Skip to content

Gutyán Gábor / circlestack

Go to a project
Commit 8ea3fe0c by Szabolcs Gelencser
Options

Add initial permission checks

parent d484ad4b
Showing with 1623 additions and 312 deletions
.idea/inspectionProfiles/Project_Default.xml
......@@ -14,8 +14,11 @@
<inspection_tool class="PyPackageRequirementsInspection" enabled="true" level="WARNING" enabled_by_default="true">
<option name="ignoredPackages">
<value>
<list size="1">
<list size="4">
<item index="0" class="java.lang.String" itemvalue="salt" />
<item index="1" class="java.lang.String" itemvalue="six" />
<item index="2" class="java.lang.String" itemvalue="netaddr" />
<item index="3" class="java.lang.String" itemvalue="requests" />
</list>
</value>
</option>
......
.idea/workspace.xml
......@@ -2,10 +2,19 @@
<project version="4">
<component name="ChangeListManager">
<list default="true" id="1fbec8af-5a7c-40f9-b994-83ac07d1ae1d" name="Default" comment="">
<change beforePath="" afterPath="$PROJECT_DIR$/circle/circle/os_policies/cinder_policy.json" />
<change beforePath="" afterPath="$PROJECT_DIR$/circle/circle/os_policies/glance_policy.json" />
<change beforePath="" afterPath="$PROJECT_DIR$/circle/circle/os_policies/keystone_policy.json" />
<change beforePath="" afterPath="$PROJECT_DIR$/circle/circle/os_policies/neutron_policy.json" />
<change beforePath="" afterPath="$PROJECT_DIR$/circle/circle/os_policies/nova_policy.json" />
<change beforePath="$PROJECT_DIR$/.idea/inspectionProfiles/Project_Default.xml" afterPath="$PROJECT_DIR$/.idea/inspectionProfiles/Project_Default.xml" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" afterPath="$PROJECT_DIR$/.idea/workspace.xml" />
<change beforePath="$PROJECT_DIR$/circle/circle/settings/base.py" afterPath="$PROJECT_DIR$/circle/circle/settings/base.py" />
<change beforePath="$PROJECT_DIR$/circle/common/operations.py" afterPath="$PROJECT_DIR$/circle/common/operations.py" />
<change beforePath="$PROJECT_DIR$/circle/dashboard/views/util.py" afterPath="$PROJECT_DIR$/circle/dashboard/views/util.py" />
<change beforePath="$PROJECT_DIR$/circle/dashboard/views/vm.py" afterPath="$PROJECT_DIR$/circle/dashboard/views/vm.py" />
<change beforePath="$PROJECT_DIR$/circle/vm/models/instance.py" afterPath="$PROJECT_DIR$/circle/vm/models/instance.py" />
<change beforePath="$PROJECT_DIR$/circle/vm/operations.py" afterPath="$PROJECT_DIR$/circle/vm/operations.py" />
<change beforePath="$PROJECT_DIR$/requirements/circlestack.txt" afterPath="$PROJECT_DIR$/requirements/circlestack.txt" />
</list>
<option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
<option name="TRACKING_ENABLED" value="true" />
......@@ -31,55 +40,43 @@
</component>
<component name="FileEditorManager">
<leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
<file leaf-file-name="urls.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/dashboard/urls.py">
<file leaf-file-name="operations.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/vm/operations.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="163">
<caret line="101" column="35" lean-forward="false" selection-start-line="101" selection-start-column="35" selection-end-line="101" selection-end-column="35" />
<caret line="130" column="0" lean-forward="false" selection-start-line="130" selection-start-column="0" selection-end-line="130" selection-end-column="0" />
<folding>
<element signature="e#732#770#0" expanded="true" />
<element signature="e#732#788#0" expanded="true" />
</folding>
</state>
</provider>
</entry>
</file>
<file leaf-file-name="__init__.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/__init__.py">
<file leaf-file-name="util.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/util.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="187">
<caret line="11" column="5" lean-forward="false" selection-start-line="11" selection-start-column="5" selection-end-line="11" selection-end-column="5" />
<state relative-caret-position="302">
<caret line="290" column="50" lean-forward="false" selection-start-line="290" selection-start-column="50" selection-end-line="290" selection-end-column="50" />
<folding />
</state>
</provider>
</entry>
</file>
<file leaf-file-name="vm.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/vm.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="182">
<caret line="1258" column="65" lean-forward="true" selection-start-line="1258" selection-start-column="65" selection-end-line="1258" selection-end-column="65" />
<folding>
<element signature="e#731#787#0" expanded="true" />
</folding>
</state>
</provider>
</entry>
</file>
<file leaf-file-name="models.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/dashboard/models.py">
<file leaf-file-name="nova_policy.json" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/nova_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="205">
<caret line="86" column="27" lean-forward="false" selection-start-line="86" selection-start-column="27" selection-end-line="86" selection-end-column="27" />
<state relative-caret-position="17">
<caret line="52" column="0" lean-forward="true" selection-start-line="52" selection-start-column="0" selection-end-line="52" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
</file>
<file leaf-file-name="instance.py" pinned="false" current-in-tab="true">
<entry file="file://$PROJECT_DIR$/circle/vm/models/instance.py">
<file leaf-file-name="vm.py" pinned="false" current-in-tab="true">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/vm.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="384">
<caret line="308" column="0" lean-forward="true" selection-start-line="308" selection-start-column="0" selection-end-line="308" selection-end-column="0" />
<state relative-caret-position="163">
<caret line="1270" column="61" lean-forward="false" selection-start-line="1270" selection-start-column="61" selection-end-line="1270" selection-end-column="61" />
<folding />
</state>
</provider>
......@@ -88,8 +85,8 @@
<file leaf-file-name="operations.py" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/circle/common/operations.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="409">
<caret line="115" column="32" lean-forward="false" selection-start-line="115" selection-start-column="32" selection-end-line="115" selection-end-column="32" />
<state relative-caret-position="426">
<caret line="74" column="41" lean-forward="false" selection-start-line="74" selection-start-column="41" selection-end-line="74" selection-end-column="41" />
<folding />
</state>
</provider>
......@@ -107,36 +104,36 @@
</component>
<component name="FindInProjectRecents">
<findStrings>
<find>operation</find>
<find>dep</find>
<find>precond</find>
<find>deployopera</find>
<find>Subope</find>
<find>suboper</find>
<find>deployoper</find>
<find>with_reload</find>
<find>deploy</find>
<find>vmdetail</find>
<find>TokenOperationView</find>
<find>deployope</find>
<find>deployOpe</find>
<find>#TODO</find>
<find>get_sta</find>
<find>synch</find>
<find>instance</find>
<find>Instance</find>
<find>Instance(</find>
<find>get_ob</find>
<find>check_auth</find>
<find>installed</find>
<find>openstack_auth</find>
<find>vm_ops</find>
<find>w</find>
<find>DeployOpera</find>
<find>InstanceOper</find>
<find>models</find>
<find>InstanceOperation(</find>
<find>openstack_aut</find>
<find>policy</find>
<find>get_operat</find>
<find>get_operations</find>
<find>vm_ops =</find>
<find>wakeupOper</find>
<find>Deployopera</find>
<find>((&quot;compute&quot;, &quot;compute:start&quot;),)wa</find>
<find>wakeup</find>
<find>sleep</find>
<find>RUNNING</find>
<find>'RUNNING'</find>
<find>Deploy</find>
<find>DeployOpe</find>
<find>sleepoper</find>
<find>rebootoper</find>
<find>&quot;compute:resume&quot;</find>
<find>reboot</find>
<find>shutoff</find>
<find>operationview</find>
<find>fav</find>
<find>favou</find>
<find>favouritevi</find>
<find>#TODO</find>
<find>get_sta</find>
<find>synch</find>
<find>destroyope</find>
</findStrings>
<replaceStrings>
<replace>'ACTIVE'</replace>
......@@ -169,7 +166,6 @@
<option value="$PROJECT_DIR$/circle/dashboard/templatetags/instance_tags.py" />
<option value="$PROJECT_DIR$/circle/dashboard/templates/auth/login.html" />
<option value="$PROJECT_DIR$/circle/storage/models.py" />
<option value="$PROJECT_DIR$/circle/circle/settings/base.py" />
<option value="$PROJECT_DIR$/circle/dashboard/templates/dashboard/index-vm.html" />
<option value="$PROJECT_DIR$/circle/vm/models/common.py" />
<option value="$PROJECT_DIR$/circle/dashboard/templates/base.html" />
......@@ -186,12 +182,19 @@
<option value="$PROJECT_DIR$/circle/openstack_api/glance.py" />
<option value="$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail.html" />
<option value="$PROJECT_DIR$/circle/acl/models.py" />
<option value="$PROJECT_DIR$/circle/dashboard/views/util.py" />
<option value="$PROJECT_DIR$/circle/vm/operations.py" />
<option value="$PROJECT_DIR$/circle/dashboard/urls.py" />
<option value="$PROJECT_DIR$/circle/dashboard/views/vm.py" />
<option value="$PROJECT_DIR$/circle/common/operations.py" />
<option value="$PROJECT_DIR$/circle/vm/models/instance.py" />
<option value="$PROJECT_DIR$/circle/circle/os_policies/neutron_policy.json" />
<option value="$PROJECT_DIR$/circle/circle/os_policies/cinder_policy.json" />
<option value="$PROJECT_DIR$/circle/circle/os_policies/glance_policy.json" />
<option value="$PROJECT_DIR$/circle/circle/os_policies/keystone_policy.json" />
<option value="$PROJECT_DIR$/circle/openstack_auth/__init__.py" />
<option value="$PROJECT_DIR$/circle/circle/settings/base.py" />
<option value="$PROJECT_DIR$/circle/circle/os_policies/nova_policy.json" />
<option value="$PROJECT_DIR$/circle/vm/operations.py" />
<option value="$PROJECT_DIR$/circle/dashboard/views/util.py" />
<option value="$PROJECT_DIR$/circle/common/operations.py" />
<option value="$PROJECT_DIR$/circle/dashboard/views/vm.py" />
</list>
</option>
</component>
......@@ -261,20 +264,49 @@
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="acl" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="acl" type="462c0819:PsiDirectoryNode" />
<item name="management" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="os_policies" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="dashboard" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="settings" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="openstack_auth" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="vm" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="cloud" type="462c0819:PsiDirectoryNode" />
<item name="circle" type="462c0819:PsiDirectoryNode" />
<item name="vm" type="462c0819:PsiDirectoryNode" />
<item name="models" type="462c0819:PsiDirectoryNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="External Libraries" type="cb654da1:ExternalLibrariesNode" />
</path>
<path>
<item name="cloud" type="b2602c69:ProjectViewProjectNode" />
<item name="External Libraries" type="cb654da1:ExternalLibrariesNode" />
<item name="&lt; Python 2.7 (cloud) &gt;" type="70bed36:NamedLibraryElementNode" />
</path>
</expand>
<select />
......@@ -357,8 +389,8 @@
<window_info id="Event Log" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.327818" sideWeight="0.5021299" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Run" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.32875264" sideWeight="0.4978701" order="2" side_tool="false" content_ui="tabs" />
<window_info id="Version Control" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.32875264" sideWeight="0.5" order="7" side_tool="false" content_ui="tabs" />
<window_info id="Python Console" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.39852008" sideWeight="0.42438763" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Terminal" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" show_stripe_button="true" weight="0.43023255" sideWeight="0.43610224" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Python Console" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.43023255" sideWeight="0.43610224" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Terminal" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.43023255" sideWeight="0.43610224" order="7" side_tool="true" content_ui="tabs" />
<window_info id="Project" active="false" anchor="left" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="true" show_stripe_button="true" weight="0.157082" sideWeight="0.5" order="0" side_tool="false" content_ui="combo" />
<window_info id="Docker" active="false" anchor="bottom" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="false" weight="0.33" sideWeight="0.5" order="8" side_tool="false" content_ui="tabs" />
<window_info id="Database" active="false" anchor="right" auto_hide="false" internal_type="DOCKED" type="DOCKED" visible="false" show_stripe_button="true" weight="0.33" sideWeight="0.5" order="3" side_tool="false" content_ui="tabs" />
......@@ -400,6 +432,32 @@
<component name="TypeScriptGeneratedFilesManager">
<option name="version" value="1" />
</component>
<component name="Vcs.Log.Tabs.Properties">
<option name="TAB_STATES">
<map>
<entry key="MAIN">
<value>
<State>
<option name="RECENTLY_FILTERED_USER_GROUPS">
<collection />
</option>
<option name="RECENTLY_FILTERED_BRANCH_GROUPS">
<collection />
</option>
<option name="COLUMN_ORDER">
<list>
<option value="0" />
<option value="1" />
<option value="2" />
<option value="3" />
</list>
</option>
</State>
</value>
</entry>
</map>
</option>
</component>
<component name="VcsContentAnnotationSettings">
<option name="myLimit" value="2678400000" />
</component>
......@@ -422,446 +480,490 @@
</properties>
</breakpoint>
</default-breakpoints>
<option name="time" value="108" />
<option name="time" value="122" />
</breakpoint-manager>
<watches-manager />
</component>
<component name="debuggerHistoryManager">
<expressions id="evaluateCodeFragment">
<expression>
<expression-string>check(self.os_policy_actions, request,
{'project_id': self.instance._os_server.tenant_id})</expression-string>
<language-id>Python</language-id>
<evaluation-mode>CODE_FRAGMENT</evaluation-mode>
</expression>
<expression>
<expression-string>has_rights = policy(self.os_policy_actions, request,
{'project_id': self.instance._os_server.tenant_id})</expression-string>
<language-id>Python</language-id>
<evaluation-mode>CODE_FRAGMENT</evaluation-mode>
</expression>
<expression>
<expression-string>has_rights = policy.check(self.os_policy_actions, request,
{'project_id': self.instance._os_server.tenant_id})</expression-string>
<language-id>Python</language-id>
<evaluation-mode>CODE_FRAGMENT</evaluation-mode>
</expression>
<expression>
<expression-string>openstack_auth.policy.check(self.os_policy_actions, request,
{'project_id': self.instance._os_server.tenant_id})</expression-string>
<language-id>Python</language-id>
<evaluation-mode>CODE_FRAGMENT</evaluation-mode>
</expression>
</expressions>
<expressions id="evaluateExpression">
<expression>
<expression-string>unicode(self.STATUS[self.status])</expression-string>
<expression-string>import_string(&quot;openstack_auth.policy.check&quot;)</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>self.STATUS[self.status]</expression-string>
<expression-string>policy = import_string(&quot;openstack_auth.policy.check&quot;)</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>json.dumps(response)</expression-string>
<expression-string>policy = import_string(&quot;POLICY_CHECK_FUNCTION&quot;)</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>self</expression-string>
<expression-string>instance._os_server.tenant_id</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>self.model</expression-string>
<expression-string>instance._os_server._attrs</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>Instance.get_from_os(self.model, self.request)</expression-string>
<expression-string>openstack_api.glance.</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>self.model.get_from_os(self.model, self.request)</expression-string>
<expression-string>openstack_api.glance.get_image_upload_mode()</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>self.model.get_from_os(self.request)</expression-string>
<expression-string>openstack_api.glance.tenant_quota_get(request, '31911a90329944c18c285398ec72e4f6')</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
<expression>
<expression-string>openstack_api.neutron.</expression-string>
<expression-string>openstack_api.cinder.tenant_quota_get(request, '31911a90329944c18c285398ec72e4f6')</expression-string>
<language-id>Python</language-id>
<evaluation-mode>EXPRESSION</evaluation-mode>
</expression>
</expressions>
</component>
<component name="editorHistoryManager">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/braces/views/_access.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/forms.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="419">
<caret line="101" column="0" lean-forward="false" selection-start-line="101" selection-start-column="0" selection-end-line="101" selection-end-column="0" />
<folding />
<state relative-caret-position="181">
<caret line="983" column="6" lean-forward="false" selection-start-line="983" selection-start-column="6" selection-end-line="983" selection-end-column="6" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/base.html">
<entry file="file:///usr/lib/python2.7/threading.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="192">
<caret line="49" column="14" lean-forward="false" selection-start-line="49" selection-start-column="14" selection-end-line="49" selection-end-column="14" />
<state relative-caret-position="181">
<caret line="753" column="0" lean-forward="false" selection-start-line="753" selection-start-column="0" selection-end-line="753" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/request/urls.py">
<entry file="file:///usr/lib/python2.7/SocketServer.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="-204">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="173">
<caret line="595" column="0" lean-forward="false" selection-start-line="595" selection-start-column="0" selection-end-line="595" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/circle/urls.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/servers/basehttp.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="207">
<caret line="36" column="0" lean-forward="true" selection-start-line="36" selection-start-column="0" selection-end-line="36" selection-end-column="0" />
<state relative-caret-position="181">
<caret line="154" column="0" lean-forward="false" selection-start-line="154" selection-start-column="0" selection-end-line="154" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail/access.html">
<entry file="file:///usr/lib/python2.7/wsgiref/handlers.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="255">
<caret line="15" column="11" lean-forward="true" selection-start-line="13" selection-start-column="61" selection-end-line="15" selection-end-column="11" />
<state relative-caret-position="181">
<caret line="84" column="0" lean-forward="false" selection-start-line="84" selection-start-column="0" selection-end-line="84" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/autocomplete.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="173">
<caret line="25" column="31" lean-forward="false" selection-start-line="25" selection-start-column="31" selection-end-line="25" selection-end-column="31" />
<folding />
<state relative-caret-position="408">
<caret line="62" column="0" lean-forward="false" selection-start-line="62" selection-start-column="0" selection-end-line="62" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/openstack_auth/plugin/base.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="317">
<caret line="97" column="56" lean-forward="false" selection-start-line="97" selection-start-column="56" selection-end-line="97" selection-end-column="56" />
<state relative-caret-position="181">
<caret line="156" column="0" lean-forward="false" selection-start-line="156" selection-start-column="0" selection-end-line="156" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/index-vm.html">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/generic/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="595">
<caret line="35" column="32" lean-forward="false" selection-start-line="35" selection-start-column="32" selection-end-line="35" selection-end-column="32" />
<state relative-caret-position="275">
<caret line="67" column="0" lean-forward="false" selection-start-line="67" selection-start-column="0" selection-end-line="67" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/index.html">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/generic/detail.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="306">
<caret line="18" column="33" lean-forward="false" selection-start-line="18" selection-start-column="33" selection-end-line="18" selection-end-column="33" />
<state relative-caret-position="198">
<caret line="115" column="0" lean-forward="false" selection-start-line="115" selection-start-column="0" selection-end-line="115" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/openstack_api/glance.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/operate.html">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="460">
<caret line="249" column="0" lean-forward="true" selection-start-line="249" selection-start-column="0" selection-end-line="249" selection-end-column="0" />
<state relative-caret-position="0">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/openstack_api/base.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/template/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="323">
<caret line="115" column="25" lean-forward="false" selection-start-line="115" selection-start-column="13" selection-end-line="115" selection-end-column="25" />
<state relative-caret-position="16898">
<caret line="1023" column="0" lean-forward="false" selection-start-line="1023" selection-start-column="0" selection-end-line="1023" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail/home.html">
<entry file="file://$PROJECT_DIR$/circle/circle/wsgi.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="102">
<caret line="6" column="64" lean-forward="false" selection-start-line="6" selection-start-column="64" selection-end-line="6" selection-end-column="64" />
<state relative-caret-position="969">
<caret line="59" column="0" lean-forward="false" selection-start-line="59" selection-start-column="0" selection-end-line="59" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail/_operations.html">
<entry file="file://$PROJECT_DIR$/circle/vm/models/activity.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="119">
<caret line="7" column="10" lean-forward="false" selection-start-line="7" selection-start-column="10" selection-end-line="7" selection-end-column="10" />
<state relative-caret-position="1598">
<caret line="111" column="0" lean-forward="false" selection-start-line="111" selection-start-column="0" selection-end-line="111" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/template/response.py">
<entry file="file://$PROJECT_DIR$/circle/vm/tasks/local_tasks.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="377">
<caret line="95" column="29" lean-forward="false" selection-start-line="95" selection-start-column="29" selection-end-line="95" selection-end-column="29" />
<state relative-caret-position="326">
<caret line="33" column="30" lean-forward="true" selection-start-line="33" selection-start-column="30" selection-end-line="33" selection-end-column="30" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail/_activity-timeline.html">
<entry file="file://$USER_HOME$/.PyCharm2017.3/system/python_stubs/-66389823/__builtin__.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="-357">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="190">
<caret line="518" column="4" lean-forward="false" selection-start-line="518" selection-start-column="4" selection-end-line="518" selection-end-column="4" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail/activity.html">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/decorators/http.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="85">
<caret line="5" column="46" lean-forward="true" selection-start-line="5" selection-start-column="46" selection-end-line="5" selection-end-column="46" />
<state relative-caret-position="527">
<caret line="39" column="0" lean-forward="false" selection-start-line="39" selection-start-column="0" selection-end-line="39" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/vm-detail.html">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="386">
<caret line="225" column="61" lean-forward="false" selection-start-line="225" selection-start-column="61" selection-end-line="225" selection-end-column="61" />
<state relative-caret-position="411">
<caret line="248" column="0" lean-forward="false" selection-start-line="248" selection-start-column="0" selection-end-line="248" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/forms.py">
<entry file="file://$PROJECT_DIR$/circle/openstack_api/nova.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="181">
<caret line="983" column="6" lean-forward="false" selection-start-line="983" selection-start-column="6" selection-end-line="983" selection-end-column="6" />
<state relative-caret-position="190">
<caret line="544" column="4" lean-forward="false" selection-start-line="544" selection-start-column="4" selection-end-line="544" selection-end-column="4" />
<folding />
</state>
</provider>
</entry>
<entry file="file:///usr/lib/python2.7/threading.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/utils/functional.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="181">
<caret line="753" column="0" lean-forward="false" selection-start-line="753" selection-start-column="0" selection-end-line="753" selection-end-column="0" />
<state relative-caret-position="199">
<caret line="66" column="0" lean-forward="false" selection-start-line="66" selection-start-column="0" selection-end-line="66" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file:///usr/lib/python2.7/SocketServer.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/index.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="173">
<caret line="595" column="0" lean-forward="false" selection-start-line="595" selection-start-column="0" selection-end-line="595" selection-end-column="0" />
<state relative-caret-position="190">
<caret line="40" column="0" lean-forward="false" selection-start-line="40" selection-start-column="0" selection-end-line="40" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/servers/basehttp.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/utils/autoreload.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="181">
<caret line="154" column="0" lean-forward="false" selection-start-line="154" selection-start-column="0" selection-end-line="154" selection-end-column="0" />
<state relative-caret-position="171">
<caret line="227" column="0" lean-forward="false" selection-start-line="227" selection-start-column="0" selection-end-line="227" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file:///usr/lib/python2.7/wsgiref/handlers.py">
<entry file="file://$APPLICATION_HOME_DIR$/helpers/pydev/_pydev_bundle/pydev_monkey.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="181">
<caret line="84" column="0" lean-forward="false" selection-start-line="84" selection-start-column="0" selection-end-line="84" selection-end-column="0" />
<state relative-caret-position="163">
<caret line="588" column="0" lean-forward="false" selection-start-line="588" selection-start-column="0" selection-end-line="588" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/exception.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="408">
<caret line="62" column="0" lean-forward="false" selection-start-line="62" selection-start-column="0" selection-end-line="62" selection-end-column="0" />
<state relative-caret-position="494">
<caret line="59" column="37" lean-forward="false" selection-start-line="59" selection-start-column="37" selection-end-line="59" selection-end-column="37" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/__init__.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="181">
<caret line="156" column="0" lean-forward="false" selection-start-line="156" selection-start-column="0" selection-end-line="156" selection-end-column="0" />
<state relative-caret-position="187">
<caret line="11" column="5" lean-forward="false" selection-start-line="11" selection-start-column="5" selection-end-line="11" selection-end-column="5" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/generic/base.py">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/neutron_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="275">
<caret line="67" column="0" lean-forward="false" selection-start-line="67" selection-start-column="0" selection-end-line="67" selection-end-column="0" />
<state relative-caret-position="455">
<caret line="234" column="1" lean-forward="false" selection-start-line="234" selection-start-column="1" selection-end-line="234" selection-end-column="1" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/generic/detail.py">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/glance_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="198">
<caret line="115" column="0" lean-forward="false" selection-start-line="115" selection-start-column="0" selection-end-line="115" selection-end-column="0" />
<state relative-caret-position="183">
<caret line="46" column="0" lean-forward="true" selection-start-line="46" selection-start-column="0" selection-end-line="46" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/templates/dashboard/operate.html">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/keystone_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="455">
<caret line="226" column="0" lean-forward="true" selection-start-line="226" selection-start-column="0" selection-end-line="226" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/contrib/auth/models.py">
<entry file="file://$PROJECT_DIR$/circle/acl/views.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="190">
<caret line="380" column="6" lean-forward="false" selection-start-line="380" selection-start-column="6" selection-end-line="380" selection-end-column="6" />
<state relative-caret-position="0">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/openstack_auth/user.py">
<entry file="file://$PROJECT_DIR$/circle/common/models.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="-498">
<caret line="138" column="58" lean-forward="true" selection-start-line="138" selection-start-column="58" selection-end-line="138" selection-end-column="58" />
<state relative-caret-position="185">
<caret line="280" column="19" lean-forward="false" selection-start-line="280" selection-start-column="11" selection-end-line="280" selection-end-column="19" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/template/base.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/models.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="16898">
<caret line="1023" column="0" lean-forward="false" selection-start-line="1023" selection-start-column="0" selection-end-line="1023" selection-end-column="0" />
<state relative-caret-position="185">
<caret line="129" column="26" lean-forward="false" selection-start-line="129" selection-start-column="17" selection-end-line="129" selection-end-column="26" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/circle/wsgi.py">
<entry file="file://$PROJECT_DIR$/circle/acl/models.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="969">
<caret line="59" column="0" lean-forward="false" selection-start-line="59" selection-start-column="0" selection-end-line="59" selection-end-column="0" />
<state relative-caret-position="-515">
<caret line="59" column="13" lean-forward="false" selection-start-line="59" selection-start-column="4" selection-end-line="59" selection-end-column="13" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/vm/models/activity.py">
<entry file="file://$PROJECT_DIR$/circle/vm/models/instance.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="1598">
<caret line="111" column="0" lean-forward="false" selection-start-line="111" selection-start-column="0" selection-end-line="111" selection-end-column="0" />
<state relative-caret-position="520">
<caret line="392" column="35" lean-forward="true" selection-start-line="392" selection-start-column="35" selection-end-line="392" selection-end-column="35" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/acl/models.py">
<entry file="file:///usr/lib/python2.7/collections.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="420">
<caret line="150" column="55" lean-forward="true" selection-start-line="150" selection-start-column="55" selection-end-line="150" selection-end-column="55" />
<state relative-caret-position="171">
<caret line="137" column="8" lean-forward="false" selection-start-line="137" selection-start-column="8" selection-end-line="137" selection-end-column="8" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/vm/tasks/local_tasks.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/urls.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="326">
<caret line="33" column="30" lean-forward="true" selection-start-line="33" selection-start-column="30" selection-end-line="33" selection-end-column="30" />
<state relative-caret-position="590">
<caret line="226" column="22" lean-forward="true" selection-start-line="226" selection-start-column="22" selection-end-line="226" selection-end-column="22" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.PyCharm2017.3/system/python_stubs/-66389823/__builtin__.py">
<entry file="file:///usr/lib/python2.7/importlib/__init__.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="190">
<caret line="518" column="4" lean-forward="false" selection-start-line="518" selection-start-column="4" selection-end-line="518" selection-end-column="4" />
<state relative-caret-position="377">
<caret line="36" column="0" lean-forward="false" selection-start-line="36" selection-start-column="0" selection-end-line="36" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/views/decorators/http.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/apps/registry.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="527">
<caret line="39" column="0" lean-forward="false" selection-start-line="39" selection-start-column="0" selection-end-line="39" selection-end-column="0" />
<state relative-caret-position="171">
<caret line="246" column="0" lean-forward="false" selection-start-line="246" selection-start-column="0" selection-end-line="246" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/base.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/db/models/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="411">
<caret line="248" column="0" lean-forward="false" selection-start-line="248" selection-start-column="0" selection-end-line="248" selection-end-column="0" />
<state relative-caret-position="171">
<caret line="109" column="0" lean-forward="false" selection-start-line="109" selection-start-column="0" selection-end-line="109" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/openstack_api/nova.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/contrib/auth/base_user.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="190">
<caret line="544" column="4" lean-forward="false" selection-start-line="544" selection-start-column="4" selection-end-line="544" selection-end-column="4" />
<state relative-caret-position="171">
<caret line="51" column="0" lean-forward="false" selection-start-line="51" selection-start-column="0" selection-end-line="51" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/utils/functional.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/contrib/auth/models.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="199">
<caret line="66" column="0" lean-forward="false" selection-start-line="66" selection-start-column="0" selection-end-line="66" selection-end-column="0" />
<state relative-caret-position="51">
<caret line="3" column="0" lean-forward="false" selection-start-line="3" selection-start-column="0" selection-end-line="3" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/index.py">
<entry file="file://$PROJECT_DIR$/circle/openstack_auth/user.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="190">
<caret line="40" column="0" lean-forward="false" selection-start-line="40" selection-start-column="0" selection-end-line="40" selection-end-column="0" />
<folding />
<state relative-caret-position="182">
<caret line="137" column="17" lean-forward="false" selection-start-line="137" selection-start-column="17" selection-end-line="137" selection-end-column="17" />
<folding>
<element signature="e#546#561#0" expanded="true" />
</folding>
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/utils/autoreload.py">
<entry file="file://$PROJECT_DIR$/circle/openstack_auth/__init__.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="171">
<caret line="227" column="0" lean-forward="false" selection-start-line="227" selection-start-column="0" selection-end-line="227" selection-end-column="0" />
<state relative-caret-position="0">
<caret line="0" column="0" lean-forward="false" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$APPLICATION_HOME_DIR$/helpers/pydev/_pydev_bundle/pydev_monkey.py">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/cinder_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="163">
<caret line="588" column="0" lean-forward="false" selection-start-line="588" selection-start-column="0" selection-end-line="588" selection-end-column="0" />
<state relative-caret-position="2754">
<caret line="162" column="1" lean-forward="false" selection-start-line="162" selection-start-column="1" selection-end-line="162" selection-end-column="1" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/django/core/handlers/exception.py">
<entry file="file://$PROJECT_DIR$/circle/openstack_api/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="494">
<caret line="59" column="37" lean-forward="false" selection-start-line="59" selection-start-column="37" selection-end-line="59" selection-end-column="37" />
<state relative-caret-position="171">
<caret line="118" column="0" lean-forward="false" selection-start-line="118" selection-start-column="0" selection-end-line="118" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/vm/operations.py">
<entry file="file://$PROJECT_DIR$/circle/circle/settings/base.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="163">
<caret line="144" column="0" lean-forward="false" selection-start-line="144" selection-start-column="0" selection-end-line="144" selection-end-column="0" />
<state relative-caret-position="173">
<caret line="537" column="41" lean-forward="false" selection-start-line="537" selection-start-column="41" selection-end-line="537" selection-end-column="41" />
<folding>
<element signature="e#732#788#0" expanded="false" />
<element signature="e#782#791#0" expanded="true" />
</folding>
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/util.py">
<entry file="file://$USER_HOME$/.virtualenvs/cloud/local/lib/python2.7/site-packages/oslo_policy/policy.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="265">
<caret line="302" column="22" lean-forward="false" selection-start-line="302" selection-start-column="22" selection-end-line="302" selection-end-column="22" />
<state relative-caret-position="163">
<caret line="540" column="0" lean-forward="false" selection-start-line="540" selection-start-column="0" selection-end-line="540" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/__init__.py">
<entry file="file://$PROJECT_DIR$/circle/openstack_auth/policy.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="187">
<caret line="11" column="5" lean-forward="false" selection-start-line="11" selection-start-column="5" selection-end-line="11" selection-end-column="5" />
<folding />
<state relative-caret-position="299">
<caret line="156" column="0" lean-forward="false" selection-start-line="156" selection-start-column="0" selection-end-line="156" selection-end-column="0" />
<folding>
<element signature="e#615#629#0" expanded="false" />
</folding>
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/urls.py">
<entry file="file://$PROJECT_DIR$/circle/vm/operations.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="163">
<caret line="101" column="35" lean-forward="false" selection-start-line="101" selection-start-column="35" selection-end-line="101" selection-end-column="35" />
<caret line="130" column="0" lean-forward="false" selection-start-line="130" selection-start-column="0" selection-end-line="130" selection-end-column="0" />
<folding>
<element signature="e#732#770#0" expanded="true" />
<element signature="e#732#788#0" expanded="true" />
</folding>
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/models.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/util.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="205">
<caret line="86" column="27" lean-forward="false" selection-start-line="86" selection-start-column="27" selection-end-line="86" selection-end-column="27" />
<state relative-caret-position="302">
<caret line="290" column="50" lean-forward="false" selection-start-line="290" selection-start-column="50" selection-end-line="290" selection-end-column="50" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/vm.py">
<entry file="file://$PROJECT_DIR$/circle/common/operations.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="182">
<caret line="1258" column="65" lean-forward="true" selection-start-line="1258" selection-start-column="65" selection-end-line="1258" selection-end-column="65" />
<folding>
<element signature="e#731#787#0" expanded="true" />
</folding>
<state relative-caret-position="426">
<caret line="74" column="41" lean-forward="false" selection-start-line="74" selection-start-column="41" selection-end-line="74" selection-end-column="41" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/common/operations.py">
<entry file="file://$PROJECT_DIR$/circle/circle/os_policies/nova_policy.json">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="409">
<caret line="115" column="32" lean-forward="false" selection-start-line="115" selection-start-column="32" selection-end-line="115" selection-end-column="32" />
<state relative-caret-position="17">
<caret line="52" column="0" lean-forward="true" selection-start-line="52" selection-start-column="0" selection-end-line="52" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/circle/vm/models/instance.py">
<entry file="file://$PROJECT_DIR$/circle/dashboard/views/vm.py">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="384">
<caret line="308" column="0" lean-forward="true" selection-start-line="308" selection-start-column="0" selection-end-line="308" selection-end-column="0" />
<state relative-caret-position="163">
<caret line="1270" column="61" lean-forward="false" selection-start-line="1270" selection-start-column="61" selection-end-line="1270" selection-end-column="61" />
<folding />
</state>
</provider>
......
circle/circle/os_policies/cinder_policy.json 0 → 100644
{
"admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
"volume:create": "",
"volume:create_from_image": "",
"volume:delete": "rule:admin_or_owner",
"volume:force_delete": "rule:admin_api",
"volume:get": "rule:admin_or_owner",
"volume:get_all": "rule:admin_or_owner",
"volume:get_volume_metadata": "rule:admin_or_owner",
"volume:create_volume_metadata": "rule:admin_or_owner",
"volume:delete_volume_metadata": "rule:admin_or_owner",
"volume:update_volume_metadata": "rule:admin_or_owner",
"volume:get_volume_admin_metadata": "rule:admin_api",
"volume:update_volume_admin_metadata": "rule:admin_api",
"volume:get_snapshot": "rule:admin_or_owner",
"volume:get_all_snapshots": "rule:admin_or_owner",
"volume:create_snapshot": "rule:admin_or_owner",
"volume:delete_snapshot": "rule:admin_or_owner",
"volume:update_snapshot": "rule:admin_or_owner",
"volume:get_snapshot_metadata": "rule:admin_or_owner",
"volume:delete_snapshot_metadata": "rule:admin_or_owner",
"volume:update_snapshot_metadata": "rule:admin_or_owner",
"volume:extend": "rule:admin_or_owner",
"volume:extend_attached_volume": "rule:admin_or_owner",
"volume:update_readonly_flag": "rule:admin_or_owner",
"volume:retype": "rule:admin_or_owner",
"volume:update": "rule:admin_or_owner",
"volume:revert_to_snapshot": "rule:admin_or_owner",
"volume_extension:types_manage": "rule:admin_api",
"volume_extension:types_extra_specs:create": "rule:admin_api",
"volume_extension:types_extra_specs:delete": "rule:admin_api",
"volume_extension:types_extra_specs:index": "rule:admin_api",
"volume_extension:types_extra_specs:show": "rule:admin_api",
"volume_extension:types_extra_specs:update": "rule:admin_api",
"volume_extension:access_types_qos_specs_id": "rule:admin_api",
"volume_extension:access_types_extra_specs": "rule:admin_api",
"volume_extension:volume_type_access": "rule:admin_or_owner",
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
"volume_extension:volume_type_encryption": "rule:admin_api",
"volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
"volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
"volume_extension:volume_image_metadata": "rule:admin_or_owner",
"volume_extension:qos_specs_manage:create": "rule:admin_api",
"volume_extension:qos_specs_manage:get": "rule:admin_api",
"volume_extension:qos_specs_manage:get_all": "rule:admin_api",
"volume_extension:qos_specs_manage:update": "rule:admin_api",
"volume_extension:qos_specs_manage:delete": "rule:admin_api",
"volume_extension:quotas:show": "",
"volume_extension:quotas:update": "rule:admin_api",
"volume_extension:quotas:delete": "rule:admin_api",
"volume_extension:quota_classes": "rule:admin_api",
"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
"volume_extension:backup_admin_actions:reset_status": "rule:admin_api",
"volume_extension:volume_admin_actions:force_delete": "rule:admin_api",
"volume_extension:volume_admin_actions:force_detach": "rule:admin_api",
"volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",
"volume_extension:backup_admin_actions:force_delete": "rule:admin_api",
"volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",
"volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
"volume_extension:volume_actions:upload_public": "rule:admin_api",
"volume_extension:volume_actions:upload_image": "rule:admin_or_owner",
"volume_extension:volume_host_attribute": "rule:admin_api",
"volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
"volume_extension:hosts": "rule:admin_api",
"volume_extension:services:index": "rule:admin_api",
"volume_extension:services:update" : "rule:admin_api",
"volume_extension:volume_manage": "rule:admin_api",
"volume_extension:volume_unmanage": "rule:admin_api",
"volume_extension:list_manageable": "rule:admin_api",
"volume_extension:capabilities": "rule:admin_api",
"volume:create_transfer": "rule:admin_or_owner",
"volume:accept_transfer": "",
"volume:delete_transfer": "rule:admin_or_owner",
"volume:get_transfer": "rule:admin_or_owner",
"volume:get_all_transfers": "rule:admin_or_owner",
"volume:failover_host": "rule:admin_api",
"volume:freeze_host": "rule:admin_api",
"volume:thaw_host": "rule:admin_api",
"backup:create" : "",
"backup:delete": "rule:admin_or_owner",
"backup:get": "rule:admin_or_owner",
"backup:get_all": "rule:admin_or_owner",
"backup:restore": "rule:admin_or_owner",
"backup:backup-import": "rule:admin_api",
"backup:backup-export": "rule:admin_api",
"backup:update": "rule:admin_or_owner",
"backup:backup_project_attribute": "rule:admin_api",
"volume:attachment_create": "",
"volume:attachment_update": "rule:admin_or_owner",
"volume:attachment_delete": "rule:admin_or_owner",
"volume:attachment_complete": "rule:admin_or_owner",
"snapshot_extension:snapshot_actions:update_snapshot_status": "",
"snapshot_extension:snapshot_manage": "rule:admin_api",
"snapshot_extension:snapshot_unmanage": "rule:admin_api",
"snapshot_extension:list_manageable": "rule:admin_api",
"consistencygroup:create" : "group:nobody",
"consistencygroup:delete": "group:nobody",
"consistencygroup:update": "group:nobody",
"consistencygroup:get": "group:nobody",
"consistencygroup:get_all": "group:nobody",
"consistencygroup:create_cgsnapshot" : "group:nobody",
"consistencygroup:delete_cgsnapshot": "group:nobody",
"consistencygroup:get_cgsnapshot": "group:nobody",
"consistencygroup:get_all_cgsnapshots": "group:nobody",
"group:group_types_manage": "rule:admin_api",
"group:group_types_specs": "rule:admin_api",
"group:access_group_types_specs": "rule:admin_api",
"group:group_type_access": "rule:admin_or_owner",
"group:create" : "",
"group:delete": "rule:admin_or_owner",
"group:update": "rule:admin_or_owner",
"group:get": "rule:admin_or_owner",
"group:get_all": "rule:admin_or_owner",
"group:create_group_snapshot": "",
"group:delete_group_snapshot": "rule:admin_or_owner",
"group:update_group_snapshot": "rule:admin_or_owner",
"group:get_group_snapshot": "rule:admin_or_owner",
"group:get_all_group_snapshots": "rule:admin_or_owner",
"group:reset_group_snapshot_status":"rule:admin_api",
"group:reset_status":"rule:admin_api",
"group:enable_replication": "rule:admin_or_owner",
"group:disable_replication": "rule:admin_or_owner",
"group:failover_replication": "rule:admin_or_owner",
"group:list_replication_targets": "rule:admin_or_owner",
"scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
"message:delete": "rule:admin_or_owner",
"message:get": "rule:admin_or_owner",
"message:get_all": "rule:admin_or_owner",
"clusters:get": "rule:admin_api",
"clusters:get_all": "rule:admin_api",
"clusters:update": "rule:admin_api",
"workers:cleanup": "rule:admin_api"
}
\ No newline at end of file
circle/circle/os_policies/glance_policy.json 0 → 100644
{
"context_is_admin": "role:admin",
"default": "role:admin",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"communitize_image": "",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"tasks_api_access": "role:admin",
"deactivate": "",
"reactivate": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":"",
"get_metadef_tag":"",
"get_metadef_tags":"",
"modify_metadef_tag":"",
"add_metadef_tag":"",
"add_metadef_tags":""
}
\ No newline at end of file
circle/circle/os_policies/keystone_policy.json 0 → 100644
{
"admin_required": "role:admin",
"cloud_admin": "role:admin and (is_admin_project:True or domain_id:admin_domain_id)",
"service_role": "role:service",
"service_or_admin": "rule:admin_required or rule:service_role",
"owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
"admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
"admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
"service_admin_or_owner": "rule:service_or_admin or rule:owner",
"default": "rule:admin_required",
"identity:get_region": "",
"identity:list_regions": "",
"identity:create_region": "rule:cloud_admin",
"identity:update_region": "rule:cloud_admin",
"identity:delete_region": "rule:cloud_admin",
"identity:get_service": "rule:admin_required",
"identity:list_services": "rule:admin_required",
"identity:create_service": "rule:cloud_admin",
"identity:update_service": "rule:cloud_admin",
"identity:delete_service": "rule:cloud_admin",
"identity:get_endpoint": "rule:admin_required",
"identity:list_endpoints": "rule:admin_required",
"identity:create_endpoint": "rule:cloud_admin",
"identity:update_endpoint": "rule:cloud_admin",
"identity:delete_endpoint": "rule:cloud_admin",
"identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id or token.project.domain.id:%(target.domain.id)s",
"identity:list_domains": "rule:cloud_admin",
"identity:create_domain": "rule:cloud_admin",
"identity:update_domain": "rule:cloud_admin",
"identity:delete_domain": "rule:cloud_admin",
"admin_and_matching_target_project_domain_id": "rule:admin_required and domain_id:%(target.project.domain_id)s",
"admin_and_matching_project_domain_id": "rule:admin_required and domain_id:%(project.domain_id)s",
"identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
"identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id",
"identity:list_user_projects": "rule:owner or rule:admin_and_matching_domain_id",
"identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id",
"identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
"identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
"admin_and_matching_target_user_domain_id": "rule:admin_required and domain_id:%(target.user.domain_id)s",
"admin_and_matching_user_domain_id": "rule:admin_required and domain_id:%(user.domain_id)s",
"identity:get_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id or rule:owner",
"identity:list_users": "rule:cloud_admin or rule:admin_and_matching_domain_id",
"identity:create_user": "rule:cloud_admin or rule:admin_and_matching_user_domain_id",
"identity:update_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
"identity:delete_user": "rule:cloud_admin or rule:admin_and_matching_target_user_domain_id",
"admin_and_matching_target_group_domain_id": "rule:admin_required and domain_id:%(target.group.domain_id)s",
"admin_and_matching_group_domain_id": "rule:admin_required and domain_id:%(group.domain_id)s",
"identity:get_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:list_groups": "rule:cloud_admin or rule:admin_and_matching_domain_id",
"identity:list_groups_for_user": "rule:owner or rule:admin_and_matching_target_user_domain_id",
"identity:create_group": "rule:cloud_admin or rule:admin_and_matching_group_domain_id",
"identity:update_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:delete_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:list_users_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:remove_user_from_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:check_user_in_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:add_user_to_group": "rule:cloud_admin or rule:admin_and_matching_target_group_domain_id",
"identity:get_credential": "rule:admin_required",
"identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
"identity:create_credential": "rule:admin_required",
"identity:update_credential": "rule:admin_required",
"identity:delete_credential": "rule:admin_required",
"identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
"identity:ec2_list_credentials": "rule:admin_required or rule:owner",
"identity:ec2_create_credential": "rule:admin_required or rule:owner",
"identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
"identity:get_role": "rule:admin_required",
"identity:list_roles": "rule:admin_required",
"identity:create_role": "rule:cloud_admin",
"identity:update_role": "rule:cloud_admin",
"identity:delete_role": "rule:cloud_admin",
"identity:get_domain_role": "rule:cloud_admin or rule:get_domain_roles",
"identity:list_domain_roles": "rule:cloud_admin or rule:list_domain_roles",
"identity:create_domain_role": "rule:cloud_admin or rule:domain_admin_matches_domain_role",
"identity:update_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
"identity:delete_domain_role": "rule:cloud_admin or rule:domain_admin_matches_target_domain_role",
"domain_admin_matches_domain_role": "rule:admin_required and domain_id:%(role.domain_id)s",
"get_domain_roles": "rule:domain_admin_matches_target_domain_role or rule:project_admin_matches_target_domain_role",
"domain_admin_matches_target_domain_role": "rule:admin_required and domain_id:%(target.role.domain_id)s",
"project_admin_matches_target_domain_role": "rule:admin_required and project_domain_id:%(target.role.domain_id)s",
"list_domain_roles": "rule:domain_admin_matches_filter_on_list_domain_roles or rule:project_admin_matches_filter_on_list_domain_roles",
"domain_admin_matches_filter_on_list_domain_roles": "rule:admin_required and domain_id:%(domain_id)s",
"project_admin_matches_filter_on_list_domain_roles": "rule:admin_required and project_domain_id:%(domain_id)s",
"admin_and_matching_prior_role_domain_id": "rule:admin_required and domain_id:%(target.prior_role.domain_id)s",
"implied_role_matches_prior_role_domain_or_global": "(domain_id:%(target.implied_role.domain_id)s or None:%(target.implied_role.domain_id)s)",
"identity:get_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:list_implied_roles": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:create_implied_role": "rule:cloud_admin or (rule:admin_and_matching_prior_role_domain_id and rule:implied_role_matches_prior_role_domain_or_global)",
"identity:delete_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:list_role_inference_rules": "rule:cloud_admin",
"identity:check_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
"identity:list_grants": "rule:cloud_admin or rule:domain_admin_for_list_grants or rule:project_admin_for_list_grants",
"identity:create_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
"identity:revoke_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
"domain_admin_for_grants": "rule:domain_admin_for_global_role_grants or rule:domain_admin_for_domain_role_grants",
"domain_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and rule:domain_admin_grant_match",
"domain_admin_for_domain_role_grants": "rule:admin_required and domain_id:%(target.role.domain_id)s and rule:domain_admin_grant_match",
"domain_admin_grant_match": "domain_id:%(domain_id)s or domain_id:%(target.project.domain_id)s",
"project_admin_for_grants": "rule:project_admin_for_global_role_grants or rule:project_admin_for_domain_role_grants",
"project_admin_for_global_role_grants": "rule:admin_required and None:%(target.role.domain_id)s and project_id:%(project_id)s",
"project_admin_for_domain_role_grants": "rule:admin_required and project_domain_id:%(target.role.domain_id)s and project_id:%(project_id)s",
"domain_admin_for_list_grants": "rule:admin_required and rule:domain_admin_grant_match",
"project_admin_for_list_grants": "rule:admin_required and project_id:%(project_id)s",
"admin_on_domain_filter" : "rule:admin_required and domain_id:%(scope.domain.id)s",
"admin_on_project_filter" : "rule:admin_required and project_id:%(scope.project.id)s",
"admin_on_domain_of_project_filter" : "rule:admin_required and domain_id:%(target.project.domain_id)s",
"identity:list_role_assignments": "rule:cloud_admin or rule:admin_on_domain_filter or rule:admin_on_project_filter",
"identity:list_role_assignments_for_tree": "rule:cloud_admin or rule:admin_on_domain_of_project_filter",
"identity:get_policy": "rule:cloud_admin",
"identity:list_policies": "rule:cloud_admin",
"identity:create_policy": "rule:cloud_admin",
"identity:update_policy": "rule:cloud_admin",
"identity:delete_policy": "rule:cloud_admin",
"identity:check_token": "rule:admin_or_owner",
"identity:validate_token": "rule:service_admin_or_owner",
"identity:validate_token_head": "rule:service_or_admin",
"identity:revocation_list": "rule:service_or_admin",
"identity:revoke_token": "rule:admin_or_owner",
"identity:create_trust": "user_id:%(trust.trustor_user_id)s",
"identity:list_trusts": "",
"identity:list_roles_for_trust": "",
"identity:get_role_for_trust": "",
"identity:delete_trust": "",
"identity:get_trust": "",
"identity:create_consumer": "rule:admin_required",
"identity:get_consumer": "rule:admin_required",
"identity:list_consumers": "rule:admin_required",
"identity:delete_consumer": "rule:admin_required",
"identity:update_consumer": "rule:admin_required",
"identity:authorize_request_token": "rule:admin_required",
"identity:list_access_token_roles": "rule:admin_required",
"identity:get_access_token_role": "rule:admin_required",
"identity:list_access_tokens": "rule:admin_required",
"identity:get_access_token": "rule:admin_required",
"identity:delete_access_token": "rule:admin_required",
"identity:list_projects_for_endpoint": "rule:admin_required",
"identity:add_endpoint_to_project": "rule:admin_required",
"identity:check_endpoint_in_project": "rule:admin_required",
"identity:list_endpoints_for_project": "rule:admin_required",
"identity:remove_endpoint_from_project": "rule:admin_required",
"identity:create_endpoint_group": "rule:admin_required",
"identity:list_endpoint_groups": "rule:admin_required",
"identity:get_endpoint_group": "rule:admin_required",
"identity:update_endpoint_group": "rule:admin_required",
"identity:delete_endpoint_group": "rule:admin_required",
"identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
"identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
"identity:get_endpoint_group_in_project": "rule:admin_required",
"identity:list_endpoint_groups_for_project": "rule:admin_required",
"identity:add_endpoint_group_to_project": "rule:admin_required",
"identity:remove_endpoint_group_from_project": "rule:admin_required",
"identity:create_identity_provider": "rule:cloud_admin",
"identity:list_identity_providers": "rule:cloud_admin",
"identity:get_identity_provider": "rule:cloud_admin",
"identity:update_identity_provider": "rule:cloud_admin",
"identity:delete_identity_provider": "rule:cloud_admin",
"identity:create_protocol": "rule:cloud_admin",
"identity:update_protocol": "rule:cloud_admin",
"identity:get_protocol": "rule:cloud_admin",
"identity:list_protocols": "rule:cloud_admin",
"identity:delete_protocol": "rule:cloud_admin",
"identity:create_mapping": "rule:cloud_admin",
"identity:get_mapping": "rule:cloud_admin",
"identity:list_mappings": "rule:cloud_admin",
"identity:delete_mapping": "rule:cloud_admin",
"identity:update_mapping": "rule:cloud_admin",
"identity:create_service_provider": "rule:cloud_admin",
"identity:list_service_providers": "rule:cloud_admin",
"identity:get_service_provider": "rule:cloud_admin",
"identity:update_service_provider": "rule:cloud_admin",
"identity:delete_service_provider": "rule:cloud_admin",
"identity:get_auth_catalog": "",
"identity:get_auth_projects": "",
"identity:get_auth_domains": "",
"identity:list_projects_for_user": "",
"identity:list_domains_for_user": "",
"identity:list_revoke_events": "rule:service_or_admin",
"identity:create_policy_association_for_endpoint": "rule:cloud_admin",
"identity:check_policy_association_for_endpoint": "rule:cloud_admin",
"identity:delete_policy_association_for_endpoint": "rule:cloud_admin",
"identity:create_policy_association_for_service": "rule:cloud_admin",
"identity:check_policy_association_for_service": "rule:cloud_admin",
"identity:delete_policy_association_for_service": "rule:cloud_admin",
"identity:create_policy_association_for_region_and_service": "rule:cloud_admin",
"identity:check_policy_association_for_region_and_service": "rule:cloud_admin",
"identity:delete_policy_association_for_region_and_service": "rule:cloud_admin",
"identity:get_policy_for_endpoint": "rule:cloud_admin",
"identity:list_endpoints_for_policy": "rule:cloud_admin",
"identity:create_domain_config": "rule:cloud_admin",
"identity:get_domain_config": "rule:cloud_admin",
"identity:get_security_compliance_domain_config": "",
"identity:update_domain_config": "rule:cloud_admin",
"identity:delete_domain_config": "rule:cloud_admin",
"identity:get_domain_config_default": "rule:cloud_admin"
}
circle/circle/os_policies/neutron_policy.json 0 → 100644
{
"context_is_admin": "role:admin",
"owner": "tenant_id:%(tenant_id)s",
"admin_or_owner": "rule:context_is_admin or rule:owner",
"context_is_advsvc": "role:advsvc",
"admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
"admin_owner_or_network_owner": "rule:owner or rule:admin_or_network_owner",
"admin_only": "rule:context_is_admin",
"regular_user": "",
"admin_or_data_plane_int": "rule:context_is_admin or role:data_plane_integrator",
"shared": "field:networks:shared=True",
"shared_subnetpools": "field:subnetpools:shared=True",
"shared_address_scopes": "field:address_scopes:shared=True",
"external": "field:networks:router:external=True",
"default": "rule:admin_or_owner",
"create_subnet": "rule:admin_or_network_owner",
"create_subnet:segment_id": "rule:admin_only",
"create_subnet:service_types": "rule:admin_only",
"get_subnet": "rule:admin_or_owner or rule:shared",
"get_subnet:segment_id": "rule:admin_only",
"update_subnet": "rule:admin_or_network_owner",
"update_subnet:service_types": "rule:admin_only",
"delete_subnet": "rule:admin_or_network_owner",
"create_subnetpool": "",
"create_subnetpool:shared": "rule:admin_only",
"create_subnetpool:is_default": "rule:admin_only",
"get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools",
"update_subnetpool": "rule:admin_or_owner",
"update_subnetpool:is_default": "rule:admin_only",
"delete_subnetpool": "rule:admin_or_owner",
"create_address_scope": "",
"create_address_scope:shared": "rule:admin_only",
"get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
"update_address_scope": "rule:admin_or_owner",
"update_address_scope:shared": "rule:admin_only",
"delete_address_scope": "rule:admin_or_owner",
"create_network": "",
"get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
"get_network:router:external": "rule:regular_user",
"get_network:segments": "rule:admin_only",
"get_network:provider:network_type": "rule:admin_only",
"get_network:provider:physical_network": "rule:admin_only",
"get_network:provider:segmentation_id": "rule:admin_only",
"get_network:queue_id": "rule:admin_only",
"get_network_ip_availabilities": "rule:admin_only",
"get_network_ip_availability": "rule:admin_only",
"create_network:shared": "rule:admin_only",
"create_network:router:external": "rule:admin_only",
"create_network:is_default": "rule:admin_only",
"create_network:segments": "rule:admin_only",
"create_network:provider:network_type": "rule:admin_only",
"create_network:provider:physical_network": "rule:admin_only",
"create_network:provider:segmentation_id": "rule:admin_only",
"update_network": "rule:admin_or_owner",
"update_network:segments": "rule:admin_only",
"update_network:shared": "rule:admin_only",
"update_network:provider:network_type": "rule:admin_only",
"update_network:provider:physical_network": "rule:admin_only",
"update_network:provider:segmentation_id": "rule:admin_only",
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_or_owner",
"create_segment": "rule:admin_only",
"get_segment": "rule:admin_only",
"update_segment": "rule:admin_only",
"delete_segment": "rule:admin_only",
"network_device": "field:port:device_owner=~^network:",
"create_port": "",
"create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"create_port:allowed_address_pairs": "rule:admin_or_network_owner",
"get_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
"get_port:binding:vif_details": "rule:admin_only",
"get_port:binding:host_id": "rule:admin_only",
"get_port:binding:profile": "rule:admin_only",
"update_port": "rule:admin_or_owner or rule:context_is_advsvc",
"update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
"update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
"update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
"update_port:allowed_address_pairs": "rule:admin_or_network_owner",
"update_port:data_plane_status": "rule:admin_or_data_plane_int",
"delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
"get_router:ha": "rule:admin_only",
"create_router": "rule:regular_user",
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
"create_router:distributed": "rule:admin_only",
"create_router:ha": "rule:admin_only",
"get_router": "rule:admin_or_owner",
"get_router:distributed": "rule:admin_only",
"update_router": "rule:admin_or_owner",
"update_router:external_gateway_info": "rule:admin_or_owner",
"update_router:external_gateway_info:network_id": "rule:admin_or_owner",
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
"update_router:distributed": "rule:admin_only",
"update_router:ha": "rule:admin_only",
"delete_router": "rule:admin_or_owner",
"add_router_interface": "rule:admin_or_owner",
"remove_router_interface": "rule:admin_or_owner",
"create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"update_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
"create_qos_queue": "rule:admin_only",
"get_qos_queue": "rule:admin_only",
"update_agent": "rule:admin_only",
"delete_agent": "rule:admin_only",
"get_agent": "rule:admin_only",
"create_dhcp-network": "rule:admin_only",
"delete_dhcp-network": "rule:admin_only",
"get_dhcp-networks": "rule:admin_only",
"create_l3-router": "rule:admin_only",
"delete_l3-router": "rule:admin_only",
"get_l3-routers": "rule:admin_only",
"get_dhcp-agents": "rule:admin_only",
"get_l3-agents": "rule:admin_only",
"get_loadbalancer-agent": "rule:admin_only",
"get_loadbalancer-pools": "rule:admin_only",
"get_agent-loadbalancers": "rule:admin_only",
"get_loadbalancer-hosting-agent": "rule:admin_only",
"create_floatingip": "rule:regular_user",
"create_floatingip:floating_ip_address": "rule:admin_only",
"update_floatingip": "rule:admin_or_owner",
"delete_floatingip": "rule:admin_or_owner",
"get_floatingip": "rule:admin_or_owner",
"create_network_profile": "rule:admin_only",
"update_network_profile": "rule:admin_only",
"delete_network_profile": "rule:admin_only",
"get_network_profiles": "",
"get_network_profile": "",
"update_policy_profiles": "rule:admin_only",
"get_policy_profiles": "",
"get_policy_profile": "",
"create_metering_label": "rule:admin_only",
"delete_metering_label": "rule:admin_only",
"get_metering_label": "rule:admin_only",
"create_metering_label_rule": "rule:admin_only",
"delete_metering_label_rule": "rule:admin_only",
"get_metering_label_rule": "rule:admin_only",
"get_service_provider": "rule:regular_user",
"get_lsn": "rule:admin_only",
"create_lsn": "rule:admin_only",
"create_flavor": "rule:admin_only",
"update_flavor": "rule:admin_only",
"delete_flavor": "rule:admin_only",
"get_flavors": "rule:regular_user",
"get_flavor": "rule:regular_user",
"create_service_profile": "rule:admin_only",
"update_service_profile": "rule:admin_only",
"delete_service_profile": "rule:admin_only",
"get_service_profiles": "rule:admin_only",
"get_service_profile": "rule:admin_only",
"get_policy": "rule:regular_user",
"create_policy": "rule:admin_only",
"update_policy": "rule:admin_only",
"delete_policy": "rule:admin_only",
"get_policy_bandwidth_limit_rule": "rule:regular_user",
"create_policy_bandwidth_limit_rule": "rule:admin_only",
"delete_policy_bandwidth_limit_rule": "rule:admin_only",
"update_policy_bandwidth_limit_rule": "rule:admin_only",
"get_policy_dscp_marking_rule": "rule:regular_user",
"create_policy_dscp_marking_rule": "rule:admin_only",
"delete_policy_dscp_marking_rule": "rule:admin_only",
"update_policy_dscp_marking_rule": "rule:admin_only",
"get_rule_type": "rule:regular_user",
"get_policy_minimum_bandwidth_rule": "rule:regular_user",
"create_policy_minimum_bandwidth_rule": "rule:admin_only",
"delete_policy_minimum_bandwidth_rule": "rule:admin_only",
"update_policy_minimum_bandwidth_rule": "rule:admin_only",
"restrict_wildcard": "(not field:rbac_policy:target_tenant=*) or rule:admin_only",
"create_rbac_policy": "",
"create_rbac_policy:target_tenant": "rule:restrict_wildcard",
"update_rbac_policy": "rule:admin_or_owner",
"update_rbac_policy:target_tenant": "rule:restrict_wildcard and rule:admin_or_owner",
"get_rbac_policy": "rule:admin_or_owner",
"delete_rbac_policy": "rule:admin_or_owner",
"create_flavor_service_profile": "rule:admin_only",
"delete_flavor_service_profile": "rule:admin_only",
"get_flavor_service_profile": "rule:regular_user",
"get_auto_allocated_topology": "rule:admin_or_owner",
"create_trunk": "rule:regular_user",
"get_trunk": "rule:admin_or_owner",
"delete_trunk": "rule:admin_or_owner",
"get_subports": "",
"add_subports": "rule:admin_or_owner",
"remove_subports": "rule:admin_or_owner",
"get_security_groups": "rule:admin_or_owner",
"get_security_group": "rule:admin_or_owner",
"create_security_group": "rule:admin_or_owner",
"update_security_group": "rule:admin_or_owner",
"delete_security_group": "rule:admin_or_owner",
"get_security_group_rules": "rule:admin_or_owner",
"get_security_group_rule": "rule:admin_or_owner",
"create_security_group_rule": "rule:admin_or_owner",
"delete_security_group_rule": "rule:admin_or_owner",
"get_loggable_resources": "rule:admin_only",
"create_log": "rule:admin_only",
"update_log": "rule:admin_only",
"delete_log": "rule:admin_only",
"get_logs": "rule:admin_only",
"get_log": "rule:admin_only"
}
\ No newline at end of file
circle/circle/os_policies/nova_policy.json 0 → 100644
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"cells_scheduler_filter:TargetCellFilter": "is_admin:True",
"compute:create": "rule:admin_or_owner",
"compute:create:attach_network": "rule:admin_or_owner",
"compute:create:attach_volume": "rule:admin_or_owner",
"compute:create:forced_host": "is_admin:True",
"compute:get": "rule:admin_or_owner",
"compute:get_all": "rule:admin_or_owner",
"compute:get_all_tenants": "is_admin:True",
"compute:update": "rule:admin_or_owner",
"compute:get_instance_metadata": "rule:admin_or_owner",
"compute:get_all_instance_metadata": "rule:admin_or_owner",
"compute:get_all_instance_system_metadata": "rule:admin_or_owner",
"compute:update_instance_metadata": "rule:admin_or_owner",
"compute:delete_instance_metadata": "rule:admin_or_owner",
"compute:get_diagnostics": "rule:admin_or_owner",
"compute:get_instance_diagnostics": "rule:admin_or_owner",
"compute:start": "rule:admin_or_owner",
"compute:stop": "rule:admin_or_owner",
"compute:lock": "rule:admin_or_owner",
"compute:unlock": "rule:admin_or_owner",
"compute:unlock_override": "rule:admin_api",
"compute:get_vnc_console": "rule:admin_or_owner",
"compute:get_spice_console": "rule:admin_or_owner",
"compute:get_rdp_console": "rule:admin_or_owner",
"compute:get_serial_console": "rule:admin_or_owner",
"compute:get_mks_console": "rule:admin_or_owner",
"compute:get_console_output": "rule:admin_or_owner",
"compute:reset_network": "rule:admin_or_owner",
"compute:inject_network_info": "rule:admin_or_owner",
"compute:add_fixed_ip": "rule:admin_or_owner",
"compute:remove_fixed_ip": "rule:admin_or_owner",
"compute:attach_volume": "rule:admin_or_owner",
"compute:detach_volume": "rule:admin_or_owner",
"compute:swap_volume": "rule:admin_or_owner",
"compute:attach_interface": "rule:admin_or_owner",
"compute:detach_interface": "rule:admin_or_owner",
"compute:set_admin_password": "rule:admin_or_owner",
"compute:rescue": "rule:admin_or_owner",
"compute:unrescue": "rule:admin_or_owner",
"compute:suspend": "rule:admin_or_owner",
"compute:resume": "rule:admin_or_owner",
"compute:pause": "rule:admin_or_owner",
"compute:unpause": "rule:admin_or_owner",
"compute:shelve": "rule:admin_or_owner",
"compute:shelve_offload": "rule:admin_or_owner",
"compute:unshelve": "rule:admin_or_owner",
"compute:snapshot": "rule:admin_or_owner",
"compute:snapshot_volume_backed": "rule:admin_or_owner",
"compute:backup": "rule:admin_or_owner",
"compute:resize": "rule:admin_or_owner",
"compute:confirm_resize": "rule:admin_or_owner",
"compute:revert_resize": "rule:admin_or_owner",
"compute:rebuild": "rule:admin_or_owner",
"compute:reboot": "rule:admin_or_owner",
"compute:delete": "rule:admin_or_owner",
"compute:soft_delete": "rule:admin_or_owner",
"compute:force_delete": "rule:admin_or_owner",
"compute:security_groups:add_to_instance": "rule:admin_or_owner",
"compute:security_groups:remove_from_instance": "rule:admin_or_owner",
"compute:restore": "rule:admin_or_owner",
"compute:volume_snapshot_create": "rule:admin_or_owner",
"compute:volume_snapshot_delete": "rule:admin_or_owner",
"admin_api": "is_admin:True",
"compute_extension:accounts": "rule:admin_api",
"compute_extension:admin_actions": "rule:admin_api",
"compute_extension:admin_actions:pause": "rule:admin_or_owner",
"compute_extension:admin_actions:unpause": "rule:admin_or_owner",
"compute_extension:admin_actions:suspend": "rule:admin_or_owner",
"compute_extension:admin_actions:resume": "rule:admin_or_owner",
"compute_extension:admin_actions:lock": "rule:admin_or_owner",
"compute_extension:admin_actions:unlock": "rule:admin_or_owner",
"compute_extension:admin_actions:resetNetwork": "rule:admin_api",
"compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api",
"compute_extension:admin_actions:createBackup": "rule:admin_or_owner",
"compute_extension:admin_actions:migrateLive": "rule:admin_api",
"compute_extension:admin_actions:resetState": "rule:admin_api",
"compute_extension:admin_actions:migrate": "rule:admin_api",
"compute_extension:aggregates": "rule:admin_api",
"compute_extension:agents": "rule:admin_api",
"compute_extension:attach_interfaces": "rule:admin_or_owner",
"compute_extension:baremetal_nodes": "rule:admin_api",
"compute_extension:cells": "rule:admin_api",
"compute_extension:cells:create": "rule:admin_api",
"compute_extension:cells:delete": "rule:admin_api",
"compute_extension:cells:update": "rule:admin_api",
"compute_extension:cells:sync_instances": "rule:admin_api",
"compute_extension:certificates": "rule:admin_or_owner",
"compute_extension:cloudpipe": "rule:admin_api",
"compute_extension:cloudpipe_update": "rule:admin_api",
"compute_extension:config_drive": "rule:admin_or_owner",
"compute_extension:console_output": "rule:admin_or_owner",
"compute_extension:consoles": "rule:admin_or_owner",
"compute_extension:createserverext": "rule:admin_or_owner",
"compute_extension:deferred_delete": "rule:admin_or_owner",
"compute_extension:disk_config": "rule:admin_or_owner",
"compute_extension:evacuate": "rule:admin_api",
"compute_extension:extended_server_attributes": "rule:admin_api",
"compute_extension:extended_status": "rule:admin_or_owner",
"compute_extension:extended_availability_zone": "rule:admin_or_owner",
"compute_extension:extended_ips": "rule:admin_or_owner",
"compute_extension:extended_ips_mac": "rule:admin_or_owner",
"compute_extension:extended_vif_net": "rule:admin_or_owner",
"compute_extension:extended_volumes": "rule:admin_or_owner",
"compute_extension:fixed_ips": "rule:admin_api",
"compute_extension:flavor_access": "rule:admin_or_owner",
"compute_extension:flavor_access:addTenantAccess": "rule:admin_api",
"compute_extension:flavor_access:removeTenantAccess": "rule:admin_api",
"compute_extension:flavor_disabled": "rule:admin_or_owner",
"compute_extension:flavor_rxtx": "rule:admin_or_owner",
"compute_extension:flavor_swap": "rule:admin_or_owner",
"compute_extension:flavorextradata": "rule:admin_or_owner",
"compute_extension:flavorextraspecs:index": "rule:admin_or_owner",
"compute_extension:flavorextraspecs:show": "rule:admin_or_owner",
"compute_extension:flavorextraspecs:create": "rule:admin_api",
"compute_extension:flavorextraspecs:update": "rule:admin_api",
"compute_extension:flavorextraspecs:delete": "rule:admin_api",
"compute_extension:flavormanage": "rule:admin_api",
"compute_extension:floating_ip_dns": "rule:admin_or_owner",
"compute_extension:floating_ip_pools": "rule:admin_or_owner",
"compute_extension:floating_ips": "rule:admin_or_owner",
"compute_extension:floating_ips_bulk": "rule:admin_api",
"compute_extension:fping": "rule:admin_or_owner",
"compute_extension:fping:all_tenants": "rule:admin_api",
"compute_extension:hide_server_addresses": "is_admin:False",
"compute_extension:hosts": "rule:admin_api",
"compute_extension:hypervisors": "rule:admin_api",
"compute_extension:image_size": "rule:admin_or_owner",
"compute_extension:instance_actions": "rule:admin_or_owner",
"compute_extension:instance_actions:events": "rule:admin_api",
"compute_extension:instance_usage_audit_log": "rule:admin_api",
"compute_extension:keypairs": "rule:admin_or_owner",
"compute_extension:keypairs:index": "rule:admin_or_owner",
"compute_extension:keypairs:show": "rule:admin_or_owner",
"compute_extension:keypairs:create": "rule:admin_or_owner",
"compute_extension:keypairs:delete": "rule:admin_or_owner",
"compute_extension:multinic": "rule:admin_or_owner",
"compute_extension:networks": "rule:admin_api",
"compute_extension:networks:view": "rule:admin_or_owner",
"compute_extension:networks_associate": "rule:admin_api",
"compute_extension:os-tenant-networks": "rule:admin_or_owner",
"compute_extension:quotas:show": "rule:admin_or_owner",
"compute_extension:quotas:update": "rule:admin_api",
"compute_extension:quotas:delete": "rule:admin_api",
"compute_extension:quota_classes": "rule:admin_or_owner",
"compute_extension:rescue": "rule:admin_or_owner",
"compute_extension:security_group_default_rules": "rule:admin_api",
"compute_extension:security_groups": "rule:admin_or_owner",
"compute_extension:server_diagnostics": "rule:admin_api",
"compute_extension:server_groups": "rule:admin_or_owner",
"compute_extension:server_password": "rule:admin_or_owner",
"compute_extension:server_usage": "rule:admin_or_owner",
"compute_extension:services": "rule:admin_api",
"compute_extension:shelve": "rule:admin_or_owner",
"compute_extension:shelveOffload": "rule:admin_api",
"compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
"compute_extension:simple_tenant_usage:list": "rule:admin_api",
"compute_extension:unshelve": "rule:admin_or_owner",
"compute_extension:users": "rule:admin_api",
"compute_extension:virtual_interfaces": "rule:admin_or_owner",
"compute_extension:virtual_storage_arrays": "rule:admin_or_owner",
"compute_extension:volumes": "rule:admin_or_owner",
"compute_extension:volume_attachments:index": "rule:admin_or_owner",
"compute_extension:volume_attachments:show": "rule:admin_or_owner",
"compute_extension:volume_attachments:create": "rule:admin_or_owner",
"compute_extension:volume_attachments:update": "rule:admin_or_owner",
"compute_extension:volume_attachments:delete": "rule:admin_or_owner",
"compute_extension:volumetypes": "rule:admin_or_owner",
"compute_extension:availability_zone:list": "rule:admin_or_owner",
"compute_extension:availability_zone:detail": "rule:admin_api",
"compute_extension:used_limits_for_admin": "rule:admin_api",
"compute_extension:migrations:index": "rule:admin_api",
"compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api",
"compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api",
"compute_extension:console_auth_tokens": "rule:admin_api",
"compute_extension:os-server-external-events:create": "rule:admin_api",
"network:get_all": "rule:admin_or_owner",
"network:get": "rule:admin_or_owner",
"network:create": "rule:admin_or_owner",
"network:delete": "rule:admin_or_owner",
"network:associate": "rule:admin_or_owner",
"network:disassociate": "rule:admin_or_owner",
"network:get_vifs_by_instance": "rule:admin_or_owner",
"network:allocate_for_instance": "rule:admin_or_owner",
"network:deallocate_for_instance": "rule:admin_or_owner",
"network:validate_networks": "rule:admin_or_owner",
"network:get_instance_uuids_by_ip_filter": "rule:admin_or_owner",
"network:get_instance_id_by_floating_address": "rule:admin_or_owner",
"network:setup_networks_on_host": "rule:admin_or_owner",
"network:get_backdoor_port": "rule:admin_or_owner",
"network:get_floating_ip": "rule:admin_or_owner",
"network:get_floating_ip_pools": "rule:admin_or_owner",
"network:get_floating_ip_by_address": "rule:admin_or_owner",
"network:get_floating_ips_by_project": "rule:admin_or_owner",
"network:get_floating_ips_by_fixed_address": "rule:admin_or_owner",
"network:allocate_floating_ip": "rule:admin_or_owner",
"network:associate_floating_ip": "rule:admin_or_owner",
"network:disassociate_floating_ip": "rule:admin_or_owner",
"network:release_floating_ip": "rule:admin_or_owner",
"network:migrate_instance_start": "rule:admin_or_owner",
"network:migrate_instance_finish": "rule:admin_or_owner",
"network:get_fixed_ip": "rule:admin_or_owner",
"network:get_fixed_ip_by_address": "rule:admin_or_owner",
"network:add_fixed_ip_to_instance": "rule:admin_or_owner",
"network:remove_fixed_ip_from_instance": "rule:admin_or_owner",
"network:add_network_to_project": "rule:admin_or_owner",
"network:get_instance_nw_info": "rule:admin_or_owner",
"network:get_dns_domains": "rule:admin_or_owner",
"network:add_dns_entry": "rule:admin_or_owner",
"network:modify_dns_entry": "rule:admin_or_owner",
"network:delete_dns_entry": "rule:admin_or_owner",
"network:get_dns_entries_by_address": "rule:admin_or_owner",
"network:get_dns_entries_by_name": "rule:admin_or_owner",
"network:create_private_dns_domain": "rule:admin_or_owner",
"network:create_public_dns_domain": "rule:admin_or_owner",
"network:delete_dns_domain": "rule:admin_or_owner",
"network:attach_external_network": "rule:admin_api",
"network:get_vif_by_mac_address": "rule:admin_or_owner",
"os_compute_api:servers:detail:get_all_tenants": "is_admin:True",
"os_compute_api:servers:index:get_all_tenants": "is_admin:True",
"os_compute_api:servers:confirm_resize": "rule:admin_or_owner",
"os_compute_api:servers:create": "rule:admin_or_owner",
"os_compute_api:servers:create:attach_network": "rule:admin_or_owner",
"os_compute_api:servers:create:attach_volume": "rule:admin_or_owner",
"os_compute_api:servers:create:forced_host": "rule:admin_api",
"os_compute_api:servers:delete": "rule:admin_or_owner",
"os_compute_api:servers:update": "rule:admin_or_owner",
"os_compute_api:servers:detail": "rule:admin_or_owner",
"os_compute_api:servers:index": "rule:admin_or_owner",
"os_compute_api:servers:reboot": "rule:admin_or_owner",
"os_compute_api:servers:rebuild": "rule:admin_or_owner",
"os_compute_api:servers:resize": "rule:admin_or_owner",
"os_compute_api:servers:revert_resize": "rule:admin_or_owner",
"os_compute_api:servers:show": "rule:admin_or_owner",
"os_compute_api:servers:show:host_status": "rule:admin_api",
"os_compute_api:servers:create_image": "rule:admin_or_owner",
"os_compute_api:servers:create_image:allow_volume_backed": "rule:admin_or_owner",
"os_compute_api:servers:start": "rule:admin_or_owner",
"os_compute_api:servers:stop": "rule:admin_or_owner",
"os_compute_api:servers:trigger_crash_dump": "rule:admin_or_owner",
"os_compute_api:servers:migrations:force_complete": "rule:admin_api",
"os_compute_api:servers:migrations:delete": "rule:admin_api",
"os_compute_api:servers:discoverable": "@",
"os_compute_api:servers:migrations:index": "rule:admin_api",
"os_compute_api:servers:migrations:show": "rule:admin_api",
"os_compute_api:os-access-ips:discoverable": "@",
"os_compute_api:os-access-ips": "rule:admin_or_owner",
"os_compute_api:os-admin-actions": "rule:admin_api",
"os_compute_api:os-admin-actions:discoverable": "@",
"os_compute_api:os-admin-actions:reset_network": "rule:admin_api",
"os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api",
"os_compute_api:os-admin-actions:reset_state": "rule:admin_api",
"os_compute_api:os-admin-password": "rule:admin_or_owner",
"os_compute_api:os-admin-password:discoverable": "@",
"os_compute_api:os-aggregates:discoverable": "@",
"os_compute_api:os-aggregates:index": "rule:admin_api",
"os_compute_api:os-aggregates:create": "rule:admin_api",
"os_compute_api:os-aggregates:show": "rule:admin_api",
"os_compute_api:os-aggregates:update": "rule:admin_api",
"os_compute_api:os-aggregates:delete": "rule:admin_api",
"os_compute_api:os-aggregates:add_host": "rule:admin_api",
"os_compute_api:os-aggregates:remove_host": "rule:admin_api",
"os_compute_api:os-aggregates:set_metadata": "rule:admin_api",
"os_compute_api:os-agents": "rule:admin_api",
"os_compute_api:os-agents:discoverable": "@",
"os_compute_api:os-attach-interfaces": "rule:admin_or_owner",
"os_compute_api:os-attach-interfaces:discoverable": "@",
"os_compute_api:os-baremetal-nodes": "rule:admin_api",
"os_compute_api:os-baremetal-nodes:discoverable": "@",
"os_compute_api:os-block-device-mapping-v1:discoverable": "@",
"os_compute_api:os-cells": "rule:admin_api",
"os_compute_api:os-cells:create": "rule:admin_api",
"os_compute_api:os-cells:delete": "rule:admin_api",
"os_compute_api:os-cells:update": "rule:admin_api",
"os_compute_api:os-cells:sync_instances": "rule:admin_api",
"os_compute_api:os-cells:discoverable": "@",
"os_compute_api:os-certificates:create": "rule:admin_or_owner",
"os_compute_api:os-certificates:show": "rule:admin_or_owner",
"os_compute_api:os-certificates:discoverable": "@",
"os_compute_api:os-cloudpipe": "rule:admin_api",
"os_compute_api:os-cloudpipe:discoverable": "@",
"os_compute_api:os-config-drive": "rule:admin_or_owner",
"os_compute_api:os-consoles:discoverable": "@",
"os_compute_api:os-consoles:create": "rule:admin_or_owner",
"os_compute_api:os-consoles:delete": "rule:admin_or_owner",
"os_compute_api:os-consoles:index": "rule:admin_or_owner",
"os_compute_api:os-consoles:show": "rule:admin_or_owner",
"os_compute_api:os-console-output:discoverable": "@",
"os_compute_api:os-console-output": "rule:admin_or_owner",
"os_compute_api:os-remote-consoles": "rule:admin_or_owner",
"os_compute_api:os-remote-consoles:discoverable": "@",
"os_compute_api:os-create-backup:discoverable": "@",
"os_compute_api:os-create-backup": "rule:admin_or_owner",
"os_compute_api:os-deferred-delete": "rule:admin_or_owner",
"os_compute_api:os-deferred-delete:discoverable": "@",
"os_compute_api:os-disk-config": "rule:admin_or_owner",
"os_compute_api:os-disk-config:discoverable": "@",
"os_compute_api:os-evacuate": "rule:admin_api",
"os_compute_api:os-evacuate:discoverable": "@",
"os_compute_api:os-extended-server-attributes": "rule:admin_api",
"os_compute_api:os-extended-server-attributes:discoverable": "@",
"os_compute_api:os-extended-status": "rule:admin_or_owner",
"os_compute_api:os-extended-status:discoverable": "@",
"os_compute_api:os-extended-availability-zone": "rule:admin_or_owner",
"os_compute_api:os-extended-availability-zone:discoverable": "@",
"os_compute_api:extensions": "rule:admin_or_owner",
"os_compute_api:extensions:discoverable": "@",
"os_compute_api:extension_info:discoverable": "@",
"os_compute_api:os-extended-volumes": "rule:admin_or_owner",
"os_compute_api:os-extended-volumes:discoverable": "@",
"os_compute_api:os-fixed-ips": "rule:admin_api",
"os_compute_api:os-fixed-ips:discoverable": "@",
"os_compute_api:os-flavor-access": "rule:admin_or_owner",
"os_compute_api:os-flavor-access:discoverable": "@",
"os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api",
"os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api",
"os_compute_api:os-flavor-rxtx": "rule:admin_or_owner",
"os_compute_api:os-flavor-rxtx:discoverable": "@",
"os_compute_api:flavors": "rule:admin_or_owner",
"os_compute_api:flavors:discoverable": "@",
"os_compute_api:os-flavor-extra-specs:discoverable": "@",
"os_compute_api:os-flavor-extra-specs:index": "rule:admin_or_owner",
"os_compute_api:os-flavor-extra-specs:show": "rule:admin_or_owner",
"os_compute_api:os-flavor-extra-specs:create": "rule:admin_api",
"os_compute_api:os-flavor-extra-specs:update": "rule:admin_api",
"os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api",
"os_compute_api:os-flavor-manage:discoverable": "@",
"os_compute_api:os-flavor-manage": "rule:admin_api",
"os_compute_api:os-floating-ip-dns": "rule:admin_or_owner",
"os_compute_api:os-floating-ip-dns:discoverable": "@",
"os_compute_api:os-floating-ip-dns:domain:update": "rule:admin_api",
"os_compute_api:os-floating-ip-dns:domain:delete": "rule:admin_api",
"os_compute_api:os-floating-ip-pools": "rule:admin_or_owner",
"os_compute_api:os-floating-ip-pools:discoverable": "@",
"os_compute_api:os-floating-ips": "rule:admin_or_owner",
"os_compute_api:os-floating-ips:discoverable": "@",
"os_compute_api:os-floating-ips-bulk": "rule:admin_api",
"os_compute_api:os-floating-ips-bulk:discoverable": "@",
"os_compute_api:os-fping": "rule:admin_or_owner",
"os_compute_api:os-fping:discoverable": "@",
"os_compute_api:os-fping:all_tenants": "rule:admin_api",
"os_compute_api:os-hide-server-addresses": "is_admin:False",
"os_compute_api:os-hide-server-addresses:discoverable": "@",
"os_compute_api:os-hosts": "rule:admin_api",
"os_compute_api:os-hosts:discoverable": "@",
"os_compute_api:os-hypervisors": "rule:admin_api",
"os_compute_api:os-hypervisors:discoverable": "@",
"os_compute_api:images:discoverable": "@",
"os_compute_api:image-size": "rule:admin_or_owner",
"os_compute_api:image-size:discoverable": "@",
"os_compute_api:os-instance-actions": "rule:admin_or_owner",
"os_compute_api:os-instance-actions:discoverable": "@",
"os_compute_api:os-instance-actions:events": "rule:admin_api",
"os_compute_api:os-instance-usage-audit-log": "rule:admin_api",
"os_compute_api:os-instance-usage-audit-log:discoverable": "@",
"os_compute_api:ips:discoverable": "@",
"os_compute_api:ips:index": "rule:admin_or_owner",
"os_compute_api:ips:show": "rule:admin_or_owner",
"os_compute_api:os-keypairs:discoverable": "@",
"os_compute_api:os-keypairs": "rule:admin_or_owner",
"os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s",
"os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s",
"os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s",
"os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s",
"os_compute_api:limits:discoverable": "@",
"os_compute_api:limits": "rule:admin_or_owner",
"os_compute_api:os-lock-server:discoverable": "@",
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner",
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner",
"os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api",
"os_compute_api:os-migrate-server:discoverable": "@",
"os_compute_api:os-migrate-server:migrate": "rule:admin_api",
"os_compute_api:os-migrate-server:migrate_live": "rule:admin_api",
"os_compute_api:os-multinic": "rule:admin_or_owner",
"os_compute_api:os-multinic:discoverable": "@",
"os_compute_api:os-networks": "rule:admin_api",
"os_compute_api:os-networks:view": "rule:admin_or_owner",
"os_compute_api:os-networks:discoverable": "@",
"os_compute_api:os-networks-associate": "rule:admin_api",
"os_compute_api:os-networks-associate:discoverable": "@",
"os_compute_api:os-pause-server:discoverable": "@",
"os_compute_api:os-pause-server:pause": "rule:admin_or_owner",
"os_compute_api:os-pause-server:unpause": "rule:admin_or_owner",
"os_compute_api:os-pci:pci_servers": "rule:admin_or_owner",
"os_compute_api:os-pci:discoverable": "@",
"os_compute_api:os-pci:index": "rule:admin_api",
"os_compute_api:os-pci:detail": "rule:admin_api",
"os_compute_api:os-pci:show": "rule:admin_api",
"os_compute_api:os-personality:discoverable": "@",
"os_compute_api:os-preserve-ephemeral-rebuild:discoverable": "@",
"os_compute_api:os-quota-sets:discoverable": "@",
"os_compute_api:os-quota-sets:show": "rule:admin_or_owner",
"os_compute_api:os-quota-sets:defaults": "@",
"os_compute_api:os-quota-sets:update": "rule:admin_api",
"os_compute_api:os-quota-sets:delete": "rule:admin_api",
"os_compute_api:os-quota-sets:detail": "rule:admin_api",
"os_compute_api:os-quota-class-sets:update": "rule:admin_api",
"os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s",
"os_compute_api:os-quota-class-sets:discoverable": "@",
"os_compute_api:os-rescue": "rule:admin_or_owner",
"os_compute_api:os-rescue:discoverable": "@",
"os_compute_api:os-scheduler-hints:discoverable": "@",
"os_compute_api:os-security-group-default-rules:discoverable": "@",
"os_compute_api:os-security-group-default-rules": "rule:admin_api",
"os_compute_api:os-security-groups": "rule:admin_or_owner",
"os_compute_api:os-security-groups:discoverable": "@",
"os_compute_api:os-server-diagnostics": "rule:admin_api",
"os_compute_api:os-server-diagnostics:discoverable": "@",
"os_compute_api:os-server-password": "rule:admin_or_owner",
"os_compute_api:os-server-password:discoverable": "@",
"os_compute_api:os-server-usage": "rule:admin_or_owner",
"os_compute_api:os-server-usage:discoverable": "@",
"os_compute_api:os-server-groups": "rule:admin_or_owner",
"os_compute_api:os-server-groups:discoverable": "@",
"os_compute_api:os-services": "rule:admin_api",
"os_compute_api:os-services:discoverable": "@",
"os_compute_api:server-metadata:discoverable": "@",
"os_compute_api:server-metadata:index": "rule:admin_or_owner",
"os_compute_api:server-metadata:show": "rule:admin_or_owner",
"os_compute_api:server-metadata:delete": "rule:admin_or_owner",
"os_compute_api:server-metadata:create": "rule:admin_or_owner",
"os_compute_api:server-metadata:update": "rule:admin_or_owner",
"os_compute_api:server-metadata:update_all": "rule:admin_or_owner",
"os_compute_api:os-shelve:shelve": "rule:admin_or_owner",
"os_compute_api:os-shelve:shelve:discoverable": "@",
"os_compute_api:os-shelve:shelve_offload": "rule:admin_api",
"os_compute_api:os-simple-tenant-usage:discoverable": "@",
"os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner",
"os_compute_api:os-simple-tenant-usage:list": "rule:admin_api",
"os_compute_api:os-suspend-server:discoverable": "@",
"os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner",
"os_compute_api:os-suspend-server:resume": "rule:admin_or_owner",
"os_compute_api:os-tenant-networks": "rule:admin_or_owner",
"os_compute_api:os-tenant-networks:discoverable": "@",
"os_compute_api:os-shelve:unshelve": "rule:admin_or_owner",
"os_compute_api:os-user-data:discoverable": "@",
"os_compute_api:os-virtual-interfaces": "rule:admin_or_owner",
"os_compute_api:os-virtual-interfaces:discoverable": "@",
"os_compute_api:os-volumes": "rule:admin_or_owner",
"os_compute_api:os-volumes:discoverable": "@",
"os_compute_api:os-volumes-attachments:index": "rule:admin_or_owner",
"os_compute_api:os-volumes-attachments:show": "rule:admin_or_owner",
"os_compute_api:os-volumes-attachments:create": "rule:admin_or_owner",
"os_compute_api:os-volumes-attachments:update": "rule:admin_or_owner",
"os_compute_api:os-volumes-attachments:delete": "rule:admin_or_owner",
"os_compute_api:os-volumes-attachments:discoverable": "@",
"os_compute_api:os-availability-zone:list": "rule:admin_or_owner",
"os_compute_api:os-availability-zone:discoverable": "@",
"os_compute_api:os-availability-zone:detail": "rule:admin_api",
"os_compute_api:os-used-limits": "rule:admin_api",
"os_compute_api:os-used-limits:discoverable": "@",
"os_compute_api:os-migrations:index": "rule:admin_api",
"os_compute_api:os-migrations:discoverable": "@",
"os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api",
"os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api",
"os_compute_api:os-assisted-volume-snapshots:discoverable": "@",
"os_compute_api:os-console-auth-tokens": "rule:admin_api",
"os_compute_api:os-server-external-events:create": "rule:admin_api"
}
\ No newline at end of file
circle/circle/settings/base.py
......@@ -29,7 +29,6 @@ from django.core.exceptions import ImproperlyConfigured
from django.utils.translation import ugettext_lazy as _
from json import loads
# from socket import SOCK_STREAM
......@@ -535,3 +534,19 @@ BLACKLIST_HOOK_URL = get_env_variable("BLACKLIST_HOOK_URL", "")
REQUEST_HOOK_URL = get_env_variable("REQUEST_HOOK_URL", "")
TWO_FACTOR_ISSUER = get_env_variable("TWO_FACTOR_ISSUER", "CIRCLE")
POLICY_FILES_PATH = os.path.join(BASE_DIR, "os_policies")
# Map of local copy of service policy files
POLICY_FILES = {
'identity': 'keystone_policy.json',
'compute': 'nova_policy.json',
'volume': 'cinder_policy.json',
'image': 'glance_policy.json',
'network': 'neutron_policy.json',
}
# Services for which horizon has extra policies are defined
# in POLICY_DIRS by default.
POLICY_DIRS = {
'compute': ['nova_policy.d'],
'volume': ['cinder_policy.d'],
}
\ No newline at end of file
circle/common/operations.py
......@@ -72,7 +72,7 @@ class Operation(object):
"%s" % ", ".join(unexpected_kwargs))
if not skip_auth_check:
self.check_auth(user)
self.check_auth(user, request)
self.check_precond()
return allargs, auxargs
......
circle/dashboard/views/util.py
......@@ -262,16 +262,17 @@ class OperationView(RedirectToLoginMixin, DetailView):
ctx['template'] = super(OperationView, self).get_template_names()[0]
return ctx
def check_auth(self):
def check_auth(self, request):
logger.debug("OperationView.check_auth(%s)", unicode(self))
self.get_op().check_auth(self.request.user)
self.get_op().check_auth(self.request.user, request)
@classmethod
def check_perms(cls, user):
cls.get_operation_class().check_perms(user)
def get(self, request, *args, **kwargs):
self.check_auth()
self.get_op().instance.get_from_os(request)
self.check_auth(request)
return super(OperationView, self).get(request, *args, **kwargs)
def get_response_data(self, result, done, extra=None, **kwargs):
......@@ -287,7 +288,8 @@ class OperationView(RedirectToLoginMixin, DetailView):
return extra
def post(self, request, extra=None, *args, **kwargs):
self.check_auth()
self.get_op().instance.get_from_os(request)
self.check_auth(request)
self.object = self.get_object()
if extra is None:
extra = {}
......
circle/dashboard/views/vm.py
......@@ -111,7 +111,7 @@ class VmDetailView(LoginRequiredMixin, GraphMixin, DetailView):
context = super(VmDetailView, self).get_context_data(**kwargs)
instance = context['instance']
user = self.request.user
ops = get_operations(instance, user)
ops = get_operations(instance, user, self.request)
hide_tutorial = self.request.COOKIES.get(
"hide_tutorial_for_%s" % instance.pk) == "True"
context.update({
......@@ -293,13 +293,13 @@ class VmOperationView(AjaxOperationMixin, OperationView):
self.object.get_from_os(self.request)
return ctx
#
def get_operations(instance, user):
def get_operations(instance, user, request):
ops = []
for k, v in vm_ops.iteritems():
try:
op = v.get_op_by_object(instance)
# op.check_auth(user)
op.check_auth(user, request)
op.check_precond()
except PermissionDenied as e:
logger.debug('Not showing operation %s for %s: %s',
......@@ -1268,7 +1268,7 @@ def vm_activity(request, pk):
'instance': instance,
'activities': (),
'show_show_all': False,
'ops': get_operations(instance, request.user),
'ops': get_operations(instance, request.user, request),
}
response['activities'] = render_to_string(
......
circle/vm/operations.py
......@@ -63,7 +63,6 @@ logger = getLogger(__name__)
class RemoteOperationMixin(object):
remote_timeout = 30
def _operation(self, **kwargs):
......@@ -102,6 +101,7 @@ class InstanceOperation(Operation):
accept_states = None
deny_states = None
resultant_state = None
os_policy_actions = None
def __init__(self, instance):
super(InstanceOperation, self).__init__(subject=instance)
......@@ -123,19 +123,20 @@ class InstanceOperation(Operation):
unicode(self.accept_states))
raise self.instance.WrongStateError(self.instance)
def check_auth(self, user):
return
if not self.instance.has_level(user, self.acl_level):
def check_auth(self, user, request):
from django.utils.module_loading import import_string
check = import_string("openstack_auth.policy.check")
has_rights = check(self.os_policy_actions, request,
{'project_id': self.instance._os_server.tenant_id})
if not has_rights:
raise humanize_exception(ugettext_noop(
"%(acl_level)s level is required for this operation."),
PermissionDenied(), acl_level=self.acl_level)
"operation not permitted"),
PermissionDenied())
super(InstanceOperation, self).check_auth(user=user)
if (self.instance.node and not self.instance.node.online and
not user.is_superuser):
raise self.instance.WrongStateError(self.instance)
def is_preferred(self):
"""If this is the recommended op in the current state of the instance.
"""
......@@ -146,7 +147,6 @@ class InstanceOperation(Operation):
class RemoteInstanceOperation(RemoteOperationMixin, InstanceOperation):
remote_queue = ('vm', 'fast')
def _get_remote_queue(self):
......@@ -157,7 +157,7 @@ class RemoteInstanceOperation(RemoteOperationMixin, InstanceOperation):
class EnsureAgentMixin(object):
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
def check_precond(self):
super(EnsureAgentMixin, self).check_precond()
......@@ -177,7 +177,7 @@ class EnsureAgentMixin(object):
class RemoteAgentOperation(EnsureAgentMixin, RemoteInstanceOperation):
remote_queue = ('agent', )
remote_queue = ('agent',)
concurrency_check = False
......@@ -192,7 +192,7 @@ class AddInterfaceOperation(InstanceOperation):
def rollback(self, net, activity):
with activity.sub_activity(
'destroying_net',
'destroying_net',
readable_name=ugettext_noop("destroy network (rollback)")):
net.destroy()
net.delete()
......@@ -227,11 +227,10 @@ class AddInterfaceOperation(InstanceOperation):
@register_operation
class CreateDiskOperation(InstanceOperation):
id = 'create_disk'
name = _("create disk")
description = _("Create and attach empty disk to the virtual machine.")
required_perms = ('storage.create_empty_disk', )
required_perms = ('storage.create_empty_disk',)
accept_states = ('STOPPED', 'PENDING', 'ACTIVE')
def _operation(self, user, size, activity, name=None):
......@@ -250,8 +249,8 @@ class CreateDiskOperation(InstanceOperation):
if self.instance.is_running:
with activity.sub_activity(
'deploying_disk',
readable_name=ugettext_noop("deploying disk")
'deploying_disk',
readable_name=ugettext_noop("deploying disk")
):
disk.deploy()
self.instance._attach_disk(parent_activity=activity, disk=disk)
......@@ -264,13 +263,12 @@ class CreateDiskOperation(InstanceOperation):
@register_operation
class ResizeDiskOperation(RemoteInstanceOperation):
id = 'resize_disk'
name = _("resize disk")
description = _("Resize the virtual disk image. "
"Size must be greater value than the actual size.")
required_perms = ('storage.resize_disk', )
accept_states = ('ACTIVE', )
required_perms = ('storage.resize_disk',)
accept_states = ('ACTIVE',)
async_queue = "localhost.man.slow"
remote_queue = ('vm', 'slow')
task = vm_tasks.resize_disk
......@@ -303,7 +301,7 @@ class DownloadDiskOperation(InstanceOperation):
"machine.")
abortable = True
has_percentage = True
required_perms = ('storage.download_disk', )
required_perms = ('storage.download_disk',)
accept_states = ('STOPPED', 'PENDING', 'ACTIVE')
async_queue = "localhost.man.slow"
......@@ -337,6 +335,7 @@ class DeployOperation(InstanceOperation):
description = _("Deploy and start the virtual machine (including storage "
"and network configuration).")
accept_states = ('SHUTOFF')
os_policy_actions = (("compute", "compute:start"),)
def is_preferred(self):
return (not self.instance.is_base and
......@@ -345,6 +344,7 @@ class DeployOperation(InstanceOperation):
def _operation(self, request, node=None):
openstack_api.nova.server_start(request, self.instance.os_server_id)
@register_operation
class DestroyOperation(InstanceOperation):
id = 'destroy'
......@@ -353,13 +353,12 @@ class DestroyOperation(InstanceOperation):
"settings and disks.")
required_perms = ()
resultant_state = 'DESTROYED'
def on_abort(self, activity, error):
activity.resultant_state = None
os_policy_actions = (("compute", "compute:delete"),)
def _operation(self, activity, system):
pass
@register_operation
class MigrateOperation(RemoteInstanceOperation):
id = 'migrate'
......@@ -368,7 +367,7 @@ class MigrateOperation(RemoteInstanceOperation):
"keeping its full state.")
required_perms = ()
superuser_required = True
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
async_queue = "localhost.man.slow"
task = vm_tasks.migrate
remote_queue = ("vm", "slow")
......@@ -380,8 +379,8 @@ class MigrateOperation(RemoteInstanceOperation):
def rollback(self, activity):
with activity.sub_activity(
'rollback_net', readable_name=ugettext_noop(
"redeploy network (rollback)")):
'rollback_net', readable_name=ugettext_noop(
"redeploy network (rollback)")):
self.instance.deploy_net()
def _operation(self, activity, to_node=None, live_migration=True):
......@@ -394,8 +393,8 @@ class MigrateOperation(RemoteInstanceOperation):
try:
with activity.sub_activity(
'migrate_vm', readable_name=create_readable(
ugettext_noop("migrate to %(node)s"), node=to_node)):
'migrate_vm', readable_name=create_readable(
ugettext_noop("migrate to %(node)s"), node=to_node)):
super(MigrateOperation, self)._operation(
to_node=to_node, live_migration=live_migration)
except Exception as e:
......@@ -405,8 +404,8 @@ class MigrateOperation(RemoteInstanceOperation):
# Shutdown networks
with activity.sub_activity(
'shutdown_net', readable_name=ugettext_noop(
"shutdown network")):
'shutdown_net', readable_name=ugettext_noop(
"shutdown network")):
self.instance.shutdown_net()
# Refresh node information
......@@ -415,8 +414,8 @@ class MigrateOperation(RemoteInstanceOperation):
# Estabilish network connection (vmdriver)
with activity.sub_activity(
'deploying_net', readable_name=ugettext_noop(
"deploy network")):
'deploying_net', readable_name=ugettext_noop(
"deploy network")):
self.instance.deploy_net()
......@@ -426,7 +425,8 @@ class RebootOperation(InstanceOperation):
name = _("reboot")
description = _("Warm reboot virtual machine by sending Ctrl+Alt+Del "
"signal to its console.")
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
os_policy_actions = (("compute", "compute:reboot"),)
def _operation(self, activity):
pass
......@@ -463,7 +463,7 @@ class RemovePortOperation(InstanceOperation):
description = _("Close the specified port.")
concurrency_check = False
acl_level = "operator"
required_perms = ('vm.config_ports', )
required_perms = ('vm.config_ports',)
def _operation(self, activity, rule):
interface = rule.host.interface_set.get()
......@@ -482,7 +482,7 @@ class AddPortOperation(InstanceOperation):
description = _("Open the specified port.")
concurrency_check = False
acl_level = "operator"
required_perms = ('vm.config_ports', )
required_perms = ('vm.config_ports',)
def _operation(self, activity, host, proto, port):
if host.interface_set.get().instance != self.instance:
......@@ -506,8 +506,8 @@ class RemoveDiskOperation(InstanceOperation):
if self.instance.is_running and disk.type not in ["iso"]:
self.instance._detach_disk(disk=disk, parent_activity=activity)
with activity.sub_activity(
'destroy_disk',
readable_name=ugettext_noop('destroy disk')
'destroy_disk',
readable_name=ugettext_noop('destroy disk')
):
disk.destroy()
return self.instance.disks.remove(disk)
......@@ -523,7 +523,7 @@ class ResetOperation(RemoteInstanceOperation):
name = _("reset")
description = _("Cold reboot virtual machine (power cycle).")
required_perms = ()
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
task = vm_tasks.reset
def _operation(self, activity):
......@@ -543,7 +543,7 @@ class SaveAsTemplateOperation(InstanceOperation):
"start an instance of it.")
has_percentage = True
abortable = True
required_perms = ('vm.create_template', )
required_perms = ('vm.create_template',)
accept_states = ('ACTIVE', 'STOPPED')
async_queue = "localhost.man.slow"
......@@ -611,10 +611,10 @@ class SaveAsTemplateOperation(InstanceOperation):
self.disks = []
for disk in self.instance.disks.all():
with activity.sub_activity(
'saving_disk',
readable_name=create_readable(
ugettext_noop("saving disk %(name)s"),
name=disk.name)
'saving_disk',
readable_name=create_readable(
ugettext_noop("saving disk %(name)s"),
name=disk.name)
):
self.disks.append(__try_save_disk(disk))
......@@ -655,7 +655,7 @@ class ShutdownOperation(AbortableRemoteOperationMixin,
"turn itself off in a period.")
abortable = True
required_perms = ()
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
resultant_state = 'STOPPED'
task = vm_tasks.shutdown
remote_queue = ("vm", "slow")
......@@ -689,10 +689,12 @@ class ShutOffOperation(InstanceOperation):
"operation is the same as interrupting the power supply "
"of a physical machine.")
accept_states = ('ACTIVE', 'PAUSED')
os_policy_actions = (("compute", "compute:stop"),)
def _operation(self, request):
openstack_api.nova.server_stop(request, self.instance.os_server_id)
@register_operation
class SleepOperation(InstanceOperation):
id = 'sleep'
......@@ -705,7 +707,8 @@ class SleepOperation(InstanceOperation):
"need a continous network connection may fail when "
"resumed. In the meantime, the machine will only use "
"storage resources, and keep network resources allocated.")
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
os_policy_actions = (("compute", "compute:suspend"),)
def is_preferred(self):
return (not self.instance.is_base and
......@@ -729,7 +732,8 @@ class WakeUpOperation(InstanceOperation):
"load the saved memory of the system and start the "
"virtual machine from this state.")
required_perms = ()
accept_states = ('SUSPENDED', )
accept_states = ('SUSPENDED',)
os_policy_actions = (("compute", "compute:resume"),)
def is_preferred(self):
return self.instance.status == self.instance.STATUS.SUSPENDED
......@@ -758,7 +762,7 @@ class RenewOperation(InstanceOperation):
def set_time_of_suspend(self, activity, suspend, force):
with activity.sub_activity(
'renew_suspend', concurrency_check=False,
'renew_suspend', concurrency_check=False,
readable_name=ugettext_noop('set time of suspend')):
if (not force and suspend and self.instance.time_of_suspend and
suspend < self.instance.time_of_suspend):
......@@ -769,7 +773,7 @@ class RenewOperation(InstanceOperation):
def set_time_of_delete(self, activity, delete, force):
with activity.sub_activity(
'renew_delete', concurrency_check=False,
'renew_delete', concurrency_check=False,
readable_name=ugettext_noop('set time of delete')):
if (not force and delete and self.instance.time_of_delete and
delete < self.instance.time_of_delete):
......@@ -810,7 +814,7 @@ class ChangeStateOperation(InstanceOperation):
"redeployed without losing its storage and network "
"resources.")
acl_level = "owner"
required_perms = ('vm.emergency_change_state', )
required_perms = ('vm.emergency_change_state',)
concurrency_check = False
def _operation(self, user, activity, new_state="NOSTATE", interrupt=False,
......@@ -837,7 +841,7 @@ class RedeployOperation(InstanceOperation):
"and redeploy the VM. This operation allows starting "
"machines formerly running on a failed node.")
acl_level = "owner"
required_perms = ('vm.redeploy', )
required_perms = ('vm.redeploy',)
concurrency_check = False
def _operation(self, user, activity, with_emergency_change_state=True):
......@@ -1091,7 +1095,7 @@ class ScreenshotOperation(RemoteInstanceOperation):
"screensaver.")
acl_level = "owner"
required_perms = ()
accept_states = ('ACTIVE', )
accept_states = ('ACTIVE',)
task = vm_tasks.screenshot
......@@ -1103,8 +1107,8 @@ class RecoverOperation(InstanceOperation):
"state. Network resources (allocations) are already lost, "
"so you will have to manually add interfaces afterwards.")
acl_level = "owner"
required_perms = ('vm.recover', )
accept_states = ('DESTROYED', )
required_perms = ('vm.recover',)
accept_states = ('DESTROYED',)
resultant_state = 'PENDING'
def check_precond(self):
......@@ -1115,7 +1119,7 @@ class RecoverOperation(InstanceOperation):
def _operation(self, user, activity):
with activity.sub_activity(
'recover_instance',
'recover_instance',
readable_name=ugettext_noop("recover instance")):
self.instance.destroyed_at = None
for disk in self.instance.disks.all():
......@@ -1142,7 +1146,7 @@ class ResourcesOperation(InstanceOperation):
name = _("resources change")
description = _("Change resources of a stopped virtual machine.")
acl_level = "owner"
required_perms = ('vm.change_resources', )
required_perms = ('vm.change_resources',)
accept_states = ('STOPPED', 'PENDING', 'ACTIVE')
def _operation(self, user, activity,
......@@ -1294,6 +1298,7 @@ class AgentStartedOperation(InstanceOperation):
def _operation(self, user, activity, old_version=None, agent_system=None):
pass
@register_operation
class UpdateAgentOperation(RemoteAgentOperation):
id = 'update_agent'
......@@ -1367,7 +1372,7 @@ class UpdateAgentOperation(RemoteAgentOperation):
index = 0
filename = settings.AGENT_VERSION + ".tar"
while True:
chunk = data[index:index+chunk_size]
chunk = data[index:index + chunk_size]
if chunk:
agent_tasks.append.apply_async(
queue=queue,
......
requirements/circlestack.txt
......@@ -68,7 +68,7 @@ msgpack==0.5.4
msgpack-python==0.5.4
munch==2.2.0
MySQL-python==1.2.5
netaddr==0.7.14
netaddr==0.7.19
netifaces==0.10.6
nltk==3.2.5
numpy==1.14.0
......@@ -78,6 +78,7 @@ os-service-types==1.2.0
osc-lib==1.9.0
oslo.config==5.2.0
oslo.i18n==3.19.0
oslo.policy==1.33.1
oslo.serialization==2.24.0
oslo.utils==3.35.0
packaging==16.8
......@@ -117,7 +118,7 @@ python-novaclient==10.1.0
pytz==2015.4
PyYAML==3.12
repoze.who==2.3
requests==2.7.0
requests==2.18.4
requestsexceptions==1.4.0
rfc3986==1.1.0
rosetta==0.3
......@@ -128,7 +129,7 @@ semantic-version==2.6.0
shutilwhich==1.1.0
simplegeneric==0.8.1
simplejson==3.7.2
six==1.9.0
six==1.11.0
slimit==0.8.1
sqlparse==0.1.15
stevedore==1.28.0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment