00897bd3b7
3rd part of blueprint quantum-scheduler 1. Allow networks to be hosted by certain dhcp agents. Network to dhcp agent is a many to many relationship. Provide a simple scheduler to schedule a network randomly to an active dhcp agent when a network or port is created. 2. Allow admin user to (de)schedule network to a certain dhcp agent manually. 3. Allow routers to be hosted by a certain l3 agent. Router to l3 agent is a many to one relationship. Provide a simple scheduler to schedule a router to l3 agent if the router is not scheduled when the router is updated. 4. Auto schedule networks and routers to agents when agents start. 5. Only support ovs plugin at this point Change-Id: Iddec3ea9d4c0fe2d51a59f7db47145722fc5a1cd
72 lines
2.8 KiB
JSON
72 lines
2.8 KiB
JSON
{
|
|
"admin_or_owner": "role:admin or tenant_id:%(tenant_id)s",
|
|
"admin_or_network_owner": "role:admin or tenant_id:%(network_tenant_id)s",
|
|
"admin_only": "role:admin",
|
|
"regular_user": "",
|
|
"shared": "field:networks:shared=True",
|
|
"external": "field:networks:router:external=True",
|
|
"default": "rule:admin_or_owner",
|
|
|
|
"extension:provider_network:view": "rule:admin_only",
|
|
"extension:provider_network:set": "rule:admin_only",
|
|
|
|
"extension:router:view": "rule:regular_user",
|
|
"extension:router:set": "rule:admin_only",
|
|
"extension:router:add_router_interface": "rule:admin_or_owner",
|
|
"extension:router:remove_router_interface": "rule:admin_or_owner",
|
|
|
|
"extension:port_binding:view": "rule:admin_only",
|
|
"extension:port_binding:set": "rule:admin_only",
|
|
|
|
"subnets:private:read": "rule:admin_or_owner",
|
|
"subnets:private:write": "rule:admin_or_owner",
|
|
"subnets:shared:read": "rule:regular_user",
|
|
"subnets:shared:write": "rule:admin_only",
|
|
|
|
"create_subnet": "rule:admin_or_network_owner",
|
|
"get_subnet": "rule:admin_or_owner or rule:shared",
|
|
"update_subnet": "rule:admin_or_network_owner",
|
|
"delete_subnet": "rule:admin_or_network_owner",
|
|
|
|
"create_network": "",
|
|
"get_network": "rule:admin_or_owner or rule:shared or rule:external",
|
|
"create_network:shared": "rule:admin_only",
|
|
"create_network:router:external": "rule:admin_only",
|
|
"update_network": "rule:admin_or_owner",
|
|
"delete_network": "rule:admin_or_owner",
|
|
|
|
"create_port": "",
|
|
"create_port:mac_address": "rule:admin_or_network_owner",
|
|
"create_port:fixed_ips": "rule:admin_or_network_owner",
|
|
"create_port:port_security_enabled": "rule:admin_or_network_owner",
|
|
"get_port": "rule:admin_or_owner",
|
|
"update_port": "rule:admin_or_owner",
|
|
"update_port:fixed_ips": "rule:admin_or_network_owner",
|
|
"update_port:port_security_enabled": "rule:admin_or_network_owner",
|
|
"delete_port": "rule:admin_or_owner",
|
|
|
|
"extension:service_type:view_extended": "rule:admin_only",
|
|
"create_service_type": "rule:admin_only",
|
|
"update_service_type": "rule:admin_only",
|
|
"delete_service_type": "rule:admin_only",
|
|
"get_service_type": "rule:regular_user",
|
|
|
|
"create_qos_queue:": "rule:admin_only",
|
|
"get_qos_queue:": "rule:admin_only",
|
|
"get_qos_queues:": "rule:admin_only",
|
|
|
|
"update_agent": "rule:admin_only",
|
|
"delete_agent": "rule:admin_only",
|
|
"get_agent": "rule:admin_only",
|
|
"get_agents": "rule:admin_only",
|
|
|
|
"create_dhcp-network": "rule:admin_only",
|
|
"delete_dhcp-network": "rule:admin_only",
|
|
"get_dhcp-networks": "rule:admin_only",
|
|
"create_l3-router": "rule:admin_only",
|
|
"delete_l3-router": "rule:admin_only",
|
|
"get_l3-routers": "rule:admin_only",
|
|
"get_dhcp-agents": "rule:admin_only",
|
|
"get_l3-agents": "rule:admin_only"
|
|
}
|