orchestrator:
- port: 8083
- bind: 0.0.0.0
- hostname: orchestrator
- container: moonplatform/moon_orchestrator:latest
- external:
- port: 30003
- hostname: orchestrator
- wrapper:
- port: 8080
- bind: 0.0.0.0
- hostname: wrapper
- container: moonplatform/moon_wrapper:latest
- timeout: 5
- manager:
- port: 8082
- bind: 0.0.0.0
- hostname: manager
- container: moonplatform/moon_manager:latest
- external:
- port: 30001
- hostname: manager
- port_start: 31001
-
-logging:
- version: 1
-
- formatters:
- brief:
- format: "%(levelname)s %(name)s %(message)-30s"
- custom:
- format: "%(asctime)-15s %(levelname)s %(name)s %(message)s"
-
- handlers:
- console:
- class : logging.StreamHandler
- formatter: custom
- level : INFO
- stream : ext://sys.stdout
- file:
- class : logging.handlers.RotatingFileHandler
- formatter: custom
- level : DEBUG
- filename: /tmp/moon.log
- maxBytes: 1048576
- backupCount: 3
-
- loggers:
- moon:
- level: DEBUG
- handlers: [console, file]
- propagate: no
-
- root:
- level: ERROR
- handlers: [console]
-
diff --git a/tools/moon_kubernetes/conf/password_moon.txt b/tools/moon_kubernetes/conf/password_moon.txt
deleted file mode 100644
index bb9bcf7d..00000000
--- a/tools/moon_kubernetes/conf/password_moon.txt
+++ /dev/null
@@ -1 +0,0 @@
-p4sswOrd1 \ No newline at end of file
diff --git a/tools/moon_kubernetes/conf/password_root.txt b/tools/moon_kubernetes/conf/password_root.txt
deleted file mode 100644
index bb9bcf7d..00000000
--- a/tools/moon_kubernetes/conf/password_root.txt
+++ /dev/null
@@ -1 +0,0 @@
-p4sswOrd1 \ No newline at end of file
diff --git a/tools/moon_kubernetes/init_k8s_moon.sh b/tools/moon_kubernetes/init_k8s_moon.sh
deleted file mode 100644
index 0617de86..00000000
--- a/tools/moon_kubernetes/init_k8s_moon.sh
+++ /dev/null
@@ -1,280 +0,0 @@
-#!/bin/bash
-#number of pods type that should be running or be stopped
-declare -i pods_to_check=0
- #global variable on current namespace to check
-current_namespace=""
-#if set to 1 we check that the pods are running, otherwise we chack that the pods are stopped
-declare -i check_running=1
-#name of the pod to check
-match_pattern=""
-#postfix used to recognize pods name
-OS="unknown_os"
-
-#this function checks if a pod with name starting with $1 is in the Running / Stopped state depending on $heck_running
-# $1 : the name the pods starts with (without the random string added by kubernate to the pod name)
-# $2 : either the number of identical pods that shall be run or #
-# $3 : if $2 is #, the number of lines of the pods name appear on which the pod appears
-function check_pod() {
- declare -i nb_arguments=$#
- match_pattern="$1"; shift
- if [ $nb_arguments -gt 2 ]; then
- shift; declare -i nb_pods_pattern="$1"
- if [ $check_running -eq 1 ]; then #check if pods are running
- declare -i result=$(sudo kubectl get po --namespace=${current_namespace} | grep $match_pattern | grep "1/1" | grep -c "Running")
- if [ $result -eq $nb_pods_pattern ]; then
- pods_to_check=$pods_to_check+1
- fi
- else #check if pods are stopped
- declare -i result=$(sudo kubectl get po --namespace=${current_namespace} | grep $match_pattern | grep -c "Running\|Terminating")
- if [ $result -eq 0 ]; then
- pods_to_check=$pods_to_check+1
- fi
- fi
- else
- declare -i nb=$1
- if [ $check_running -eq 1 ]; then #check if pods are running
- declare -i result=$(sudo kubectl get po --namespace=${current_namespace} | grep $match_pattern | grep "$nb/$nb" | grep -c "Running")
- if [ $result -eq 1 ]; then
- pods_to_check=$pods_to_check+1
- fi
- else #check if pods are stopped
- declare -i result=$(sudo kubectl get po --namespace=${current_namespace} | grep $match_pattern | grep -c "Running\|Terminating")
- if [ $result -eq 0 ]; then
- pods_to_check=$pods_to_check+1
- fi
- fi
- fi
-}
-
-#this function tests a list of pods
-function check_pods() {
- current_namespace="${1}"; shift
- pods=("${@}")
- declare -i pods_nb=${#pods[@]}
- sleep 2
- while [ $pods_to_check -lt $pods_nb ]
- do
- pods_to_check=0
- for node in "${pods[@]}"
- do
- check_pod $node
- done
-
- if [ $check_running -eq 1 ]; then
- echo -ne "$pods_to_check node types on $pods_nb are running...\033[0K\r"
- else
- declare -i running_pods=$pods_nb-$pods_to_check
- echo -ne "$running_pods node types on $pods_nb are still running...\033[0K\r"
- fi
- sleep 2
- done
-}
-
-#this function checks if a list of pods ($2) in a specific namspace ($1) are in the Running state
-function check_pods_running() {
- check_running=1
- check_pods "${@}"
- pods_to_check=0
-}
-
-#this function checks if a list of pods ($2) are not in a specific namspace ($1)
-function check_pods_not_running() {
- check_running=0
- check_pods "${@}"
- pods_to_check=0
-}
-
-function wait_for_kubernate_calico() {
- echo -ne "Waiting for kubernate... "
- kube_namespace="kube-system"
- declare -a kube_pods=("calico-etcd 1" "calico-node 2" "calico-policy-controller 1" "etcd-${OS} 1" "kube-apiserver-${OS} 1" "kube-controller-manager-${OS} 1" "kube-dns 3" "kube-proxy 1" "kube-scheduler-${OS} 1")
- check_pods_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_init() {
- echo "Waiting for moon (consul, db, keystone) ..."
- kube_namespace="moon"
- declare -a kube_pods=("consul 1" "db 1" "keystone 1")
- check_pods_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_forming() {
- echo "Waiting for moon (forming) ..."
- kube_namespace="moon"
- declare -a kube_pods=("forming 1")
- check_pods_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_manager() {
- echo "Waiting for moon (manager) ..."
- kube_namespace="moon"
- declare -a kube_pods=("manager # 1")
- check_pods_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_end() {
- echo "Waiting for moon (orchestrator, gui) ..."
- kube_namespace="moon"
- declare -a kube_pods=("gui 1" "orchestrator 1")
- check_pods_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_forming_to_end() {
- echo "Waiting for moon forming to finish initialization. This can take few minutes..."
- kube_namespace="moon"
- declare -a kube_pods=("forming 1")
- check_pods_not_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function wait_for_moon_delete_to_end(){
- echo "Waiting for moon to terminate..."
- kube_namespace="moon"
- declare -a kube_pods=("consul 1" "db 1" "keystone 1" "manager # 3" "gui 1" "orchestrator 1")
- check_pods_not_running "$kube_namespace" "${kube_pods[@]}"
-}
-
-function check_os(){
- if [ -f /etc/os-release ]; then
- # freedesktop.org and systemd
- . /etc/os-release
- OS=${ID}
- elif type lsb_release >/dev/null 2>&1; then
- # linuxbase.org
- OS=$(lsb_release -si)
- declare -i result=$(grep -i "debian" $OS)
- if [ $result -eq 1 ]; then
- OS="debian"
- fi
- declare -i result=$(grep -i "ubuntu" $OS)
- if [ $result -eq 1 ]; then
- OS="ubuntu"
- fi
- elif [ -f /etc/lsb-release ]; then
- # For some versions of Debian/Ubuntu without lsb_release command
- . /etc/lsb-release
- OS=$DISTRIB_ID
- declare -i result=$(grep -i "debian" $OS)
- if [ $result -eq 1 ]; then
- OS="debian"
- fi
- declare -i result=$(grep -i "ubuntu" $OS)
- if [ $result -eq 1 ]; then
- OS="ubuntu"
- fi
- elif [ -f /etc/debian_version ]; then
- # Older Debian/Ubuntu/etc.
- declare -i result=$(grep -i "debian" $OS)
- if [ $result -eq 1 ]; then
- OS="debian"
- fi
- declare -i result=$(grep -i "ubuntu" $OS)
- if [ $result -eq 1 ]; then
- OS="ubuntu"
- fi
- elif [ -f /etc/SuSe-release ]; then
- # Older SuSE/etc.
- echo "TO DO : get the name of the OS at the end of the pods name"
- elif [ -f /etc/redhat-release ]; then
- # Older Red Hat, CentOS, etc.
- echo "TO DO : get the name of the OS at the end of the pods name"
- else
- # Fall back to uname, e.g. "Linux <version>", also works for BSD, etc.
- OS=$(uname -s)
- echo "TO DO : get the name of the OS at the end of the pods name"
- fi
- echo "postfix used to detect pods name : ${OS}"
-}
-
-declare -i nb_arguments=$#
-declare -i init_kubernate=1
-
-if [ $# -eq 1 ]; then
- if [ $1 == "moon" ]; then
- init_kubernate=0
- fi
-
- if [ $1 == "-h" ]; then
- echo "Usage : "
- echo " - 'bash tools/moon_kubernetes/init_k8s_moon.sh' launches the kubernates platform and the moon platform."
- echo " - 'bash tools/moon_kubernetes/init_k8s_moon.sh moon' launches the moon platform only. If the moon platform is already launched, it deletes and recreates it."
- echo " "
- fi
-fi
-
-if [ $init_kubernate -eq 1 ]; then
- check_os
- echo "=============================="
- echo "Launching kubernate "
- echo "=============================="
- sudo kubeadm reset
- sudo swapoff -a
- sudo kubeadm init --pod-network-cidr=192.168.0.0/16 # network for Calico
- #sudo kubeadm init --pod-network-cidr=10.244.0.0/16 # network for Canal
-
- mkdir -p $HOME/.kube
- sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
- sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
- kubectl apply -f http://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
- #kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/rbac.yaml
- #kubectl apply -f https://raw.githubusercontent.com/projectcalico/canal/master/k8s-install/1.6/canal.yaml
- #kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
-
- kubectl delete deployment kube-dns --namespace=kube-system
- kubectl apply -f tools/moon_kubernetes/templates/kube-dns.yaml
- kubectl taint nodes --all node-role.kubernetes.io/master- # malke the master also as a node
-
- kubectl proxy&
-
- wait_for_kubernate_calico
-
- echo "=============================="
- echo "Kubernate platform is ready ! "
- echo "=============================="
-fi
-
-echo "============================"
-echo "Launching moon "
-echo "============================"
-#check if the moon platform is running, if so we terminate it
-declare -i moon_is_running=$(sudo kubectl get namespace | grep -c moon)
-if [ $moon_is_running -eq 1 ]; then
- sudo kubectl delete namespace moon
- wait_for_moon_delete_to_end
- sleep 2
-fi
-
-#launching moon
-kubectl create namespace moon
-kubectl create configmap moon-config --from-file tools/moon_kubernetes/conf/moon.conf -n moon
-kubectl create configmap config --from-file ~/.kube/config -n moon
-kubectl create configmap moon-policy-templates --from-file tests/functional/scenario_tests -n moon
-kubectl create secret generic mysql-root-pass --from-file=tools/moon_kubernetes/conf/password_root.txt -n moon
-kubectl create secret generic mysql-pass --from-file=tools/moon_kubernetes/conf/password_moon.txt -n moon
-
-kubectl create -n moon -f tools/moon_kubernetes/templates/consul.yaml
-kubectl create -n moon -f tools/moon_kubernetes/templates/db.yaml
-kubectl create -n moon -f tools/moon_kubernetes/templates/keystone.yaml
-wait_for_moon_init
-
-
-kubectl create -n moon -f tools/moon_kubernetes/templates/moon_forming.yaml
-wait_for_moon_forming
-
-
-kubectl create -n moon -f tools/moon_kubernetes/templates/moon_manager.yaml
-wait_for_moon_manager
-
-
-kubectl create -n moon -f tools/moon_kubernetes/templates/moon_orchestrator.yaml
-kubectl create -n moon -f tools/moon_kubernetes/templates/moon_gui.yaml
-wait_for_moon_end
-
-#wait the end of pods initialization performed by moon forming
-wait_for_moon_forming_to_end
-
-echo "========================== "
-echo "Moon platform is ready !"
-echo "=========================="
-
-
diff --git a/tools/moon_kubernetes/templates/consul.yaml b/tools/moon_kubernetes/templates/consul.yaml
deleted file mode 100644
index f0fb764e..00000000
--- a/tools/moon_kubernetes/templates/consul.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- namespace: moon
- name: consul
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: consul
- spec:
- hostname: consul
- containers:
- - name: consul
- image: consul:latest
- ports:
- - containerPort: 8500
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: consul
- namespace: moon
-spec:
- ports:
- - port: 8500
- targetPort: 8500
- nodePort: 30005
- selector:
- app: consul
- type: NodePort
diff --git a/tools/moon_kubernetes/templates/db.yaml b/tools/moon_kubernetes/templates/db.yaml
deleted file mode 100644
index 5a0e5e98..00000000
--- a/tools/moon_kubernetes/templates/db.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- namespace: moon
- name: db
-spec:
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app: db
- spec:
- containers:
- - name: db
- image: mysql:5.7
- env:
- - name: MYSQL_DATABASE
- value: "moon"
- - name: MYSQL_USER
- value: "moon"
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mysql-pass
- key: password_moon.txt
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mysql-root-pass
- key: password_root.txt
- ports:
- - containerPort: 3306
- name: mysql
-# volumeMounts:
-# - name: mysql-persistent-storage
-# mountPath: /var/lib/mysql
-# volumes:
-# - name: mysql-persistent-storage
-# persistentVolumeClaim:
-# claimName: mysql-pv-claim
----
-
-apiVersion: v1
-kind: Service
-metadata:
- namespace: moon
- name: db
-spec:
- ports:
- - port: 3306
- selector:
- app: db
---- \ No newline at end of file
diff --git a/tools/moon_kubernetes/templates/keystone.yaml b/tools/moon_kubernetes/templates/keystone.yaml
deleted file mode 100644
index e4218e4c..00000000
--- a/tools/moon_kubernetes/templates/keystone.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- namespace: moon
- name: keystone
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: keystone
- spec:
- hostname: keystone
- containers:
- - name: keystone
- image: asteroide/keystone:pike-cors
- env:
- - name: KEYSTONE_HOSTNAME
- value: "127.0.0.1"
- - name: KEYSTONE_PORT
- value: "30006"
- ports:
- - containerPort: 35357
- containerPort: 5000
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: keystone
- namespace: moon
-spec:
- ports:
- - port: 5000
- targetPort: 5000
- nodePort: 30006
- selector:
- app: keystone
- type: NodePort
diff --git a/tools/moon_kubernetes/templates/kube-dns.yaml b/tools/moon_kubernetes/templates/kube-dns.yaml
deleted file mode 100644
index c8f18fd8..00000000
--- a/tools/moon_kubernetes/templates/kube-dns.yaml
+++ /dev/null
@@ -1,183 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- annotations:
- deployment.kubernetes.io/revision: "2"
- kubectl.kubernetes.io/last-applied-configuration: |
- {"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"creationTimestamp":"2017-10-30T09:03:59Z","generation":1,"labels":{"k8s-app":"kube-dns"},"name":"kube-dns","namespace":"kube-system","resourceVersion":"556","selfLink":"/apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns","uid":"4433b709-bd51-11e7-a055-80fa5b15034a"},"spec":{"replicas":1,"selector":{"matchLabels":{"k8s-app":"kube-dns"}},"strategy":{"rollingUpdate":{"maxSurge":"10%","maxUnavailable":0},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"k8s-app":"kube-dns"}},"spec":{"affinity":{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"beta.kubernetes.io/arch","operator":"In","values":["amd64"]}]}]}}},"containers":[{"args":["--domain=cluster.local.","--dns-port=10053","--config-dir=/kube-dns-config","--v=2"],"env":[{"name":"PROMETHEUS_PORT","value":"10055"}],"image":"gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/kubedns","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"kubedns","ports":[{"containerPort":10053,"name":"dns-local","protocol":"UDP"},{"containerPort":10053,"name":"dns-tcp-local","protocol":"TCP"},{"containerPort":10055,"name":"metrics","protocol":"TCP"}],"readinessProbe":{"failureThreshold":3,"httpGet":{"path":"/readiness","port":8081,"scheme":"HTTP"},"initialDelaySeconds":3,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"resources":{"limits":{"memory":"170Mi"},"requests":{"cpu":"100m","memory":"70Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/kube-dns-config","name":"kube-dns-config"}]},{"args":["-v=2","-logtostderr","-configDir=/etc/k8s/dns/dnsmasq-nanny","-restartDnsmasq=true","--","-k","--cache-size=1000","--log-facility=-","--server=/cluster.local/127.0.0.1#10053","--server=/in-addr.arpa/127.0.0.1#10053","--server=/ip6.arpa/127.0.0.1#10053","--server=8.8.8.8"],"image":"gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/healthcheck/dnsmasq","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"dnsmasq","ports":[{"containerPort":53,"name":"dns","protocol":"UDP"},{"containerPort":53,"name":"dns-tcp","protocol":"TCP"}],"resources":{"requests":{"cpu":"150m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","volumeMounts":[{"mountPath":"/etc/k8s/dns/dnsmasq-nanny","name":"kube-dns-config"}]},{"args":["--v=2","--logtostderr","--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A","--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A"],"image":"gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":5,"httpGet":{"path":"/metrics","port":10054,"scheme":"HTTP"},"initialDelaySeconds":60,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5},"name":"sidecar","ports":[{"containerPort":10054,"name":"metrics","protocol":"TCP"}],"resources":{"requests":{"cpu":"10m","memory":"20Mi"}},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"Default","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"kube-dns","serviceAccountName":"kube-dns","terminationGracePeriodSeconds":30,"tolerations":[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}],"volumes":[{"configMap":{"defaultMode":420,"name":"kube-dns","optional":true},"name":"kube-dns-config"}]}}},"status":{"availableReplicas":1,"conditions":[{"lastTransitionTime":"2017-10-30T09:05:11Z","lastUpdateTime":"2017-10-30T09:05:11Z","message":"Deployment has minimum availability.","reason":"MinimumReplicasAvailable","status":"True","type":"Available"}],"observedGeneration":1,"readyReplicas":1,"replicas":1,"updatedReplicas":1}}
- creationTimestamp: 2017-10-30T09:03:59Z
- generation: 2
- labels:
- k8s-app: kube-dns
- name: kube-dns
- namespace: kube-system
- resourceVersion: "300076"
- selfLink: /apis/extensions/v1beta1/namespaces/kube-system/deployments/kube-dns
- uid: 4433b709-bd51-11e7-a055-80fa5b15034a
-spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: kube-dns
- strategy:
- rollingUpdate:
- maxSurge: 10%
- maxUnavailable: 0
- type: RollingUpdate
- template:
- metadata:
- creationTimestamp: null
- labels:
- k8s-app: kube-dns
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - amd64
- containers:
- - args:
- - --domain=cluster.local.
- - --dns-port=10053
- - --config-dir=/kube-dns-config
- - --v=2
- env:
- - name: PROMETHEUS_PORT
- value: "10055"
- image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 5
- httpGet:
- path: /healthcheck/kubedns
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- name: kubedns
- ports:
- - containerPort: 10053
- name: dns-local
- protocol: UDP
- - containerPort: 10053
- name: dns-tcp-local
- protocol: TCP
- - containerPort: 10055
- name: metrics
- protocol: TCP
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /readiness
- port: 8081
- scheme: HTTP
- initialDelaySeconds: 3
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- resources:
- limits:
- memory: 340Mi
- requests:
- cpu: 200m
- memory: 140Mi
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: /kube-dns-config
- name: kube-dns-config
- - args:
- - -v=2
- - -logtostderr
- - -configDir=/etc/k8s/dns/dnsmasq-nanny
- - -restartDnsmasq=true
- - --
- - -k
- - --dns-forward-max=300
- - --cache-size=1000
- - --log-facility=-
- - --server=/cluster.local/127.0.0.1#10053
- - --server=/in-addr.arpa/127.0.0.1#10053
- - --server=/ip6.arpa/127.0.0.1#10053
- - --server=8.8.8.8
- image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 5
- httpGet:
- path: /healthcheck/dnsmasq
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- name: dnsmasq
- ports:
- - containerPort: 53
- name: dns
- protocol: UDP
- - containerPort: 53
- name: dns-tcp
- protocol: TCP
- resources:
- requests:
- cpu: 150m
- memory: 20Mi
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: kube-dns-config
- - args:
- - --v=2
- - --logtostderr
- - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A
- - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A
- image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 5
- httpGet:
- path: /metrics
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- name: sidecar
- ports:
- - containerPort: 10054
- name: metrics
- protocol: TCP
- resources:
- requests:
- cpu: 10m
- memory: 20Mi
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- dnsPolicy: Default
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: kube-dns
- serviceAccountName: kube-dns
- terminationGracePeriodSeconds: 30
- tolerations:
- - key: CriticalAddonsOnly
- operator: Exists
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- volumes:
- - configMap:
- defaultMode: 420
- name: kube-dns
- optional: true
- name: kube-dns-config
diff --git a/tools/moon_kubernetes/templates/moon_forming.yaml b/tools/moon_kubernetes/templates/moon_forming.yaml
deleted file mode 100644
index 1214a41a..00000000
--- a/tools/moon_kubernetes/templates/moon_forming.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: forming
- namespace: moon
-spec:
- template:
- metadata:
- name: forming
- spec:
- containers:
- - name: forming
- image: moonplatform/moon_forming:latest
- env:
- - name: POPULATE_ARGS
- value: "--verbose" # debug mode: --debug
- volumeMounts:
- - name: config-volume
- mountPath: /etc/moon
- - name: templates-volume
- mountPath: /data
- volumes:
- - name: config-volume
- configMap:
- name: moon-config
- - name: templates-volume
- configMap:
- name: moon-policy-templates
- restartPolicy: Never
- #backoffLimit: 4 \ No newline at end of file
diff --git a/tools/moon_kubernetes/templates/moon_functest.yaml b/tools/moon_kubernetes/templates/moon_functest.yaml
deleted file mode 100644
index e876849e..00000000
--- a/tools/moon_kubernetes/templates/moon_functest.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: functest
- namespace: moon
-spec:
- template:
- metadata:
- name: functest
- spec:
- containers:
- - name: functest
- image: moonplatform/moon_python_func_test:latest
- volumeMounts:
- - name: config-volume
- mountPath: /etc/moon
- - name: tests-volume
- mountPath: /data
- volumes:
- - name: config-volume
- configMap:
- name: moon-config
- - name: tests-volume
- hostPath:
- path: "{{PATH}}"
- restartPolicy: Never
- #backoffLimit: 4
diff --git a/tools/moon_kubernetes/templates/moon_gui.yaml b/tools/moon_kubernetes/templates/moon_gui.yaml
deleted file mode 100644
index eca4267d..00000000
--- a/tools/moon_kubernetes/templates/moon_gui.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- namespace: moon
- name: gui
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: gui
- spec:
- hostname: gui
- containers:
- - name: gui
- image: moonplatform/moon_gui:latest
- env:
- - name: MANAGER_HOST
- value: "127.0.0.1"
- - name: MANAGER_PORT
- value: "30001"
- - name: KEYSTONE_HOST
- value: "127.0.0.1"
- - name: KEYSTONE_PORT
- value: "30006"
- ports:
- - containerPort: 80
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: gui
- namespace: moon
-spec:
- ports:
- - port: 80
- targetPort: 80
- nodePort: 30002
- selector:
- app: gui
- type: NodePort
diff --git a/tools/moon_kubernetes/templates/moon_manager.yaml b/tools/moon_kubernetes/templates/moon_manager.yaml
deleted file mode 100644
index 8eb59482..00000000
--- a/tools/moon_kubernetes/templates/moon_manager.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: manager
- namespace: moon
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: manager
- spec:
- hostname: manager
- containers:
- - name: manager
- image: moonplatform/moon_manager:latest
- ports:
- - containerPort: 8082
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: manager
- namespace: moon
-spec:
- ports:
- - port: 8082
- targetPort: 8082
- nodePort: 30001
- selector:
- app: manager
- type: NodePort
diff --git a/tools/moon_kubernetes/templates/moon_orchestrator.yaml b/tools/moon_kubernetes/templates/moon_orchestrator.yaml
deleted file mode 100644
index a4ae2bd9..00000000
--- a/tools/moon_kubernetes/templates/moon_orchestrator.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- namespace: moon
- name: orchestrator
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: orchestrator
- spec:
- hostname: orchestrator
- containers:
- - name: orchestrator
- image: moonplatform/moon_orchestrator:latest
- ports:
- - containerPort: 8083
- volumeMounts:
- - name: config-volume
- mountPath: /root/.kube
- volumes:
- - name: config-volume
- configMap:
- name: config
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: orchestrator
- namespace: moon
-spec:
- ports:
- - port: 8083
- targetPort: 8083
- nodePort: 30003
- selector:
- app: orchestrator
- type: NodePort
diff --git a/tools/openstack/README.md b/tools/openstack/README.md
deleted file mode 100644
index 8b5d06e5..00000000
--- a/tools/openstack/README.md
+++ /dev/null
@@ -1,73 +0,0 @@
-# OpenStack
-## Installation
-For the *Moon* platform, you must have the following OpenStack components installed somewhere:
-- *Nova*, see [Nova install](https://docs.openstack.org/mitaka/install-guide-ubuntu/nova-controller-install.html)
-- *Glance*, see [Glance install](https://docs.openstack.org/glance/pike/install/)
-- *Keystone* is automatically installed and configured in the Moon platform.
-After the Moon platform installation, the Keystone server will be available
-at: `http://localhost:30005 or http://\<servername\>:30005`
-
-You can also use your own Keystone server if you want.
-
-## Configuration
-Before updating the configuration of the OpenStack platform, check that the platform
-is working without Moon, use the following commands:
-```bash
-# set authentication
-openstack endpoint list
-openstack user list
-openstack server list
-```
-
-In order to connect the OpenStack platform with the Moon platform, you must update some
-configuration files in Nova and Glance:
-- `/etc/nova/policy.json`
-- `/etc/glance/policy.json`
-
-In some installed platform, the `/etc/nova/policy.json` can be absent so you have
-to create one. You can find example files in those directory:
-- `${MOON}/tools/openstack/nova/policy.json`
-- `${MOON}/tools/openstack/glance/policy.json`
-
-Each line is mapped to an OpenStack API interface, for example, the following line
-allows the user to get details for every virtual machines in the cloud
-(the corresponding shell command is `openstack server list`):
-
- "os_compute_api:servers:detail": "",
-
-This lines indicates that there is no special authorisation to use this API,
-every users can use it. If you want that the Moon platform handles that authorisation,
-update this line with:
-
- "os_compute_api:servers:detail": "http://my_hostname:31001/authz"
-
-1) by replacing `my_hostname` with the hostname (or the IP address) of the Moon platform.
-2) by updating the TCP port (default: 31001) with the good one.
-
-To find this TCP port, use the following command:
-
- $ kubectl get services -n moon | grep wrapper | cut -d ":" -f 2 | cut -d " " -f 1
- 31002/TCP
-
-## Tests
-Here is a shell script to authenticate to the OpenStack platform as `admin`:
-```bash
-export OS_USERNAME=admin
-export OS_PASSWORD=p4ssw0rd
-export OS_REGION_NAME=Orange
-export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://moon_hostname:30006/v3
-export OS_DOMAIN_NAME=Default
-export OS_IDENTITY_API_VERSION=3
-```
-
-For the `demo_user`, use:
-```bash
-export OS_USERNAME=demo_user
-export OS_PASSWORD=your_secret_password
-export OS_REGION_NAME=Orange
-export OS_TENANT_NAME=demo
-export OS_AUTH_URL=http://moon_hostname:30006/v3
-export OS_DOMAIN_NAME=Default
-export OS_IDENTITY_API_VERSION=3
-```
diff --git a/tools/openstack/glance/policy.json b/tools/openstack/glance/policy.json
deleted file mode 100644
index 5505f67f..00000000
--- a/tools/openstack/glance/policy.json
+++ /dev/null
@@ -1,62 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "default": "role:admin",
-
- "add_image": "http://my_hostname:31001/authz",
- "delete_image": "http://my_hostname:31001/authz",
- "get_image": "http://my_hostname:31001/authz",
- "get_images": "http://my_hostname:31001/authz",
- "modify_image": "http://my_hostname:31001/authz",
- "publicize_image": "role:admin",
- "communitize_image": "",
- "copy_from": "",
-
- "download_image": "",
- "upload_image": "",
-
- "delete_image_location": "",
- "get_image_location": "",
- "set_image_location": "",
-
- "add_member": "",
- "delete_member": "",
- "get_member": "",
- "get_members": "",
- "modify_member": "",
-
- "manage_image_cache": "role:admin",
-
- "get_task": "role:admin",
- "get_tasks": "role:admin",
- "add_task": "role:admin",
- "modify_task": "role:admin",
-
- "deactivate": "",
- "reactivate": "",
-
- "get_metadef_namespace": "",
- "get_metadef_namespaces":"",
- "modify_metadef_namespace":"",
- "add_metadef_namespace":"",
-
- "get_metadef_object":"",
- "get_metadef_objects":"",
- "modify_metadef_object":"",
- "add_metadef_object":"",
-
- "list_metadef_resource_types":"",
- "get_metadef_resource_type":"",
- "add_metadef_resource_type_association":"",
-
- "get_metadef_property":"",
- "get_metadef_properties":"",
- "modify_metadef_property":"",
- "add_metadef_property":"",
-
- "get_metadef_tag":"",
- "get_metadef_tags":"",
- "modify_metadef_tag":"",
- "add_metadef_tag":"",
- "add_metadef_tags":""
-
-}
diff --git a/tools/openstack/nova/policy.json b/tools/openstack/nova/policy.json
deleted file mode 100644
index 29763ce3..00000000
--- a/tools/openstack/nova/policy.json
+++ /dev/null
@@ -1,488 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
- "default": "rule:admin_or_owner",
-
- "cells_scheduler_filter:TargetCellFilter": "is_admin:True",
-
- "compute:create": "http://my_hostname:31001/authz",
- "compute:create:attach_network": "",
- "compute:create:attach_volume": "",
- "compute:create:forced_host": "is_admin:True",
-
- "compute:get": "http://my_hostname:31001/authz",
- "compute:get_all": "http://my_hostname:31001/authz",
- "compute:get_all_tenants": "is_admin:True",
-
- "compute:update": "",
-
- "compute:get_instance_metadata": "",
- "compute:get_all_instance_metadata": "",
- "compute:get_all_instance_system_metadata": "",
- "compute:update_instance_metadata": "",
- "compute:delete_instance_metadata": "",
-
- "compute:get_instance_faults": "",
- "compute:get_diagnostics": "",
- "compute:get_instance_diagnostics": "",
-
- "compute:start": "rule:admin_or_owner",
- "compute:stop": "rule:admin_or_owner",
-
- "compute:get_lock": "",
- "compute:lock": "rule:admin_or_owner",
- "compute:unlock": "rule:admin_or_owner",
- "compute:unlock_override": "rule:admin_api",
-
- "compute:get_vnc_console": "",
- "compute:get_spice_console": "",
- "compute:get_rdp_console": "",
- "compute:get_serial_console": "",
- "compute:get_mks_console": "",
- "compute:get_console_output": "",
-
- "compute:reset_network": "",
- "compute:inject_network_info": "",
- "compute:add_fixed_ip": "",
- "compute:remove_fixed_ip": "",
-
- "compute:attach_volume": "",
- "compute:detach_volume": "",
- "compute:swap_volume": "",
-
- "compute:attach_interface": "",
- "compute:detach_interface": "",
-
- "compute:set_admin_password": "",
-
- "compute:rescue": "",
- "compute:unrescue": "",
-
- "compute:suspend": "",
- "compute:resume": "",
-
- "compute:pause": "",
- "compute:unpause": "",
-
- "compute:shelve": "",
- "compute:shelve_offload": "",
- "compute:unshelve": "",
-
- "compute:snapshot": "",
- "compute:snapshot_volume_backed": "",
- "compute:backup": "",
-
- "compute:resize": "",
- "compute:confirm_resize": "",
- "compute:revert_resize": "",
-
- "compute:rebuild": "",
- "compute:reboot": "",
- "compute:delete": "rule:admin_or_owner",
- "compute:soft_delete": "rule:admin_or_owner",
- "compute:force_delete": "rule:admin_or_owner",
-
- "compute:security_groups:add_to_instance": "",
- "compute:security_groups:remove_from_instance": "",
-
- "compute:delete": "",
- "compute:soft_delete": "",
- "compute:force_delete": "",
- "compute:restore": "",
-
- "compute:volume_snapshot_create": "",
- "compute:volume_snapshot_delete": "",
-
- "admin_api": "is_admin:True",
- "compute_extension:accounts": "rule:admin_api",
- "compute_extension:admin_actions": "rule:admin_api",
- "compute_extension:admin_actions:pause": "rule:admin_or_owner",
- "compute_extension:admin_actions:unpause": "rule:admin_or_owner",
- "compute_extension:admin_actions:suspend": "rule:admin_or_owner",
- "compute_extension:admin_actions:resume": "rule:admin_or_owner",
- "compute_extension:admin_actions:lock": "rule:admin_or_owner",
- "compute_extension:admin_actions:unlock": "rule:admin_or_owner",
- "compute_extension:admin_actions:resetNetwork": "rule:admin_api",
- "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api",
- "compute_extension:admin_actions:createBackup": "rule:admin_or_owner",
- "compute_extension:admin_actions:migrateLive": "rule:admin_api",
- "compute_extension:admin_actions:resetState": "rule:admin_api",
- "compute_extension:admin_actions:migrate": "rule:admin_api",
- "compute_extension:aggregates": "rule:admin_api",
- "compute_extension:agents": "rule:admin_api",
- "compute_extension:attach_interfaces": "",
- "compute_extension:baremetal_nodes": "rule:admin_api",
- "compute_extension:cells": "rule:admin_api",
- "compute_extension:cells:create": "rule:admin_api",
- "compute_extension:cells:delete": "rule:admin_api",
- "compute_extension:cells:update": "rule:admin_api",
- "compute_extension:cells:sync_instances": "rule:admin_api",
- "compute_extension:certificates": "",
- "compute_extension:cloudpipe": "rule:admin_api",
- "compute_extension:cloudpipe_update": "rule:admin_api",
- "compute_extension:config_drive": "",
- "compute_extension:console_output": "",
- "compute_extension:consoles": "",
- "compute_extension:createserverext": "",
- "compute_extension:deferred_delete": "",
- "compute_extension:disk_config": "",
- "compute_extension:evacuate": "rule:admin_api",
- "compute_extension:extended_server_attributes": "rule:admin_api",
- "compute_extension:extended_status": "",
- "compute_extension:extended_availability_zone": "",
- "compute_extension:extended_ips": "",
- "compute_extension:extended_ips_mac": "",
- "compute_extension:extended_vif_net": "",
- "compute_extension:extended_volumes": "",
- "compute_extension:fixed_ips": "rule:admin_api",
- "compute_extension:flavor_access": "",
- "compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
- "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
- "compute_extension:flavor_disabled": "",
- "compute_extension:flavor_rxtx": "",
- "compute_extension:flavor_swap": "",
- "compute_extension:flavorextradata": "",
- "compute_extension:flavorextraspecs:index": "",
- "compute_extension:flavorextraspecs:show": "",
- "compute_extension:flavorextraspecs:create": "rule:admin_api",
- "compute_extension:flavorextraspecs:update": "rule:admin_api",
- "compute_extension:flavorextraspecs:delete": "rule:admin_api",
- "compute_extension:flavormanage": "rule:admin_api",
- "compute_extension:floating_ip_dns": "",
- "compute_extension:floating_ip_pools": "",
- "compute_extension:floating_ips": "",
- "compute_extension:floating_ips_bulk": "rule:admin_api",
- "compute_extension:fping": "",
- "compute_extension:fping:all_tenants": "rule:admin_api",
- "compute_extension:hide_server_addresses": "is_admin:False",
- "compute_extension:hosts": "rule:admin_api",
- "compute_extension:hypervisors": "rule:admin_api",
- "compute_extension:image_size": "",
- "compute_extension:instance_actions": "",
- "compute_extension:instance_actions:events": "rule:admin_api",
- "compute_extension:instance_usage_audit_log": "rule:admin_api",
- "compute_extension:keypairs": "",
- "compute_extension:keypairs:index": "",
- "compute_extension:keypairs:show": "",
- "compute_extension:keypairs:create": "",
- "compute_extension:keypairs:delete": "",
- "compute_extension:multinic": "",
- "compute_extension:networks": "rule:admin_api",
- "compute_extension:networks:view": "",
- "compute_extension:networks_associate": "rule:admin_api",
- "compute_extension:os-tenant-networks": "",
- "compute_extension:quotas:show": "",
- "compute_extension:quotas:update": "rule:admin_api",
- "compute_extension:quotas:delete": "rule:admin_api",
- "compute_extension:quota_classes": "",
- "compute_extension:rescue": "",
- "compute_extension:security_group_default_rules": "rule:admin_api",
- "compute_extension:security_groups": "",
- "compute_extension:server_diagnostics": "rule:admin_api",
- "compute_extension:server_groups": "",
- "compute_extension:server_password": "",
- "compute_extension:server_usage": "",
- "compute_extension:services": "rule:admin_api",
- "compute_extension:shelve": "",
- "compute_extension:shelveOffload": "rule:admin_api",
- "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
- "compute_extension:simple_tenant_usage:list": "rule:admin_api",
- "compute_extension:unshelve": "",
- "compute_extension:users": "rule:admin_api",
- "compute_extension:virtual_interfaces": "",
- "compute_extension:virtual_storage_arrays": "",
- "compute_extension:volumes": "",
- "compute_extension:volume_attachments:index": "",
- "compute_extension:volume_attachments:show": "",
- "compute_extension:volume_attachments:create": "",
- "compute_extension:volume_attachments:update": "",
- "compute_extension:volume_attachments:delete": "",
- "compute_extension:volumetypes": "",
- "compute_extension:availability_zone:list": "",
- "compute_extension:availability_zone:detail": "rule:admin_api",
- "compute_extension:used_limits_for_admin": "rule:admin_api",
- "compute_extension:migrations:index": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
- "compute_extension:console_auth_tokens": "rule:admin_api",
- "compute_extension:os-server-external-events:create": "rule:admin_api",
-
- "network:get_all": "",
- "network:get": "",
- "network:create": "",
- "network:delete": "",
- "network:associate": "",
- "network:disassociate": "",
- "network:get_vifs_by_instance": "",
- "network:allocate_for_instance": "",
- "network:deallocate_for_instance": "",
- "network:validate_networks": "",
- "network:get_instance_uuids_by_ip_filter": "",
- "network:get_instance_id_by_floating_address": "",
- "network:setup_networks_on_host": "",
- "network:get_backdoor_port": "",
-
- "network:get_floating_ip": "",
- "network:get_floating_ip_pools": "",
- "network:get_floating_ip_by_address": "",
- "network:get_floating_ips_by_project": "",
- "network:get_floating_ips_by_fixed_address": "",
- "network:allocate_floating_ip": "",
- "network:associate_floating_ip": "",
- "network:disassociate_floating_ip": "",
- "network:release_floating_ip": "",
- "network:migrate_instance_start": "",
- "network:migrate_instance_finish": "",
-
- "network:get_fixed_ip": "",
- "network:get_fixed_ip_by_address": "",
- "network:add_fixed_ip_to_instance": "",
- "network:remove_fixed_ip_from_instance": "",
- "network:add_network_to_project": "",
- "network:get_instance_nw_info": "",
-
- "network:get_dns_domains": "",
- "network:add_dns_entry": "",
- "network:modify_dns_entry": "",
- "network:delete_dns_entry": "",
- "network:get_dns_entries_by_address": "",
- "network:get_dns_entries_by_name": "",
- "network:create_private_dns_domain": "",
- "network:create_public_dns_domain": "",
- "network:delete_dns_domain": "",
- "network:attach_external_network": "rule:admin_api",
- "network:get_vif_by_mac_address": "",
-
- "os_compute_api:servers:detail:get_all_tenants": "is_admin:True",
- "os_compute_api:servers:index:get_all_tenants": "is_admin:True",
- "os_compute_api:servers:confirm_resize": "",
- "os_compute_api:servers:create": "http://my_hostname:31001/authz",
- "os_compute_api:servers:create:attach_network": "",
- "os_compute_api:servers:create:attach_volume": "",
- "os_compute_api:servers:create:forced_host": "rule:admin_api",
- "os_compute_api:servers:delete": "http://my_hostname:31001/authz",
- "os_compute_api:servers:update": "http://my_hostname:31001/authz",
- "os_compute_api:servers:detail": "http://my_hostname:31001/authz",
- "os_compute_api:servers:index": "http://my_hostname:31001/authz",
- "os_compute_api:servers:reboot": "http://my_hostname:31001/authz",
- "os_compute_api:servers:rebuild": "http://my_hostname:31001/authz",
- "os_compute_api:servers:resize": "http://my_hostname:31001/authz",
- "os_compute_api:servers:revert_resize": "http://my_hostname:31001/authz",
- "os_compute_api:servers:show": "http://my_hostname:31001/authz",
- "os_compute_api:servers:create_image": "",
- "os_compute_api:servers:create_image:allow_volume_backed": "",
- "os_compute_api:servers:start": "rule:admin_or_owner",
- "os_compute_api:servers:stop": "rule:admin_or_owner",
- "os_compute_api:os-access-ips:discoverable": "",
- "os_compute_api:os-access-ips": "",
- "os_compute_api:os-admin-actions": "rule:admin_api",
- "os_compute_api:os-admin-actions:discoverable": "",
- "os_compute_api:os-admin-actions:reset_network": "rule:admin_api",
- "os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api",
- "os_compute_api:os-admin-actions:reset_state": "rule:admin_api",
- "os_compute_api:os-admin-password": "",
- "os_compute_api:os-admin-password:discoverable": "",
- "os_compute_api:os-aggregates:discoverable": "",
- "os_compute_api:os-aggregates:index": "rule:admin_api",
- "os_compute_api:os-aggregates:create": "rule:admin_api",
- "os_compute_api:os-aggregates:show": "rule:admin_api",
- "os_compute_api:os-aggregates:update": "rule:admin_api",
- "os_compute_api:os-aggregates:delete": "rule:admin_api",
- "os_compute_api:os-aggregates:add_host": "rule:admin_api",
- "os_compute_api:os-aggregates:remove_host": "rule:admin_api",
- "os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
- "os_compute_api:os-agents": "rule:admin_api",
- "os_compute_api:os-agents:discoverable": "",
- "os_compute_api:os-attach-interfaces": "",
- "os_compute_api:os-attach-interfaces:discoverable": "",
- "os_compute_api:os-baremetal-nodes": "rule:admin_api",
- "os_compute_api:os-baremetal-nodes:discoverable": "",
- "os_compute_api:os-block-device-mapping-v1:discoverable": "",
- "os_compute_api:os-cells": "rule:admin_api",
- "os_compute_api:os-cells:create": "rule:admin_api",
- "os_compute_api:os-cells:delete": "rule:admin_api",
- "os_compute_api:os-cells:update": "rule:admin_api",
- "os_compute_api:os-cells:sync_instances": "rule:admin_api",
- "os_compute_api:os-cells:discoverable": "",
- "os_compute_api:os-certificates:create": "",
- "os_compute_api:os-certificates:show": "",
- "os_compute_api:os-certificates:discoverable": "",
- "os_compute_api:os-cloudpipe": "rule:admin_api",
- "os_compute_api:os-cloudpipe:discoverable": "",
- "os_compute_api:os-config-drive": "",
- "os_compute_api:os-consoles:discoverable": "",
- "os_compute_api:os-consoles:create": "",
- "os_compute_api:os-consoles:delete": "",
- "os_compute_api:os-consoles:index": "",
- "os_compute_api:os-consoles:show": "",
- "os_compute_api:os-console-output:discoverable": "",
- "os_compute_api:os-console-output": "",
- "os_compute_api:os-remote-consoles": "",
- "os_compute_api:os-remote-consoles:discoverable": "",
- "os_compute_api:os-create-backup:discoverable": "",
- "os_compute_api:os-create-backup": "rule:admin_or_owner",
- "os_compute_api:os-deferred-delete": "",
- "os_compute_api:os-deferred-delete:discoverable": "",
- "os_compute_api:os-disk-config": "",
- "os_compute_api:os-disk-config:discoverable": "",
- "os_compute_api:os-evacuate": "rule:admin_api",
- "os_compute_api:os-evacuate:discoverable": "",
- "os_compute_api:os-extended-server-attributes": "rule:admin_api",
- "os_compute_api:os-extended-server-attributes:discoverable": "",
- "os_compute_api:os-extended-status": "",
- "os_compute_api:os-extended-status:discoverable": "",
- "os_compute_api:os-extended-availability-zone": "",
- "os_compute_api:os-extended-availability-zone:discoverable": "",
- "os_compute_api:extensions": "",
- "os_compute_api:extension_info:discoverable": "",
- "os_compute_api:os-extended-volumes": "",
- "os_compute_api:os-extended-volumes:discoverable": "",
- "os_compute_api:os-fixed-ips": "rule:admin_api",
- "os_compute_api:os-fixed-ips:discoverable": "",
- "os_compute_api:os-flavor-access": "",
- "os_compute_api:os-flavor-access:discoverable": "",
- "os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api",
- "os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api",
- "os_compute_api:os-flavor-rxtx": "",
- "os_compute_api:os-flavor-rxtx:discoverable": "",
- "os_compute_api:flavors:discoverable": "",
- "os_compute_api:os-flavor-extra-specs:discoverable": "",
- "os_compute_api:os-flavor-extra-specs:index": "",
- "os_compute_api:os-flavor-extra-specs:show": "",
- "os_compute_api:os-flavor-extra-specs:create": "rule:admin_api",
- "os_compute_api:os-flavor-extra-specs:update": "rule:admin_api",
- "os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api",
- "os_compute_api:os-flavor-manage:discoverable": "",
- "os_compute_api:os-flavor-manage": "rule:admin_api",
- "os_compute_api:os-floating-ip-dns": "",
- "os_compute_api:os-floating-ip-dns:discoverable": "",
- "os_compute_api:os-floating-ip-dns:domain:update": "rule:admin_api",
- "os_compute_api:os-floating-ip-dns:domain:delete": "rule:admin_api",
- "os_compute_api:os-floating-ip-pools": "",
- "os_compute_api:os-floating-ip-pools:discoverable": "",
- "os_compute_api:os-floating-ips": "",
- "os_compute_api:os-floating-ips:discoverable": "",
- "os_compute_api:os-floating-ips-bulk": "rule:admin_api",
- "os_compute_api:os-floating-ips-bulk:discoverable": "",
- "os_compute_api:os-fping": "",
- "os_compute_api:os-fping:discoverable": "",
- "os_compute_api:os-fping:all_tenants": "rule:admin_api",
- "os_compute_api:os-hide-server-addresses": "is_admin:False",
- "os_compute_api:os-hide-server-addresses:discoverable": "",
- "os_compute_api:os-hosts": "rule:admin_api",
- "os_compute_api:os-hosts:discoverable": "",
- "os_compute_api:os-hypervisors": "rule:admin_api",
- "os_compute_api:os-hypervisors:discoverable": "",
- "os_compute_api:images:discoverable": "",
- "os_compute_api:image-size": "",
- "os_compute_api:image-size:discoverable": "",
- "os_compute_api:os-instance-actions": "",
- "os_compute_api:os-instance-actions:discoverable": "",
- "os_compute_api:os-instance-actions:events": "rule:admin_api",
- "os_compute_api:os-instance-usage-audit-log": "rule:admin_api",
- "os_compute_api:os-instance-usage-audit-log:discoverable": "",
- "os_compute_api:ips:discoverable": "",
- "os_compute_api:ips:index": "rule:admin_or_owner",
- "os_compute_api:ips:show": "rule:admin_or_owner",
- "os_compute_api:os-keypairs:discoverable": "",
- "os_compute_api:os-keypairs": "",
- "os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:limits:discoverable": "",
- "os_compute_api:limits": "",
- "os_compute_api:os-lock-server:discoverable": "",
- "os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
- "os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
- "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
- "os_compute_api:os-migrate-server:discoverable": "",
- "os_compute_api:os-migrate-server:migrate": "rule:admin_api",
- "os_compute_api:os-migrate-server:migrate_live": "rule:admin_api",
- "os_compute_api:os-multinic": "",
- "os_compute_api:os-multinic:discoverable": "",
- "os_compute_api:os-networks": "rule:admin_api",
- "os_compute_api:os-networks:view": "",
- "os_compute_api:os-networks:discoverable": "",
- "os_compute_api:os-networks-associate": "rule:admin_api",
- "os_compute_api:os-networks-associate:discoverable": "",
- "os_compute_api:os-pause-server:discoverable": "",
- "os_compute_api:os-pause-server:pause": "rule:admin_or_owner",
- "os_compute_api:os-pause-server:unpause": "rule:admin_or_owner",
- "os_compute_api:os-pci:pci_servers": "",
- "os_compute_api:os-pci:discoverable": "",
- "os_compute_api:os-pci:index": "rule:admin_api",
- "os_compute_api:os-pci:detail": "rule:admin_api",
- "os_compute_api:os-pci:show": "rule:admin_api",
- "os_compute_api:os-personality:discoverable": "",
- "os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "",
- "os_compute_api:os-quota-sets:discoverable": "",
- "os_compute_api:os-quota-sets:show": "rule:admin_or_owner",
- "os_compute_api:os-quota-sets:defaults": "",
- "os_compute_api:os-quota-sets:update": "rule:admin_api",
- "os_compute_api:os-quota-sets:delete": "rule:admin_api",
- "os_compute_api:os-quota-sets:detail": "rule:admin_api",
- "os_compute_api:os-quota-class-sets:update": "rule:admin_api",
- "os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s",
- "os_compute_api:os-quota-class-sets:discoverable": "",
- "os_compute_api:os-rescue": "",
- "os_compute_api:os-rescue:discoverable": "",
- "os_compute_api:os-scheduler-hints:discoverable": "",
- "os_compute_api:os-security-group-default-rules:discoverable": "",
- "os_compute_api:os-security-group-default-rules": "rule:admin_api",
- "os_compute_api:os-security-groups": "",
- "os_compute_api:os-security-groups:discoverable": "",
- "os_compute_api:os-server-diagnostics": "rule:admin_api",
- "os_compute_api:os-server-diagnostics:discoverable": "",
- "os_compute_api:os-server-password": "",
- "os_compute_api:os-server-password:discoverable": "",
- "os_compute_api:os-server-usage": "",
- "os_compute_api:os-server-usage:discoverable": "",
- "os_compute_api:os-server-groups": "",
- "os_compute_api:os-server-groups:discoverable": "",
- "os_compute_api:os-services": "rule:admin_api",
- "os_compute_api:os-services:discoverable": "",
- "os_compute_api:server-metadata:discoverable": "",
- "os_compute_api:server-metadata:index": "rule:admin_or_owner",
- "os_compute_api:server-metadata:show": "rule:admin_or_owner",
- "os_compute_api:server-metadata:delete": "rule:admin_or_owner",
- "os_compute_api:server-metadata:create": "rule:admin_or_owner",
- "os_compute_api:server-metadata:update": "rule:admin_or_owner",
- "os_compute_api:server-metadata:update_all": "rule:admin_or_owner",
- "os_compute_api:servers:discoverable": "",
- "os_compute_api:os-shelve:shelve": "",
- "os_compute_api:os-shelve:shelve:discoverable": "",
- "os_compute_api:os-shelve:shelve_offload": "rule:admin_api",
- "os_compute_api:os-simple-tenant-usage:discoverable": "",
- "os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner",
- "os_compute_api:os-simple-tenant-usage:list": "rule:admin_api",
- "os_compute_api:os-suspend-server:discoverable": "",
- "os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner",
- "os_compute_api:os-suspend-server:resume": "rule:admin_or_owner",
- "os_compute_api:os-tenant-networks": "rule:admin_or_owner",
- "os_compute_api:os-tenant-networks:discoverable": "",
- "os_compute_api:os-shelve:unshelve": "",
- "os_compute_api:os-user-data:discoverable": "",
- "os_compute_api:os-virtual-interfaces": "",
- "os_compute_api:os-virtual-interfaces:discoverable": "",
- "os_compute_api:os-volumes": "",
- "os_compute_api:os-volumes:discoverable": "",
- "os_compute_api:os-volumes-attachments:index": "",
- "os_compute_api:os-volumes-attachments:show": "",
- "os_compute_api:os-volumes-attachments:create": "",
- "os_compute_api:os-volumes-attachments:update": "",
- "os_compute_api:os-volumes-attachments:delete": "",
- "os_compute_api:os-volumes-attachments:discoverable": "",
- "os_compute_api:os-availability-zone:list": "",
- "os_compute_api:os-availability-zone:discoverable": "",
- "os_compute_api:os-availability-zone:detail": "rule:admin_api",
- "os_compute_api:os-used-limits": "rule:admin_api",
- "os_compute_api:os-used-limits:discoverable": "",
- "os_compute_api:os-migrations:index": "rule:admin_api",
- "os_compute_api:os-migrations:discoverable": "",
- "os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api",
- "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
- "os_compute_api:os-assisted-volume-snapshots:discoverable": "",
- "os_compute_api:os-console-auth-tokens": "rule:admin_api",
- "os_compute_api:os-server-external-events:create": "rule:admin_api"
-}
diff --git a/tools/policies/generate_opst_policy.py b/tools/policies/generate_opst_policy.py
deleted file mode 100644
index dd01d1c1..00000000
--- a/tools/policies/generate_opst_policy.py
+++ /dev/null
@@ -1,167 +0,0 @@
-import json
-import os
-import logging
-import argparse
-
-
-FILES = [
- "cinder.policy.json",
- "glance.policy.json",
- "keystone.policy.json",
- "neutron.policy.json",
- "nova.policy.json",
-]
-policy = {
- "pdps": [{
- "name": "external_pdp",
- "keystone_project_id": "",
- "description": "",
- "policies": [{"name": "OpenStack RBAC Policy"}]}
- ],
-
- "policies": [{
- "name": "OpenStack RBAC Policy",
- "genre": "authz",
- "description": "A RBAC policy similar of what you can find through policy.json files",
- "model": {"name": "OPST_RBAC"}, "mandatory": True, "override": True}
- ],
-
- "models": [{"name": "OPST_RBAC", "description": "", "meta_rules": [{"name": "rbac"}], "override": True}],
-
- "subjects": [
- {"name": "admin", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]},
- {"name": "demo", "description": "", "extra": {}, "policies": [{"name": "OpenStack RBAC Policy"}]}
- ],
-
- "subject_categories": [{"name": "role", "description": "a role in OpenStack"}],
-
- "subject_data": [
- {"name": "admin", "description": "the admin role", "policies": [], "category": {"name": "role"}},
- {"name": "member", "description": "the member role", "policies": [], "category": {"name": "role"}}
- ],
-
- "subject_assignments": [
- {"subject": {"name": "admin"}, "category": {"name": "role"}, "assignments": [{"name": "admin"}, {"name": "member"}]},
- {"subject": {"name": "demo"}, "category": {"name": "role"}, "assignments": [{"name": "member"}]}
- ],
-
- "objects": [],
-
- "object_categories": [{"name": "id", "description": "the UID of each virtual machine"}],
-
- "object_data": [
- {
- "name": "all_vm",
- "description": "represents all virtual machines in this project",
- "policies": [],
- "category": {"name": "id"}},
- ],
-
- "object_assignments": [],
-
- "actions": [],
-
- "action_categories": [{"name": "action_id", "description": ""}],
-
- "action_data": [],
-
- "action_assignments": [],
-
- "meta_rules": [
- {
- "name": "rbac", "description": "",
- "subject_categories": [{"name": "role"}],
- "object_categories": [{"name": "id"}],
- "action_categories": [{"name": "action_id"}]
- }
- ],
-
- "rules": [],
-
-}
-logger = logging.getLogger(__name__)
-
-
-def init():
- parser = argparse.ArgumentParser()
- parser.add_argument("--verbose", '-v', action='store_true', help='verbose mode')
- parser.add_argument("--debug", '-d', action='store_true', help='debug mode')
- parser.add_argument("--dir", help='directory containing policy files', default="./policy.json.d")
- parser.add_argument("--indent", '-i', help='indent the output (default:None)', type=int, default=None)
- parser.add_argument("--output", '-o', help='output name', type=str, default="opst_default_policy.json")
- args = parser.parse_args()
- logging_format = "%(levelname)s: %(message)s"
- if args.verbose:
- logging.basicConfig(level=logging.INFO, format=logging_format)
- if args.debug:
- logging.basicConfig(level=logging.DEBUG, format=logging_format)
- else:
- logging.basicConfig(format=logging_format)
- return args
-
-
-def get_rules(args):
- results = {}
- for f in FILES:
- _json_file = json.loads(open(os.path.join(args.dir, f)).read())
- keys = list(_json_file.keys())
- values = list(_json_file.values())
- for value in values:
- if value in keys:
- keys.remove(value)
- component = os.path.basename(f).split(".")[0]
- results[component] = keys
- return results
-
-
-def build_dict(results):
- for key in results:
- for rule in results[key]:
- _output = {
- "name": rule,
- "description": "{} action for {}".format(rule, key),
- "extra": {"component": key},
- "policies": []
- }
- policy['actions'].append(_output)
- _output = {
- "name": rule,
- "description": "{} action for {}".format(rule, key),
- "policies": [],
- "category": {"name": "action_id"}
- }
- policy['action_data'].append(_output)
- _output = {
- "action": {"name": rule},
- "category": {"name": "action_id"},
- "assignments": [{"name": rule}, ]}
- policy['action_assignments'].append(_output)
- _output = {
- "meta_rule": {"name": "rbac"},
- "rule": {
- "subject_data": [{"name": "admin"}],
- "object_data": [{"name": "all_vm"}],
- "action_data": [{"name": rule}]
- },
- "policy": {"name": "OpenStack RBAC Policy"},
- "instructions": {"decision": "grant"},
- "enabled": True
- }
- policy['rules'].append(_output)
- # TODO: add rules for member only
- # TODO: add rules for everyone
-
-
-def write_dict(args):
- json.dump(policy, open(args.output, "w"), indent=args.indent)
-
-
-def main():
- args = init()
- rules = get_rules(args)
- build_dict(rules)
- write_dict(args)
-
-
-if __name__ == "__main__":
- main() \ No newline at end of file
diff --git a/tools/policies/policy.json.d/cinder.policy.json b/tools/policies/policy.json.d/cinder.policy.json
deleted file mode 100644
index 02af88bd..00000000
--- a/tools/policies/policy.json.d/cinder.policy.json
+++ /dev/null
@@ -1,104 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
- "default": "rule:admin_or_owner",
-
- "admin_api": "is_admin:True",
-
- "volume:create": "",
- "volume:delete": "rule:admin_or_owner",
- "volume:get": "rule:admin_or_owner",
- "volume:get_all": "rule:admin_or_owner",
- "volume:get_volume_metadata": "rule:admin_or_owner",
- "volume:delete_volume_metadata": "rule:admin_or_owner",
- "volume:update_volume_metadata": "rule:admin_or_owner",
- "volume:get_volume_admin_metadata": "rule:admin_api",
- "volume:update_volume_admin_metadata": "rule:admin_api",
- "volume:get_snapshot": "rule:admin_or_owner",
- "volume:get_all_snapshots": "rule:admin_or_owner",
- "volume:create_snapshot": "rule:admin_or_owner",
- "volume:delete_snapshot": "rule:admin_or_owner",
- "volume:update_snapshot": "rule:admin_or_owner",
- "volume:extend": "rule:admin_or_owner",
- "volume:update_readonly_flag": "rule:admin_or_owner",
- "volume:retype": "rule:admin_or_owner",
- "volume:update": "rule:admin_or_owner",
-
- "volume_extension:types_manage": "rule:admin_api",
- "volume_extension:types_extra_specs": "rule:admin_api",
- "volume_extension:access_types_qos_specs_id": "rule:admin_api",
- "volume_extension:access_types_extra_specs": "rule:admin_api",
- "volume_extension:volume_type_access": "rule:admin_or_owner",
- "volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
- "volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
- "volume_extension:volume_type_encryption": "rule:admin_api",
- "volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
- "volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
- "volume_extension:volume_image_metadata": "rule:admin_or_owner",
-
- "volume_extension:quotas:show": "",
- "volume_extension:quotas:update": "rule:admin_api",
- "volume_extension:quotas:delete": "rule:admin_api",
- "volume_extension:quota_classes": "rule:admin_api",
- "volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
-
- "volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
- "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
- "volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
- "volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
- "volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
- "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
- "volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
- "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
- "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
-
- "volume_extension:volume_host_attribute": "rule:admin_api",
- "volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
- "volume_extension:volume_mig_status_attribute": "rule:admin_api",
- "volume_extension:hosts": "rule:admin_api",
- "volume_extension:services:index": "rule:admin_api",
- "volume_extension:services:update" : "rule:admin_api",
-
- "volume_extension:volume_manage": "rule:admin_api",
- "volume_extension:volume_unmanage": "rule:admin_api",
-
- "volume_extension:capabilities": "rule:admin_api",
-
- "volume:create_transfer": "rule:admin_or_owner",
- "volume:accept_transfer": "",
- "volume:delete_transfer": "rule:admin_or_owner",
- "volume:get_all_transfers": "rule:admin_or_owner",
-
- "volume_extension:replication:promote": "rule:admin_api",
- "volume_extension:replication:reenable": "rule:admin_api",
-
- "volume:enable_replication": "rule:admin_api",
- "volume:disable_replication": "rule:admin_api",
- "volume:failover_replication": "rule:admin_api",
- "volume:list_replication_targets": "rule:admin_api",
-
- "backup:create" : "",
- "backup:delete": "rule:admin_or_owner",
- "backup:get": "rule:admin_or_owner",
- "backup:get_all": "rule:admin_or_owner",
- "backup:restore": "rule:admin_or_owner",
- "backup:backup-import": "rule:admin_api",
- "backup:backup-export": "rule:admin_api",
-
- "snapshot_extension:snapshot_actions:update_snapshot_status": "",
- "snapshot_extension:snapshot_manage": "rule:admin_api",
- "snapshot_extension:snapshot_unmanage": "rule:admin_api",
-
- "consistencygroup:create" : "group:nobody",
- "consistencygroup:delete": "group:nobody",
- "consistencygroup:update": "group:nobody",
- "consistencygroup:get": "group:nobody",
- "consistencygroup:get_all": "group:nobody",
-
- "consistencygroup:create_cgsnapshot" : "group:nobody",
- "consistencygroup:delete_cgsnapshot": "group:nobody",
- "consistencygroup:get_cgsnapshot": "group:nobody",
- "consistencygroup:get_all_cgsnapshots": "group:nobody",
-
- "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api"
-}
diff --git a/tools/policies/policy.json.d/glance.policy.json b/tools/policies/policy.json.d/glance.policy.json
deleted file mode 100644
index 5b1f6be7..00000000
--- a/tools/policies/policy.json.d/glance.policy.json
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "default": "role:admin",
-
- "add_image": "",
- "delete_image": "",
- "get_image": "",
- "get_images": "",
- "modify_image": "",
- "publicize_image": "role:admin",
- "communitize_image": "",
- "copy_from": "",
-
- "download_image": "",
- "upload_image": "",
-
- "delete_image_location": "",
- "get_image_location": "",
- "set_image_location": "",
-
- "add_member": "",
- "delete_member": "",
- "get_member": "",
- "get_members": "",
- "modify_member": "",
-
- "manage_image_cache": "role:admin",
-
- "get_task": "",
- "get_tasks": "",
- "add_task": "",
- "modify_task": "",
- "tasks_api_access": "role:admin",
-
- "deactivate": "",
- "reactivate": "",
-
- "get_metadef_namespace": "",
- "get_metadef_namespaces":"",
- "modify_metadef_namespace":"",
- "add_metadef_namespace":"",
-
- "get_metadef_object":"",
- "get_metadef_objects":"",
- "modify_metadef_object":"",
- "add_metadef_object":"",
-
- "list_metadef_resource_types":"",
- "get_metadef_resource_type":"",
- "add_metadef_resource_type_association":"",
-
- "get_metadef_property":"",
- "get_metadef_properties":"",
- "modify_metadef_property":"",
- "add_metadef_property":"",
-
- "get_metadef_tag":"",
- "get_metadef_tags":"",
- "modify_metadef_tag":"",
- "add_metadef_tag":"",
- "add_metadef_tags":""
-
-}
diff --git a/tools/policies/policy.json.d/keystone.policy.json b/tools/policies/policy.json.d/keystone.policy.json
deleted file mode 100644
index 263912bf..00000000
--- a/tools/policies/policy.json.d/keystone.policy.json
+++ /dev/null
@@ -1,260 +0,0 @@
-{
- "admin_required": "role:admin",
- "cloud_admin": "role:admin and (is_admin_project:True or domain_id:admin_domain_id)",
- "service_role": "role:service",
- "service_or_admin": "rule:admin_required or rule:service_role",
- "owner": "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
- "admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
- "admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
- "service_admin_or_owner": "rule:service_or_admin or rule:owner",
-
- "default": "rule:admin_required",
-
- "identity:get_region": "",
- "identity:list_regions": "",
- "identity:create_region": "rule:cloud_admin",
- "identity:update_region": "rule:cloud_admin",
- "identity:delete_region": "rule:cloud_admin",
-
- "identity:get_service": "rule:admin_required",
- "identity:list_services": "rule:admin_required",
- "identity:create_service": "rule:cloud_admin",
- "identity:update_service": "rule:cloud_admin",
- "identity:delete_service": "rule:cloud_admin",
-
- "identity:get_endpoint": "rule:admin_required",
- "identity:list_endpoints": "rule:admin_required",
- "identity:create_endpoint": "rule:cloud_admin",
- "identity:update_endpoint": "rule:cloud_admin",
- "identity:delete_endpoint": "rule:cloud_admin",
-
- "identity:get_registered_limit": "",
- "identity:list_registered_limits": "",
- "identity:create_registered_limits": "rule:admin_required",
- "identity:update_registered_limits": "rule:admin_required",
- "identity:delete_registered_limit": "rule:admin_required",
-
- "identity:get_limit": "",
- "identity:list_limits": "",
- "identity:create_limits": "rule:admin_required",
- "identity:update_limits": "rule:admin_required",
- "identity:delete_limit": "rule:admin_required",
-
- "identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id or token.project.domain.id:%(target.domain.id)s",
- "identity:list_domains": "rule:cloud_admin",
- "identity:create_domain": "rule:cloud_admin",
- "identity:update_domain": "rule:cloud_admin",
- "identity:delete_domain": "rule:cloud_admin",
-
- "admin_and_matching_target_project_domain_id": "rule:admin_required and domain_id:%(target.project.domain_id)s",
- "admin_and_matching_project_domain_id": "rule:admin_required and domain_id:%(project.domain_id)s",
- "identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
- "identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id",
- "identity:list_user_projects": "rule:owner or rule:admin_and_matching_domain_id",
- "identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id",
- "identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
- "identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
- "identity:create_project_tag": "rule:admin_required",
- "identity:delete_project_tag": "rule:admin_required",
- "identity:get_project_tag": "rule:admin_required",
- "identity:list_project_tags": "rule:admin_required",
- "identity:delete_project_tags": "rule:admin_required",
- "identity:update_project_tags": "rule:admin_required",
-
- "admin_and_matching_target_user_domain_id": "rule:admin_required and domain_id:%(target.user.domain_id)s",
- "admin_and_matching_user_domain_id": "rule:admin_required and domain_id:%(user.domain_id)s",
- "identity:get_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id or rule:owner",
- "identity:list_users": "rule:cloud_admin or rule:admin_and_matching_domain_id",
- "identity:create_user": "rule:cloud_admin or rule:admin_and_matching_user_domain_id",
- "identity:update_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
- "identity:delete_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
-
- "admin_and_matching_target_group_domain_id": "rule:admin_required and domain_id:%(target.group.domain_id)s",
- "admin_and_matching_group_domain_id": "rule:admin_required and domain_id:%(group.domain_id)s",
- "identity:get_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:list_groups": "rule:cloud_admin or rule:admin_and_matching_domain_id",
- "identity:list_groups_for_user": "rule:owner or rule:admin_and_matching_target_user_domain_id",
- "identity:create_group": "rule:cloud_admin or rule:admin_and_matching_group_domain_id",
- "identity:update_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:delete_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:list_users_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:remove_user_from_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:check_user_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
- "identity:add_user_to_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
-
- "identity:get_credential": "rule:admin_required",
- "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
- "identity:create_credential": "rule:admin_required",
- "identity:update_credential": "rule:admin_required",
- "identity:delete_credential": "rule:admin_required",
-
- "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
- "identity:ec2_list_credentials": "rule:admin_required or rule:owner",
- "identity:ec2_create_credential": "rule:admin_required or rule:owner",
- "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
-
- "identity:get_role": "rule:admin_required",
- "identity:list_roles": "rule:admin_required",
- "identity:create_role": "rule:cloud_admin",
- "identity:update_role": "rule:cloud_admin",
- "identity:delete_role": "rule:cloud_admin",
-
- "identity:get_domain_role": "rule:cloud_admin or rule:get_domain_roles",
- "identity:list_domain_roles": "rule:cloud_admin or rule:list_domain_roles",
- "identity:create_domain_role": "rule:cloud_admin or rule:domain_admin_matches_domain_role",
- "identity:update_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
- "identity:delete_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
- "domain_admin_matches_domain_role": "rule:admin_required and domain_id:%(role.domain_id)s",
- "get_domain_roles": "rule:domain_admin_matches_target_domain_role or rule:project_admin_matches_target_domain_role",
- "domain_admin_matches_target_domain_role": "rule:admin_required and domain_id:%(target.role.domain_id)s",
- "project_admin_matches_target_domain_role": "rule:admin_required and project_domain_id:%(target.role.domain_id)s",
- "list_domain_roles": "rule:domain_admin_matches_filter_on_list_domain_roles or rule:project_admin_matches_filter_on_list_domain_roles",
- "domain_admin_matches_filter_on_list_domain_roles": "rule:admin_required and domain_id:%(domain_id)s",
- "project_admin_matches_filter_on_list_domain_roles": "rule:admin_required and project_domain_id:%(domain_id)s",
- "admin_and_matching_prior_role_domain_id": "rule:admin_required and domain_id:%(target.prior_role.domain_id)s",
- "implied_role_matches_prior_role_domain_or_global": "(domain_id:%(target.implied_role.domain_id)s or None:%(target.implied_role.domain_id)s)",
-
- "identity:get_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
- "identity:list_implied_roles": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
- "identity:create_implied_role": "rule:cloud_admin or (rule:admin_and_matching_prior_role_domain_id and rule:implied_role_matches_prior_role_domain_or_global)",
- "identity:delete_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
- "identity:list_role_inference_rules": "rule:cloud_admin",
- "identity:check_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
-
- "identity:list_system_grants_for_user": "rule:admin_required",
- "identity:check_system_grant_for_user": "rule:admin_required",
- "identity:create_system_grant_for_user": "rule:admin_required",
- "identity:revoke_system_grant_for_user": "rule:admin_required",
-
- "identity:list_system_grants_for_group": "rule:admin_required",
- "identity:check_system_grant_for_group": "rule:admin_required",
- "identity:create_system_grant_for_group": "rule:admin_required",
- "identity:revoke_system_grant_for_group": "rule:admin_required",
-
- "identity:check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
- "identity:list_grants": "rule:cloud_admin or rule:domain_admin_for_list_grants or rule:project_admin_for_list_grants",
- "identity:create_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
- "identity:revoke_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
- "domain_admin_for_grants": "rule:domain_admin_for_global_role_grants or rule:domain_admin_for_domain_role_grants",
- "domain_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and rule:domain_admin_grant_match",
- "domain_admin_for_domain_role_grants": "rule:admin_required and domain_id:%(target.role.domain_id)s and rule:domain_admin_grant_match",
- "domain_admin_grant_match": "domain_id:%(domain_id)s or domain_id:%(target.project.domain_id)s",
- "project_admin_for_grants": "rule:project_admin_for_global_role_grants or rule:project_admin_for_domain_role_grants",
- "project_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and project_id:%(project_id)s",
- "project_admin_for_domain_role_grants": "rule:admin_required and project_domain_id:%(target.role.domain_id)s and project_id:%(project_id)s",
- "domain_admin_for_list_grants": "rule:admin_required and rule:domain_admin_grant_match",
- "project_admin_for_list_grants": "rule:admin_required and project_id:%(project_id)s",
-
- "admin_on_domain_filter": "rule:admin_required and domain_id:%(scope.domain.id)s",
- "admin_on_project_filter": "rule:admin_required and project_id:%(scope.project.id)s",
- "admin_on_domain_of_project_filter": "rule:admin_required and domain_id:%(target.project.domain_id)s",
- "identity:list_role_assignments": "rule:cloud_admin or rule:admin_on_domain_filter or rule:admin_on_project_filter",
- "identity:list_role_assignments_for_tree": "rule:cloud_admin or rule:admin_on_domain_of_project_filter",
- "identity:get_policy": "rule:cloud_admin",
- "identity:list_policies": "rule:cloud_admin",
- "identity:create_policy": "rule:cloud_admin",
- "identity:update_policy": "rule:cloud_admin",
- "identity:delete_policy": "rule:cloud_admin",
-
- "identity:check_token": "rule:admin_or_owner",
- "identity:validate_token": "rule:service_admin_or_owner",
- "identity:validate_token_head": "rule:service_or_admin",
- "identity:revocation_list": "rule:service_or_admin",
- "identity:revoke_token": "rule:admin_or_owner",
-
- "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
- "identity:list_trusts": "",
- "identity:list_roles_for_trust": "",
- "identity:get_role_for_trust": "",
- "identity:delete_trust": "",
- "identity:get_trust": "",
-
- "identity:create_consumer": "rule:admin_required",
- "identity:get_consumer": "rule:admin_required",
- "identity:list_consumers": "rule:admin_required",
- "identity:delete_consumer": "rule:admin_required",
- "identity:update_consumer": "rule:admin_required",
-
- "identity:authorize_request_token": "rule:admin_required",
- "identity:list_access_token_roles": "rule:admin_required",
- "identity:get_access_token_role": "rule:admin_required",
- "identity:list_access_tokens": "rule:admin_required",
- "identity:get_access_token": "rule:admin_required",
- "identity:delete_access_token": "rule:admin_required",
-
- "identity:list_projects_for_endpoint": "rule:admin_required",
- "identity:add_endpoint_to_project": "rule:admin_required",
- "identity:check_endpoint_in_project": "rule:admin_required",
- "identity:list_endpoints_for_project": "rule:admin_required",
- "identity:remove_endpoint_from_project": "rule:admin_required",
-
- "identity:create_endpoint_group": "rule:admin_required",
- "identity:list_endpoint_groups": "rule:admin_required",
- "identity:get_endpoint_group": "rule:admin_required",
- "identity:update_endpoint_group": "rule:admin_required",
- "identity:delete_endpoint_group": "rule:admin_required",
- "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
- "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
- "identity:get_endpoint_group_in_project": "rule:admin_required",
- "identity:list_endpoint_groups_for_project": "rule:admin_required",
- "identity:add_endpoint_group_to_project": "rule:admin_required",
- "identity:remove_endpoint_group_from_project": "rule:admin_required",
-
- "identity:create_identity_provider": "rule:cloud_admin",
- "identity:list_identity_providers": "rule:cloud_admin",
- "identity:get_identity_provider": "rule:cloud_admin",
- "identity:update_identity_provider": "rule:cloud_admin",
- "identity:delete_identity_provider": "rule:cloud_admin",
-
- "identity:create_protocol": "rule:cloud_admin",
- "identity:update_protocol": "rule:cloud_admin",
- "identity:get_protocol": "rule:cloud_admin",
- "identity:list_protocols": "rule:cloud_admin",
- "identity:delete_protocol": "rule:cloud_admin",
-
- "identity:create_mapping": "rule:cloud_admin",
- "identity:get_mapping": "rule:cloud_admin",
- "identity:list_mappings": "rule:cloud_admin",
- "identity:delete_mapping": "rule:cloud_admin",
- "identity:update_mapping": "rule:cloud_admin",
-
- "identity:create_service_provider": "rule:cloud_admin",
- "identity:list_service_providers": "rule:cloud_admin",
- "identity:get_service_provider": "rule:cloud_admin",
- "identity:update_service_provider": "rule:cloud_admin",
- "identity:delete_service_provider": "rule:cloud_admin",
-
- "identity:get_auth_catalog": "",
- "identity:get_auth_projects": "",
- "identity:get_auth_domains": "",
- "identity:get_auth_system": "",
-
- "identity:list_projects_for_user": "",
- "identity:list_domains_for_user": "",
-
- "identity:list_revoke_events": "rule:service_or_admin",
-
- "identity:create_policy_association_for_endpoint": "rule:cloud_admin",
- "identity:check_policy_association_for_endpoint": "rule:cloud_admin",
- "identity:delete_policy_association_for_endpoint": "rule:cloud_admin",
- "identity:create_policy_association_for_service": "rule:cloud_admin",
- "identity:check_policy_association_for_service": "rule:cloud_admin",
- "identity:delete_policy_association_for_service": "rule:cloud_admin",
- "identity:create_policy_association_for_region_and_service": "rule:cloud_admin",
- "identity:check_policy_association_for_region_and_service": "rule:cloud_admin",
- "identity:delete_policy_association_for_region_and_service": "rule:cloud_admin",
- "identity:get_policy_for_endpoint": "rule:cloud_admin",
- "identity:list_endpoints_for_policy": "rule:cloud_admin",
-
- "identity:create_domain_config": "rule:cloud_admin",
- "identity:get_domain_config": "rule:cloud_admin",
- "identity:get_security_compliance_domain_config": "",
- "identity:update_domain_config": "rule:cloud_admin",
- "identity:delete_domain_config": "rule:cloud_admin",
- "identity:get_domain_config_default": "rule:cloud_admin",
-
- "identity:get_application_credential": "rule:admin_or_owner",
- "identity:list_application_credentials": "rule:admin_or_owner",
- "identity:create_application_credential": "rule:admin_or_owner",
- "identity:delete_application_credential": "rule:admin_or_owner"
-}
diff --git a/tools/policies/policy.json.d/neutron.policy.json b/tools/policies/policy.json.d/neutron.policy.json
deleted file mode 100644
index 15f17203..00000000
--- a/tools/policies/policy.json.d/neutron.policy.json
+++ /dev/null
@@ -1,235 +0,0 @@
-{
- "context_is_admin": "role:admin or user_name:neutron",
- "owner": "tenant_id:%(tenant_id)s",
- "admin_or_owner": "rule:context_is_admin or rule:owner",
- "context_is_advsvc": "role:advsvc",
- "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
- "admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner",
- "admin_only": "rule:context_is_admin",
- "regular_user": "",
- "admin_or_data_plane_int": "rule:context_is_admin or role:data_plane_integrator",
- "shared": "field:networks:shared=True",
- "shared_subnetpools": "field:subnetpools:shared=True",
- "shared_address_scopes": "field:address_scopes:shared=True",
- "external": "field:networks:router:external=True",
- "default": "rule:admin_or_owner",
-
- "create_subnet": "rule:admin_or_network_owner",
- "create_subnet:segment_id": "rule:admin_only",
- "create_subnet:service_types": "rule:admin_only",
- "get_subnet": "rule:admin_or_owner or rule:shared",
- "get_subnet:segment_id": "rule:admin_only",
- "update_subnet": "rule:admin_or_network_owner",
- "update_subnet:service_types": "rule:admin_only",
- "delete_subnet": "rule:admin_or_network_owner",
-
- "create_subnetpool": "",
- "create_subnetpool:shared": "rule:admin_only",
- "create_subnetpool:is_default": "rule:admin_only",
- "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
- "update_subnetpool": "rule:admin_or_owner",
- "update_subnetpool:is_default": "rule:admin_only",
- "delete_subnetpool": "rule:admin_or_owner",
-
- "create_address_scope": "",
- "create_address_scope:shared": "rule:admin_only",
- "get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
- "update_address_scope": "rule:admin_or_owner",
- "update_address_scope:shared": "rule:admin_only",
- "delete_address_scope": "rule:admin_or_owner",
-
- "create_network": "",
- "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
- "get_network:router:external": "rule:regular_user",
- "get_network:segments": "rule:admin_only",
- "get_network:provider:network_type": "rule:admin_only",
- "get_network:provider:physical_network": "rule:admin_only",
- "get_network:provider:segmentation_id": "rule:admin_only",
- "get_network:queue_id": "rule:admin_only",
- "get_network_ip_availabilities": "rule:admin_only",
- "get_network_ip_availability": "rule:admin_only",
- "create_network:shared": "rule:admin_only",
- "create_network:router:external": "rule:admin_only",
- "create_network:is_default": "rule:admin_only",
- "create_network:segments": "rule:admin_only",
- "create_network:provider:network_type": "rule:admin_only",
- "create_network:provider:physical_network": "rule:admin_only",
- "create_network:provider:segmentation_id": "rule:admin_only",
- "update_network": "rule:admin_or_owner",
- "update_network:segments": "rule:admin_only",
- "update_network:shared": "rule:admin_only",
- "update_network:provider:network_type": "rule:admin_only",
- "update_network:provider:physical_network": "rule:admin_only",
- "update_network:provider:segmentation_id": "rule:admin_only",
- "update_network:router:external": "rule:admin_only",
- "delete_network": "rule:admin_or_owner",
-
- "create_segment": "rule:admin_only",
- "get_segment": "rule:admin_only",
- "update_segment": "rule:admin_only",
- "delete_segment": "rule:admin_only",
-
- "network_device": "field:port:device_owner=~^network:",
- "create_port": "",
- "create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
- "create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
- "create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "create_port:binding:host_id": "rule:admin_only",
- "create_port:binding:profile": "rule:admin_only",
- "create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "create_port:allowed_address_pairs": "rule:admin_or_network_owner",
- "get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
- "get_port:queue_id": "rule:admin_only",
- "get_port:binding:vif_type": "rule:admin_only",
- "get_port:binding:vif_details": "rule:admin_only",
- "get_port:binding:host_id": "rule:admin_only",
- "get_port:binding:profile": "rule:admin_only",
- "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
- "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
- "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
- "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
- "update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "update_port:binding:host_id": "rule:admin_only",
- "update_port:binding:profile": "rule:admin_only",
- "update_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
- "update_port:allowed_address_pairs": "rule:admin_or_network_owner",
- "update_port:data_plane_status": "rule:admin_or_data_plane_int",
- "delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
-
- "get_router:ha": "rule:admin_only",
- "create_router": "rule:regular_user",
- "create_router:external_gateway_info:enable_snat": "rule:admin_only",
- "create_router:distributed": "rule:admin_only",
- "create_router:ha": "rule:admin_only",
- "get_router": "http://192.168.1.50:31002/wrapper/authz/grant",
- "get_router:distributed": "rule:admin_only",
- "update_router": "rule:admin_or_owner",
- "update_router:external_gateway_info": "rule:admin_or_owner",
- "update_router:external_gateway_info:network_id": "rule:admin_or_owner",
- "update_router:external_gateway_info:enable_snat": "rule:admin_only",
- "update_router:distributed": "rule:admin_only",
- "update_router:ha": "rule:admin_only",
- "delete_router": "rule:admin_or_owner",
-
- "add_router_interface": "rule:admin_or_owner",
- "remove_router_interface": "rule:admin_or_owner",
-
- "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
- "update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
-
- "create_qos_queue": "rule:admin_only",
- "get_qos_queue": "rule:admin_only",
-
- "update_agent": "rule:admin_only",
- "delete_agent": "rule:admin_only",
- "get_agent": "rule:admin_only",
-
- "create_dhcp-network": "rule:admin_only",
- "delete_dhcp-network": "rule:admin_only",
- "get_dhcp-networks": "rule:admin_only",
- "create_l3-router": "rule:admin_only",
- "delete_l3-router": "rule:admin_only",
- "get_l3-routers": "rule:admin_only",
- "get_dhcp-agents": "rule:admin_only",
- "get_l3-agents": "rule:admin_only",
- "get_loadbalancer-agent": "rule:admin_only",
- "get_loadbalancer-pools": "rule:admin_only",
- "get_agent-loadbalancers": "rule:admin_only",
- "get_loadbalancer-hosting-agent": "rule:admin_only",
-
- "create_floatingip": "rule:regular_user",
- "create_floatingip:floating_ip_address": "rule:admin_only",
- "update_floatingip": "rule:admin_or_owner",
- "delete_floatingip": "rule:admin_or_owner",
- "get_floatingip": "rule:admin_or_owner",
-
- "create_network_profile": "rule:admin_only",
- "update_network_profile": "rule:admin_only",
- "delete_network_profile": "rule:admin_only",
- "get_network_profiles": "",
- "get_network_profile": "",
- "update_policy_profiles": "rule:admin_only",
- "get_policy_profiles": "",
- "get_policy_profile": "",
-
- "create_metering_label": "rule:admin_only",
- "delete_metering_label": "rule:admin_only",
- "get_metering_label": "rule:admin_only",
-
- "create_metering_label_rule": "rule:admin_only",
- "delete_metering_label_rule": "rule:admin_only",
- "get_metering_label_rule": "rule:admin_only",
-
- "get_service_provider": "rule:regular_user",
- "get_lsn": "rule:admin_only",
- "create_lsn": "rule:admin_only",
-
- "create_flavor": "rule:admin_only",
- "update_flavor": "rule:admin_only",
- "delete_flavor": "rule:admin_only",
- "get_flavors": "rule:regular_user",
- "get_flavor": "rule:regular_user",
- "create_service_profile": "rule:admin_only",
- "update_service_profile": "rule:admin_only",
- "delete_service_profile": "rule:admin_only",
- "get_service_profiles": "rule:admin_only",
- "get_service_profile": "rule:admin_only",
-
- "get_policy": "rule:regular_user",
- "create_policy": "rule:admin_only",
- "update_policy": "rule:admin_only",
- "delete_policy": "rule:admin_only",
- "get_policy_bandwidth_limit_rule": "rule:regular_user",
- "create_policy_bandwidth_limit_rule": "rule:admin_only",
- "delete_policy_bandwidth_limit_rule": "rule:admin_only",
- "update_policy_bandwidth_limit_rule": "rule:admin_only",
- "get_policy_dscp_marking_rule": "rule:regular_user",
- "create_policy_dscp_marking_rule": "rule:admin_only",
- "delete_policy_dscp_marking_rule": "rule:admin_only",
- "update_policy_dscp_marking_rule": "rule:admin_only",
- "get_rule_type": "rule:regular_user",
- "get_policy_minimum_bandwidth_rule": "rule:regular_user",
- "create_policy_minimum_bandwidth_rule": "rule:admin_only",
- "delete_policy_minimum_bandwidth_rule": "rule:admin_only",
- "update_policy_minimum_bandwidth_rule": "rule:admin_only",
-
- "restrict_wildcard": "(not field:rbac_policy:target_tenant=*) or rule:admin_only",
- "create_rbac_policy": "",
- "create_rbac_policy:target_tenant": "rule:restrict_wildcard",
- "update_rbac_policy": "rule:admin_or_owner",
- "update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin_or_owner",
- "get_rbac_policy": "rule:admin_or_owner",
- "delete_rbac_policy": "rule:admin_or_owner",
-
- "create_flavor_service_profile": "rule:admin_only",
- "delete_flavor_service_profile": "rule:admin_only",
- "get_flavor_service_profile": "rule:regular_user",
- "get_auto_allocated_topology": "rule:admin_or_owner",
-
- "create_trunk": "rule:regular_user",
- "get_trunk": "rule:admin_or_owner",
- "delete_trunk": "rule:admin_or_owner",
- "get_subports": "",
- "add_subports": "rule:admin_or_owner",
- "remove_subports": "rule:admin_or_owner",
-
- "get_security_groups": "rule:admin_or_owner",
- "get_security_group": "rule:admin_or_owner",
- "create_security_group": "rule:admin_or_owner",
- "update_security_group": "rule:admin_or_owner",
- "delete_security_group": "rule:admin_or_owner",
- "get_security_group_rules": "rule:admin_or_owner",
- "get_security_group_rule": "rule:admin_or_owner",
- "create_security_group_rule": "rule:admin_or_owner",
- "delete_security_group_rule": "rule:admin_or_owner",
-
- "get_loggable_resources": "rule:admin_only",
- "create_log": "rule:admin_only",
- "update_log": "rule:admin_only",
- "delete_log": "rule:admin_only",
- "get_logs": "rule:admin_only",
- "get_log": "rule:admin_only"
-}
diff --git a/tools/policies/policy.json.d/nova.policy.json b/tools/policies/policy.json.d/nova.policy.json
deleted file mode 100644
index da8f5740..00000000
--- a/tools/policies/policy.json.d/nova.policy.json
+++ /dev/null
@@ -1,485 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
- "default": "rule:admin_or_owner",
-
- "cells_scheduler_filter:TargetCellFilter": "is_admin:True",
-
- "compute:create": "",
- "compute:create:attach_network": "",
- "compute:create:attach_volume": "",
- "compute:create:forced_host": "is_admin:True",
-
- "compute:get": "",
- "compute:get_all": "",
- "compute:get_all_tenants": "is_admin:True",
-
- "compute:update": "",
-
- "compute:get_instance_metadata": "",
- "compute:get_all_instance_metadata": "",
- "compute:get_all_instance_system_metadata": "",
- "compute:update_instance_metadata": "",
- "compute:delete_instance_metadata": "",
-
- "compute:get_instance_faults": "",
- "compute:get_diagnostics": "",
- "compute:get_instance_diagnostics": "",
-
- "compute:start": "rule:admin_or_owner",
- "compute:stop": "rule:admin_or_owner",
-
- "compute:get_lock": "",
- "compute:lock": "rule:admin_or_owner",
- "compute:unlock": "rule:admin_or_owner",
- "compute:unlock_override": "rule:admin_api",
-
- "compute:get_vnc_console": "",
- "compute:get_spice_console": "",
- "compute:get_rdp_console": "",
- "compute:get_serial_console": "",
- "compute:get_mks_console": "",
- "compute:get_console_output": "",
-
- "compute:reset_network": "",
- "compute:inject_network_info": "",
- "compute:add_fixed_ip": "",
- "compute:remove_fixed_ip": "",
-
- "compute:attach_volume": "",
- "compute:detach_volume": "",
- "compute:swap_volume": "",
-
- "compute:attach_interface": "",
- "compute:detach_interface": "",
-
- "compute:set_admin_password": "",
-
- "compute:rescue": "",
- "compute:unrescue": "",
-
- "compute:suspend": "",
- "compute:resume": "",
-
- "compute:pause": "",
- "compute:unpause": "",
-
- "compute:shelve": "",
- "compute:shelve_offload": "",
- "compute:unshelve": "",
-
- "compute:snapshot": "",
- "compute:snapshot_volume_backed": "",
- "compute:backup": "",
-
- "compute:resize": "",
- "compute:confirm_resize": "",
- "compute:revert_resize": "",
-
- "compute:rebuild": "",
- "compute:reboot": "",
- "compute:delete": "rule:admin_or_owner",
- "compute:soft_delete": "rule:admin_or_owner",
- "compute:force_delete": "rule:admin_or_owner",
-
- "compute:security_groups:add_to_instance": "",
- "compute:security_groups:remove_from_instance": "",
-
- "compute:restore": "",
-
- "compute:volume_snapshot_create": "",
- "compute:volume_snapshot_delete": "",
-
- "admin_api": "is_admin:True",
- "compute_extension:accounts": "rule:admin_api",
- "compute_extension:admin_actions": "rule:admin_api",
- "compute_extension:admin_actions:pause": "rule:admin_or_owner",
- "compute_extension:admin_actions:unpause": "rule:admin_or_owner",
- "compute_extension:admin_actions:suspend": "rule:admin_or_owner",
- "compute_extension:admin_actions:resume": "rule:admin_or_owner",
- "compute_extension:admin_actions:lock": "rule:admin_or_owner",
- "compute_extension:admin_actions:unlock": "rule:admin_or_owner",
- "compute_extension:admin_actions:resetNetwork": "rule:admin_api",
- "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api",
- "compute_extension:admin_actions:createBackup": "rule:admin_or_owner",
- "compute_extension:admin_actions:migrateLive": "rule:admin_api",
- "compute_extension:admin_actions:resetState": "rule:admin_api",
- "compute_extension:admin_actions:migrate": "rule:admin_api",
- "compute_extension:aggregates": "rule:admin_api",
- "compute_extension:agents": "rule:admin_api",
- "compute_extension:attach_interfaces": "",
- "compute_extension:baremetal_nodes": "rule:admin_api",
- "compute_extension:cells": "rule:admin_api",
- "compute_extension:cells:create": "rule:admin_api",
- "compute_extension:cells:delete": "rule:admin_api",
- "compute_extension:cells:update": "rule:admin_api",
- "compute_extension:cells:sync_instances": "rule:admin_api",
- "compute_extension:certificates": "",
- "compute_extension:cloudpipe": "rule:admin_api",
- "compute_extension:cloudpipe_update": "rule:admin_api",
- "compute_extension:config_drive": "",
- "compute_extension:console_output": "",
- "compute_extension:consoles": "",
- "compute_extension:createserverext": "",
- "compute_extension:deferred_delete": "",
- "compute_extension:disk_config": "",
- "compute_extension:evacuate": "rule:admin_api",
- "compute_extension:extended_server_attributes": "rule:admin_api",
- "compute_extension:extended_status": "",
- "compute_extension:extended_availability_zone": "",
- "compute_extension:extended_ips": "",
- "compute_extension:extended_ips_mac": "",
- "compute_extension:extended_vif_net": "",
- "compute_extension:extended_volumes": "",
- "compute_extension:fixed_ips": "rule:admin_api",
- "compute_extension:flavor_access": "",
- "compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
- "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
- "compute_extension:flavor_disabled": "",
- "compute_extension:flavor_rxtx": "",
- "compute_extension:flavor_swap": "",
- "compute_extension:flavorextradata": "",
- "compute_extension:flavorextraspecs:index": "",
- "compute_extension:flavorextraspecs:show": "",
- "compute_extension:flavorextraspecs:create": "rule:admin_api",
- "compute_extension:flavorextraspecs:update": "rule:admin_api",
- "compute_extension:flavorextraspecs:delete": "rule:admin_api",
- "compute_extension:flavormanage": "rule:admin_api",
- "compute_extension:floating_ip_dns": "",
- "compute_extension:floating_ip_pools": "",
- "compute_extension:floating_ips": "",
- "compute_extension:floating_ips_bulk": "rule:admin_api",
- "compute_extension:fping": "",
- "compute_extension:fping:all_tenants": "rule:admin_api",
- "compute_extension:hide_server_addresses": "is_admin:False",
- "compute_extension:hosts": "rule:admin_api",
- "compute_extension:hypervisors": "rule:admin_api",
- "compute_extension:image_size": "",
- "compute_extension:instance_actions": "",
- "compute_extension:instance_actions:events": "rule:admin_api",
- "compute_extension:instance_usage_audit_log": "rule:admin_api",
- "compute_extension:keypairs": "",
- "compute_extension:keypairs:index": "",
- "compute_extension:keypairs:show": "",
- "compute_extension:keypairs:create": "",
- "compute_extension:keypairs:delete": "",
- "compute_extension:multinic": "",
- "compute_extension:networks": "rule:admin_api",
- "compute_extension:networks:view": "",
- "compute_extension:networks_associate": "rule:admin_api",
- "compute_extension:os-tenant-networks": "",
- "compute_extension:quotas:show": "",
- "compute_extension:quotas:update": "rule:admin_api",
- "compute_extension:quotas:delete": "rule:admin_api",
- "compute_extension:quota_classes": "",
- "compute_extension:rescue": "",
- "compute_extension:security_group_default_rules": "rule:admin_api",
- "compute_extension:security_groups": "",
- "compute_extension:server_diagnostics": "rule:admin_api",
- "compute_extension:server_groups": "",
- "compute_extension:server_password": "",
- "compute_extension:server_usage": "",
- "compute_extension:services": "rule:admin_api",
- "compute_extension:shelve": "",
- "compute_extension:shelveOffload": "rule:admin_api",
- "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
- "compute_extension:simple_tenant_usage:list": "rule:admin_api",
- "compute_extension:unshelve": "",
- "compute_extension:users": "rule:admin_api",
- "compute_extension:virtual_interfaces": "",
- "compute_extension:virtual_storage_arrays": "",
- "compute_extension:volumes": "",
- "compute_extension:volume_attachments:index": "",
- "compute_extension:volume_attachments:show": "",
- "compute_extension:volume_attachments:create": "",
- "compute_extension:volume_attachments:update": "",
- "compute_extension:volume_attachments:delete": "",
- "compute_extension:volumetypes": "",
- "compute_extension:availability_zone:list": "",
- "compute_extension:availability_zone:detail": "rule:admin_api",
- "compute_extension:used_limits_for_admin": "rule:admin_api",
- "compute_extension:migrations:index": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
- "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
- "compute_extension:console_auth_tokens": "rule:admin_api",
- "compute_extension:os-server-external-events:create": "rule:admin_api",
-
- "network:get_all": "",
- "network:get": "",
- "network:create": "",
- "network:delete": "",
- "network:associate": "",
- "network:disassociate": "",
- "network:get_vifs_by_instance": "",
- "network:allocate_for_instance": "",
- "network:deallocate_for_instance": "",
- "network:validate_networks": "",
- "network:get_instance_uuids_by_ip_filter": "",
- "network:get_instance_id_by_floating_address": "",
- "network:setup_networks_on_host": "",
- "network:get_backdoor_port": "",
-
- "network:get_floating_ip": "",
- "network:get_floating_ip_pools": "",
- "network:get_floating_ip_by_address": "",
- "network:get_floating_ips_by_project": "",
- "network:get_floating_ips_by_fixed_address": "",
- "network:allocate_floating_ip": "",
- "network:associate_floating_ip": "",
- "network:disassociate_floating_ip": "",
- "network:release_floating_ip": "",
- "network:migrate_instance_start": "",
- "network:migrate_instance_finish": "",
-
- "network:get_fixed_ip": "",
- "network:get_fixed_ip_by_address": "",
- "network:add_fixed_ip_to_instance": "",
- "network:remove_fixed_ip_from_instance": "",
- "network:add_network_to_project": "",
- "network:get_instance_nw_info": "",
-
- "network:get_dns_domains": "",
- "network:add_dns_entry": "",
- "network:modify_dns_entry": "",
- "network:delete_dns_entry": "",
- "network:get_dns_entries_by_address": "",
- "network:get_dns_entries_by_name": "",
- "network:create_private_dns_domain": "",
- "network:create_public_dns_domain": "",
- "network:delete_dns_domain": "",
- "network:attach_external_network": "rule:admin_api",
- "network:get_vif_by_mac_address": "",
-
- "os_compute_api:servers:detail:get_all_tenants": "is_admin:True",
- "os_compute_api:servers:index:get_all_tenants": "is_admin:True",
- "os_compute_api:servers:confirm_resize": "",
- "os_compute_api:servers:create": "",
- "os_compute_api:servers:create:attach_network": "",
- "os_compute_api:servers:create:attach_volume": "",
- "os_compute_api:servers:create:forced_host": "rule:admin_api",
- "os_compute_api:servers:delete": "",
- "os_compute_api:servers:update": "",
- "os_compute_api:servers:detail": "",
- "os_compute_api:servers:index": "",
- "os_compute_api:servers:reboot": "",
- "os_compute_api:servers:rebuild": "",
- "os_compute_api:servers:resize": "",
- "os_compute_api:servers:revert_resize": "",
- "os_compute_api:servers:show": "",
- "os_compute_api:servers:create_image": "",
- "os_compute_api:servers:create_image:allow_volume_backed": "",
- "os_compute_api:servers:start": "rule:admin_or_owner",
- "os_compute_api:servers:stop": "rule:admin_or_owner",
- "os_compute_api:os-access-ips:discoverable": "",
- "os_compute_api:os-access-ips": "",
- "os_compute_api:os-admin-actions": "rule:admin_api",
- "os_compute_api:os-admin-actions:discoverable": "",
- "os_compute_api:os-admin-actions:reset_network": "rule:admin_api",
- "os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api",
- "os_compute_api:os-admin-actions:reset_state": "rule:admin_api",
- "os_compute_api:os-admin-password": "",
- "os_compute_api:os-admin-password:discoverable": "",
- "os_compute_api:os-aggregates:discoverable": "",
- "os_compute_api:os-aggregates:index": "rule:admin_api",
- "os_compute_api:os-aggregates:create": "rule:admin_api",
- "os_compute_api:os-aggregates:show": "rule:admin_api",
- "os_compute_api:os-aggregates:update": "rule:admin_api",
- "os_compute_api:os-aggregates:delete": "rule:admin_api",
- "os_compute_api:os-aggregates:add_host": "rule:admin_api",
- "os_compute_api:os-aggregates:remove_host": "rule:admin_api",
- "os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
- "os_compute_api:os-agents": "rule:admin_api",
- "os_compute_api:os-agents:discoverable": "",
- "os_compute_api:os-attach-interfaces": "",
- "os_compute_api:os-attach-interfaces:discoverable": "",
- "os_compute_api:os-baremetal-nodes": "rule:admin_api",
- "os_compute_api:os-baremetal-nodes:discoverable": "",
- "os_compute_api:os-block-device-mapping-v1:discoverable": "",
- "os_compute_api:os-cells": "rule:admin_api",
- "os_compute_api:os-cells:create": "rule:admin_api",
- "os_compute_api:os-cells:delete": "rule:admin_api",
- "os_compute_api:os-cells:update": "rule:admin_api",
- "os_compute_api:os-cells:sync_instances": "rule:admin_api",
- "os_compute_api:os-cells:discoverable": "",
- "os_compute_api:os-certificates:create": "",
- "os_compute_api:os-certificates:show": "",
- "os_compute_api:os-certificates:discoverable": "",
- "os_compute_api:os-cloudpipe": "rule:admin_api",
- "os_compute_api:os-cloudpipe:discoverable": "",
- "os_compute_api:os-config-drive": "",
- "os_compute_api:os-consoles:discoverable": "",
- "os_compute_api:os-consoles:create": "",
- "os_compute_api:os-consoles:delete": "",
- "os_compute_api:os-consoles:index": "",
- "os_compute_api:os-consoles:show": "",
- "os_compute_api:os-console-output:discoverable": "",
- "os_compute_api:os-console-output": "",
- "os_compute_api:os-remote-consoles": "",
- "os_compute_api:os-remote-consoles:discoverable": "",
- "os_compute_api:os-create-backup:discoverable": "",
- "os_compute_api:os-create-backup": "rule:admin_or_owner",
- "os_compute_api:os-deferred-delete": "",
- "os_compute_api:os-deferred-delete:discoverable": "",
- "os_compute_api:os-disk-config": "",
- "os_compute_api:os-disk-config:discoverable": "",
- "os_compute_api:os-evacuate": "rule:admin_api",
- "os_compute_api:os-evacuate:discoverable": "",
- "os_compute_api:os-extended-server-attributes": "rule:admin_api",
- "os_compute_api:os-extended-server-attributes:discoverable": "",
- "os_compute_api:os-extended-status": "",
- "os_compute_api:os-extended-status:discoverable": "",
- "os_compute_api:os-extended-availability-zone": "",
- "os_compute_api:os-extended-availability-zone:discoverable": "",
- "os_compute_api:extensions": "",
- "os_compute_api:extension_info:discoverable": "",
- "os_compute_api:os-extended-volumes": "",
- "os_compute_api:os-extended-volumes:discoverable": "",
- "os_compute_api:os-fixed-ips": "rule:admin_api",
- "os_compute_api:os-fixed-ips:discoverable": "",
- "os_compute_api:os-flavor-access": "",
- "os_compute_api:os-flavor-access:discoverable": "",
- "os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api",
- "os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api",
- "os_compute_api:os-flavor-rxtx": "",
- "os_compute_api:os-flavor-rxtx:discoverable": "",
- "os_compute_api:flavors:discoverable": "",
- "os_compute_api:os-flavor-extra-specs:discoverable": "",
- "os_compute_api:os-flavor-extra-specs:index": "",
- "os_compute_api:os-flavor-extra-specs:show": "",
- "os_compute_api:os-flavor-extra-specs:create": "rule:admin_api",
- "os_compute_api:os-flavor-extra-specs:update": "rule:admin_api",
- "os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api",
- "os_compute_api:os-flavor-manage:discoverable": "",
- "os_compute_api:os-flavor-manage": "rule:admin_api",
- "os_compute_api:os-floating-ip-dns": "",
- "os_compute_api:os-floating-ip-dns:discoverable": "",
- "os_compute_api:os-floating-ip-dns:domain:update": "rule:admin_api",
- "os_compute_api:os-floating-ip-dns:domain:delete": "rule:admin_api",
- "os_compute_api:os-floating-ip-pools": "",
- "os_compute_api:os-floating-ip-pools:discoverable": "",
- "os_compute_api:os-floating-ips": "",
- "os_compute_api:os-floating-ips:discoverable": "",
- "os_compute_api:os-floating-ips-bulk": "rule:admin_api",
- "os_compute_api:os-floating-ips-bulk:discoverable": "",
- "os_compute_api:os-fping": "",
- "os_compute_api:os-fping:discoverable": "",
- "os_compute_api:os-fping:all_tenants": "rule:admin_api",
- "os_compute_api:os-hide-server-addresses": "is_admin:False",
- "os_compute_api:os-hide-server-addresses:discoverable": "",
- "os_compute_api:os-hosts": "rule:admin_api",
- "os_compute_api:os-hosts:discoverable": "",
- "os_compute_api:os-hypervisors": "rule:admin_api",
- "os_compute_api:os-hypervisors:discoverable": "",
- "os_compute_api:images:discoverable": "",
- "os_compute_api:image-size": "",
- "os_compute_api:image-size:discoverable": "",
- "os_compute_api:os-instance-actions": "",
- "os_compute_api:os-instance-actions:discoverable": "",
- "os_compute_api:os-instance-actions:events": "rule:admin_api",
- "os_compute_api:os-instance-usage-audit-log": "rule:admin_api",
- "os_compute_api:os-instance-usage-audit-log:discoverable": "",
- "os_compute_api:ips:discoverable": "",
- "os_compute_api:ips:index": "rule:admin_or_owner",
- "os_compute_api:ips:show": "rule:admin_or_owner",
- "os_compute_api:os-keypairs:discoverable": "",
- "os_compute_api:os-keypairs": "",
- "os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s",
- "os_compute_api:limits:discoverable": "",
- "os_compute_api:limits": "",
- "os_compute_api:os-lock-server:discoverable": "",
- "os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
- "os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
- "os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
- "os_compute_api:os-migrate-server:discoverable": "",
- "os_compute_api:os-migrate-server:migrate": "rule:admin_api",
- "os_compute_api:os-migrate-server:migrate_live": "rule:admin_api",
- "os_compute_api:os-multinic": "",
- "os_compute_api:os-multinic:discoverable": "",
- "os_compute_api:os-networks": "rule:admin_api",
- "os_compute_api:os-networks:view": "",
- "os_compute_api:os-networks:discoverable": "",
- "os_compute_api:os-networks-associate": "rule:admin_api",
- "os_compute_api:os-networks-associate:discoverable": "",
- "os_compute_api:os-pause-server:discoverable": "",
- "os_compute_api:os-pause-server:pause": "rule:admin_or_owner",
- "os_compute_api:os-pause-server:unpause": "rule:admin_or_owner",
- "os_compute_api:os-pci:pci_servers": "",
- "os_compute_api:os-pci:discoverable": "",
- "os_compute_api:os-pci:index": "rule:admin_api",
- "os_compute_api:os-pci:detail": "rule:admin_api",
- "os_compute_api:os-pci:show": "rule:admin_api",
- "os_compute_api:os-personality:discoverable": "",
- "os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "",
- "os_compute_api:os-quota-sets:discoverable": "",
- "os_compute_api:os-quota-sets:show": "rule:admin_or_owner",
- "os_compute_api:os-quota-sets:defaults": "",
- "os_compute_api:os-quota-sets:update": "rule:admin_api",
- "os_compute_api:os-quota-sets:delete": "rule:admin_api",
- "os_compute_api:os-quota-sets:detail": "rule:admin_api",
- "os_compute_api:os-quota-class-sets:update": "rule:admin_api",
- "os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s",
- "os_compute_api:os-quota-class-sets:discoverable": "",
- "os_compute_api:os-rescue": "",
- "os_compute_api:os-rescue:discoverable": "",
- "os_compute_api:os-scheduler-hints:discoverable": "",
- "os_compute_api:os-security-group-default-rules:discoverable": "",
- "os_compute_api:os-security-group-default-rules": "rule:admin_api",
- "os_compute_api:os-security-groups": "",
- "os_compute_api:os-security-groups:discoverable": "",
- "os_compute_api:os-server-diagnostics": "rule:admin_api",
- "os_compute_api:os-server-diagnostics:discoverable": "",
- "os_compute_api:os-server-password": "",
- "os_compute_api:os-server-password:discoverable": "",
- "os_compute_api:os-server-usage": "",
- "os_compute_api:os-server-usage:discoverable": "",
- "os_compute_api:os-server-groups": "",
- "os_compute_api:os-server-groups:discoverable": "",
- "os_compute_api:os-services": "rule:admin_api",
- "os_compute_api:os-services:discoverable": "",
- "os_compute_api:server-metadata:discoverable": "",
- "os_compute_api:server-metadata:index": "rule:admin_or_owner",
- "os_compute_api:server-metadata:show": "rule:admin_or_owner",
- "os_compute_api:server-metadata:delete": "rule:admin_or_owner",
- "os_compute_api:server-metadata:create": "rule:admin_or_owner",
- "os_compute_api:server-metadata:update": "rule:admin_or_owner",
- "os_compute_api:server-metadata:update_all": "rule:admin_or_owner",
- "os_compute_api:servers:discoverable": "",
- "os_compute_api:os-shelve:shelve": "",
- "os_compute_api:os-shelve:shelve:discoverable": "",
- "os_compute_api:os-shelve:shelve_offload": "rule:admin_api",
- "os_compute_api:os-simple-tenant-usage:discoverable": "",
- "os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner",
- "os_compute_api:os-simple-tenant-usage:list": "rule:admin_api",
- "os_compute_api:os-suspend-server:discoverable": "",
- "os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner",
- "os_compute_api:os-suspend-server:resume": "rule:admin_or_owner",
- "os_compute_api:os-tenant-networks": "rule:admin_or_owner",
- "os_compute_api:os-tenant-networks:discoverable": "",
- "os_compute_api:os-shelve:unshelve": "",
- "os_compute_api:os-user-data:discoverable": "",
- "os_compute_api:os-virtual-interfaces": "",
- "os_compute_api:os-virtual-interfaces:discoverable": "",
- "os_compute_api:os-volumes": "",
- "os_compute_api:os-volumes:discoverable": "",
- "os_compute_api:os-volumes-attachments:index": "",
- "os_compute_api:os-volumes-attachments:show": "",
- "os_compute_api:os-volumes-attachments:create": "",
- "os_compute_api:os-volumes-attachments:update": "",
- "os_compute_api:os-volumes-attachments:delete": "",
- "os_compute_api:os-volumes-attachments:discoverable": "",
- "os_compute_api:os-availability-zone:list": "",
- "os_compute_api:os-availability-zone:discoverable": "",
- "os_compute_api:os-availability-zone:detail": "rule:admin_api",
- "os_compute_api:os-used-limits": "rule:admin_api",
- "os_compute_api:os-used-limits:discoverable": "",
- "os_compute_api:os-migrations:index": "rule:admin_api",
- "os_compute_api:os-migrations:discoverable": "",
- "os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api",
- "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
- "os_compute_api:os-assisted-volume-snapshots:discoverable": "",
- "os_compute_api:os-console-auth-tokens": "rule:admin_api",
- "os_compute_api:os-server-external-events:create": "rule:admin_api"
-}