Andy Bavier | 58fac5d | 2019-05-20 16:28:09 -0700 | [diff] [blame^] | 1 | option app_label = "core"; |
| 2 | |
| 3 | // use thi policy to allow access to admins only |
| 4 | policy admin_policy < ctx.user.is_admin > |
| 5 | |
| 6 | message XOSBase { |
| 7 | option skip_init = True; |
| 8 | option custom_header = "xosbase_header"; |
| 9 | option abstract = True; |
| 10 | option custom_python=True; |
| 11 | |
| 12 | // field 1 is reserved for "id" |
| 13 | required string created = 2 [content_type = "date", auto_now_add = True, bookkeeping_state = True, help_text = "Time this model was created"]; |
| 14 | required string updated = 3 [default = "now()", content_type = "date", bookkeeping_state = True, help_text = "Time this model was changed by a non-synchronizer"]; |
| 15 | optional string enacted = 4 [content_type = "date", blank = True, default = None, bookkeeping_state = True, help_text = "When synced, set to the timestamp of the data that was synced"]; |
| 16 | optional string policed = 5 [content_type = "date", blank = True, default = None, bookkeeping_state = True, help_text = "When policed, set to the timestamp of the data that was policed"]; |
| 17 | optional string backend_register = 6 [default = "{}", max_length = 1024, feedback_state = True]; |
| 18 | required bool backend_need_delete = 7 [default = False, bookkeeping_state = True]; |
| 19 | required bool backend_need_reap = 8 [default = False, bookkeeping_state = True]; |
| 20 | required string backend_status = 9 [default = "Provisioning in progress", max_length = 1024, feedback_state = True]; |
| 21 | required int32 backend_code = 10 [default = 0, feedback_state = True]; |
| 22 | required bool deleted = 11 [default = False, bookkeeping_state = True]; |
| 23 | required bool write_protect = 12 [default = False, bookkeeping_state = True]; |
| 24 | required bool lazy_blocked = 13 [default = False, bookkeeping_state = True]; |
| 25 | required bool no_sync = 14 [default = False, bookkeeping_state = True]; |
| 26 | required bool no_policy = 15 [default = False, bookkeeping_state = True]; |
| 27 | optional string policy_status = 16 [default = "Policy in process", max_length = 1024, feedback_state = True]; |
| 28 | optional int32 policy_code = 17 [default = 0, feedback_state = True]; |
| 29 | required string leaf_model_name = 18 [max_length = 1024, bookkeeping_state = True, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"]; |
| 30 | required bool backend_need_delete_policy = 19 [default = False, bookkeeping_state = True, help_text = "True if delete model_policy must be run before object can be reaped"]; |
| 31 | required bool xos_managed = 20 [default = True, help_text = "True if xos is responsible for creating/deleting this object", gui_hidden = True]; |
| 32 | optional string backend_handle = 21 [max_length = 1024, feedback_state = True, blank=True, help_text = "Handle used by the backend to track this object", gui_hidden = True]; |
| 33 | optional string changed_by_step = 22 [content_type = "date", blank = True, default = None, bookkeeping_state = True, gui_hidden = True, help_text = "Time this model was changed by a sync step"]; |
| 34 | optional string changed_by_policy = 23 [content_type = "date", blank = True, default = None, bookkeeping_state = True, gui_hidden = True, help_text = "Time this model was changed by a model policy"]; |
| 35 | } |
| 36 | |
| 37 | // The calling user represents the user being accessed, or is a site admin. |
| 38 | policy user_policy < |
| 39 | ctx.user.is_admin |
| 40 | | ctx.user.id = obj.id |
| 41 | | (exists Privilege: |
| 42 | Privilege.accessor_id = ctx.user.id |
| 43 | & Privilege.accessor_type = "User" |
| 44 | & Privilege.permission = "role:admin" |
| 45 | & Privilege.object_type = "Site" |
| 46 | & Privilege.object_id = ctx.user.site.id) > |
| 47 | |
| 48 | message User::user_policy (AbstractBaseUser,PlModelMixIn) { |
| 49 | option skip_django = True; |
| 50 | option description = "An XOS User"; |
| 51 | |
| 52 | // field 1 is reserved for "id" |
| 53 | required string email = 2 [db_index = True, max_length = 256, blank = False, tosca_key=True]; |
| 54 | required string username = 3 [default = "Something", max_length = 256, content_type = "stripped", blank = False, db_index = False]; |
| 55 | required string password = 4 [default = "Something", max_length = 256, blank = False, db_index = False]; |
| 56 | optional string last_login = 5 [db_index = False, content_type = "date", blank = True]; |
| 57 | required string firstname = 6 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's given name", db_index = False]; |
| 58 | required string lastname = 7 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's surname", db_index = False]; |
| 59 | optional string phone = 8 [max_length = 100, content_type = "stripped", blank = True, help_text = "phone number contact", db_index = False]; |
| 60 | optional string user_url = 9 [db_index = False, max_length = 200, content_type = "url", blank = True]; |
| 61 | required manytoone site->Site:users = 10:1001 [help_text = "Site this user will be homed too", db_index = True, blank = False]; |
| 62 | optional string public_key = 11 [help_text = "Public key string", db_index = False, blank = True, text = True]; |
| 63 | required bool is_active = 12 [default = True, db_index = False]; |
| 64 | required bool is_admin = 13 [default = False, db_index = False]; |
| 65 | required bool is_staff = 14 [default = True, db_index = False]; |
| 66 | required bool is_readonly = 15 [default = False, db_index = False]; |
| 67 | required bool is_registering = 16 [default = False, db_index = False]; |
| 68 | required bool is_appuser = 17 [default = False, db_index = False]; |
| 69 | optional string login_page = 18 [max_length = 200, content_type = "stripped", blank = True, help_text = "send this user to a specific page on login", db_index = False]; |
| 70 | required string created = 19 [content_type = "date", auto_now_add = True, help_text = "Time this model was created"]; |
| 71 | required string updated = 20 [default = "now()", content_type = "date", help_text = "Time this model was changed by a non-synchronizer"]; |
| 72 | optional string enacted = 21 [content_type = "date", blank = True, default = None, help_text = "When synced, set to the timestamp of the data that was synced"]; |
| 73 | optional string policed = 22 [content_type = "date", blank = True, default = None, help_text = "When policed, set to the timestamp of the data that was policed"]; |
| 74 | required string backend_status = 23 [default = "Provisioning in progress", max_length = 1024, content_type = "stripped", blank = False, db_index = False]; |
| 75 | required int32 backend_code = 24 [default = 0]; |
| 76 | required bool backend_need_delete = 25 [default = False, db_index = False]; |
| 77 | required bool backend_need_reap = 26 [default = False, db_index = False]; |
| 78 | required bool deleted = 27 [default = False, db_index = False]; |
| 79 | required bool write_protect = 28 [default = False, db_index = False]; |
| 80 | required bool lazy_blocked = 29 [default = False, db_index = False]; |
| 81 | required bool no_sync = 30 [default = False, db_index = False]; |
| 82 | required bool no_policy = 31 [default = False, db_index = False]; |
| 83 | required string timezone = 32 [default = "America/New_York", max_length = 100, blank = False, db_index = False]; |
| 84 | optional string policy_status = 33 [default = "0 - Policy in process", max_length = 1024]; |
| 85 | optional int32 policy_code = 34 [default = 0]; |
| 86 | required string leaf_model_name = 35 [max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"]; |
| 87 | required bool backend_need_delete_policy = 36 [default = False, help_text = "True if delete model_policy must be run before object can be reaped"]; |
| 88 | required bool xos_managed = 37 [default = True, help_text = "True if xos is responsible for creating/deleting this object", gui_hidden = True]; |
| 89 | optional string backend_handle = 38 [max_length = 1024, feedback_state = True, blank=True, help_text = "Handle used by the backend to track this object", gui_hidden = True]; |
| 90 | optional string changed_by_step = 39 [content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a sync step"]; |
| 91 | optional string changed_by_policy = 40 [content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a model policy"]; |
| 92 | } |
| 93 | |
| 94 | // A user may give a permission that he has to another user |
| 95 | policy grant_policy < ctx.user.is_admin |
| 96 | | exists Privilege:Privilege.object_type = obj.object_type |
| 97 | & Privilege.object_id = obj.object_id |
| 98 | & Privilege.accessor_type = "User" |
| 99 | & Privilege.accessor_id = ctx.user.id |
| 100 | & Privilege.permission = "role:admin" > |
| 101 | |
| 102 | message Privilege::grant_policy (XOSBase) { |
| 103 | required int32 accessor_id = 1 [blank=False]; |
| 104 | required string accessor_type = 2 [max_length=1024, blank = False]; |
| 105 | required int32 object_id = 4 [blank=False]; |
| 106 | required string object_type = 5 [max_length=1024, blank = False]; |
| 107 | required string permission = 6 [default = "all", max_length=1024, tosca_key=True]; |
| 108 | required string granted = 7 [content_type = "date", auto_now_add = True, max_length=1024]; |
| 109 | optional string expires = 8 [content_type = "date", max_length=1024]; |
| 110 | } |
| 111 | |
| 112 | message AddressPool (XOSBase) { |
| 113 | option custom_python=True; |
| 114 | required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True, help_text="Name of this AddressPool"]; |
| 115 | optional string addresses = 2 [db_index = False, blank = True, text = True, help_text="Space-separated list of available addresses"]; |
| 116 | required string gateway_ip = 3 [max_length = 32, help_text="Gateway IP address for this AddressPool"]; |
| 117 | required string gateway_mac = 4 [max_length = 32, help_text="Gateway MAC address for this AddressPool"]; |
| 118 | required string cidr = 5 [max_length = 32, help_text="Subnet for this AddressPool"]; |
| 119 | optional string inuse = 6 [db_index = False, blank = True, text = True, help_text="Space-separated list of inuse addresses"]; |
| 120 | optional manytoone service->Service:addresspools = 7:1001 [db_index = True, blank = True, help_text="Service this AddressPool belongs to"]; |
| 121 | } |
| 122 | |
| 123 | message BackupFile (XOSBase) { |
| 124 | required string name = 1 [ |
| 125 | help_text = "human-readable name of this backup file", |
| 126 | max_length = 256]; |
| 127 | required string uri = 2 [ |
| 128 | help_text = "location of the backup file", |
| 129 | max_length = 1024]; |
| 130 | optional string checksum = 3 [ |
| 131 | help_text = "checksum of backup file, formatted as algorithm:hash", |
| 132 | max_length = 1024]; |
| 133 | // status: |
| 134 | // retrieved - file has been retrieved from URI |
| 135 | // sent - file has been sent to URI |
| 136 | // inprogress - file transfer is in progress |
| 137 | optional string status = 4 [ |
| 138 | help_text = "status of file transfer", |
| 139 | choices = "(('retrieved', 'retrieved'), ('sent', 'sent'), ('inprogress', 'inprogress'))", |
| 140 | feedback_state = True, |
| 141 | max_length = 32]; |
| 142 | optional string backend_filename = 5 [ |
| 143 | help_text = "for internal use, local filename", |
| 144 | feedback_state = True, |
| 145 | max_length = 1024]; |
| 146 | } |
| 147 | |
| 148 | message BackupOperation (XOSBase) { |
| 149 | // `file` is required for restores. |
| 150 | // `file` is optional for backups. If file is unspecified then XOS will create a backup file using |
| 151 | // a default mechanism. |
| 152 | optional manytoone file->BackupFile:operations = 1:1001 [ |
| 153 | help_text = "File to backup to or restore from"]; |
| 154 | required string component = 2 [ |
| 155 | help_text = "component that this operation applies to", |
| 156 | // XOS is currently the only allowed component |
| 157 | choices = "(('xos', 'XOS'), )", |
| 158 | default = "xos", |
| 159 | max_length = 32]; |
| 160 | required string operation = 3 [ |
| 161 | help_text = "operation to perform", |
| 162 | choices = "(('create', 'create'), ('restore', 'restore'), ('verify', 'verify'))", |
| 163 | max_length = 32]; |
| 164 | optional string status = 4 [ |
| 165 | help_text = "status of operation", |
| 166 | choices = "(('created', 'created'), ('restored', 'restored'), ('failed', 'failed'), ('inprogress', 'in progress'), ('orphaned', 'orphaned'))", |
| 167 | feedback_state = True, |
| 168 | max_length = 32]; |
| 169 | optional string error_msg = 5 [ |
| 170 | help_text = "error message from backup processor, if status is failure", |
| 171 | feedback_state = True, |
| 172 | max_length = 4096]; |
| 173 | // `effective_date` may be different from `XOSBase.enacted` if a synchronizer is performing |
| 174 | // an operation on an external component. `XOSBase.enacted` is always set to the time the |
| 175 | // model is saved, which could differ from the time the backup or restore completed by |
| 176 | // a short time. |
| 177 | optional string effective_date = 6 [ |
| 178 | help_text = "the time and date the operation was completed", |
| 179 | content_type = "date", |
| 180 | feedback_state = True]; |
| 181 | } |
| 182 | |
| 183 | message ComputeServiceInstance (ServiceInstance) { |
| 184 | required manytoone slice->Slice:computeserviceinstances = 1:1001 [db_index = True, blank = False, help_text = "Slice that controls this ServiceInstance"]; |
| 185 | required manytoone image->Image:computeserviceinstances = 2:1001 [db_index = True, blank = False, help_text = "Image used to instantiate this ServiceInstance"]; |
| 186 | } |
| 187 | |
| 188 | // Everyone has read access |
| 189 | // For write access, you have to be a site_admin |
| 190 | |
| 191 | policy site_policy < |
| 192 | ctx.user.is_admin |
| 193 | | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") > |
| 194 | |
| 195 | // If you can access (read or write) the site, you can also access its slices |
| 196 | // Otherwise, you need an explicit privilege on the Slice (admin for write access) |
| 197 | // or admin privilege on the associated site. |
| 198 | policy slice_policy < |
| 199 | ctx.user.is_admin |
| 200 | | (*site_policy(site) |
| 201 | & (ctx.user = obj.creator |
| 202 | | (exists Privilege: |
| 203 | Privilege.accessor_id = ctx.user.id |
| 204 | & Privilege.accessor_type = "User" |
| 205 | & Privilege.object_type = "Slice" |
| 206 | & Privilege.object_id = obj.id |
| 207 | & (ctx.write_access -> Privilege.permission = "role:admin")) |
| 208 | ) |
| 209 | | |
| 210 | (exists Privilege: |
| 211 | Privilege.accessor_id = ctx.user.id |
| 212 | & Privilege.accessor_type = "User" |
| 213 | & Privilege.object_type = "Slice" |
| 214 | & Privilege.object_id = obj.id) |
| 215 | | (exists Privilege: |
| 216 | Privilege.accessor_id = ctx.user.id |
| 217 | & Privilege.accessor_type = "User" |
| 218 | & Privilege.object_type = "Site" |
| 219 | & Privilege.object_id = obj.site.id |
| 220 | & Privilege.permission = "role:admin") |
| 221 | ) > |
| 222 | |
| 223 | |
| 224 | message Flavor (XOSBase) { |
| 225 | required string name = 1 [max_length = 32, content_type = "stripped", blank = False, help_text = "name of this flavor, as displayed to users", db_index = False, unique = True]; |
| 226 | optional string description = 2 [db_index = False, max_length = 1024, content_type = "stripped"]; |
| 227 | required string flavor = 3 [max_length = 32, content_type = "stripped", help_text = "flavor string used to configure deployments"]; |
| 228 | } |
| 229 | |
| 230 | |
| 231 | message Image (XOSBase) { |
| 232 | required string name = 1 [db_index = False, max_length = 256, content_type = "stripped", blank = False, unique_with = "tag"]; |
| 233 | required string kind = 2 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'))", max_length = 30, blank = False, db_index = False]; |
| 234 | optional string disk_format = 3 [db_index = False, max_length = 256, content_type = "stripped", blank = True]; |
| 235 | optional string container_format = 4 [db_index = False, max_length = 256, content_type = "stripped", blank = True]; |
| 236 | optional string path = 5 [max_length = 256, content_type = "stripped", blank = True, help_text = "Path to image on local disk", db_index = False]; |
| 237 | optional string tag = 6 [max_length = 256, content_type = "stripped", blank = True, help_text = "For Docker Images, tag of image", db_index = False]; |
| 238 | } |
| 239 | |
| 240 | policy network_policy < *slice_policy(owner) > |
| 241 | |
| 242 | message Network::network_policy (XOSBase) { |
| 243 | required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True]; |
| 244 | required manytoone template->NetworkTemplate:network = 2:1001 [db_index = True, blank = False]; |
| 245 | optional string subnet = 3 [max_length = 32]; |
| 246 | optional string start_ip = 4 [max_length = 32]; |
| 247 | optional string end_ip = 5 [max_length = 32]; |
| 248 | optional string ports = 6 [max_length = 1024]; |
| 249 | optional string labels = 7 [max_length = 1024]; |
| 250 | required manytoone owner->Slice:ownedNetworks = 8:1004 [help_text = "Slice that owns control of this Network", db_index = True, blank = False]; |
| 251 | required bool permit_all_slices = 10 [default = False, db_index = False]; |
| 252 | required bool autoconnect = 17 [help_text = "This network can be autoconnected to the slice that owns it", default = True, db_index = False]; |
| 253 | optional manytomany permitted_slices->Slice/Network_permitted_slices:availableNetworks = 18:1005 []; |
| 254 | } |
| 255 | |
| 256 | |
| 257 | message NetworkParameter (XOSBase) { |
| 258 | required manytoone parameter->NetworkParameterType:networkparameters = 1:1001 [help_text = "The type of the parameter", db_index = True, blank = False]; |
| 259 | required string value = 2 [help_text = "The value of this parameter", max_length = 1024, db_index = False, blank = False]; |
| 260 | required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this network parameter", db_index = False]; |
| 261 | required uint32 object_id = 5 [db_index = False, blank = False, help_text = "Object linked to this NetworkParameter"]; |
| 262 | } |
| 263 | |
| 264 | |
| 265 | message NetworkParameterType (XOSBase) { |
| 266 | required string name = 1 [help_text = "The name of this parameter", max_length = 128, db_index = True, blank = False, unique = True]; |
| 267 | optional string description = 2 [max_length = 1024]; |
| 268 | } |
| 269 | |
| 270 | policy network_slice_validator < (obj.slice in obj.network.permitted_slices.all()) | (obj.slice = obj.network.owner) | obj.network.permit_all_slices > |
| 271 | policy network_slice_policy < *slice_policy(slice) & *network_policy(network) > |
| 272 | |
| 273 | message NetworkSlice::network_slice_policy (XOSBase) { |
| 274 | option validators = "network_slice_validator:Slice {obj.slice.name} is not allowed to connect to networks {obj.network}"; |
| 275 | required manytoone network->Network:networkslices = 1:1002 [db_index = True, blank = False, unique_with = "slice", tosca_key=True]; |
| 276 | required manytoone slice->Slice:networkslices = 2:1006 [db_index = True, blank = False, tosca_key=True]; |
| 277 | } |
| 278 | |
| 279 | message NetworkTemplate (XOSBase) { |
| 280 | required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True]; |
| 281 | optional string description = 2 [max_length = 1024]; |
| 282 | required string visibility = 4 [default = "private", choices = "(('public', 'public'), ('private', 'private'))", max_length = 30, blank = False, db_index = False]; |
| 283 | required string translation = 5 [default = "none", choices = "(('none', 'none'), ('NAT', 'NAT'))", max_length = 30, blank = False, db_index = False]; |
| 284 | optional string access = 6 [choices = "((None, 'None'), ('indirect', 'Indirect'), ('direct', 'Direct'))", max_length = 30, blank = True, help_text = "Advertise this network as a means for other slices to contact this slice", db_index = False]; |
| 285 | optional string shared_network_name = 7 [db_index = False, max_length = 30, blank = True]; |
| 286 | optional string shared_network_id = 8 [help_text = "Quantum network", max_length = 256, db_index = False, blank = True]; |
| 287 | required string topology_kind = 9 [default = "bigswitch", choices = "(('bigswitch', 'BigSwitch'), ('physical', 'Physical'), ('custom', 'Custom'))", max_length = 30, blank = False, db_index = False]; |
| 288 | optional string controller_kind = 10 [blank = True, max_length = 30, db_index = False, choices = "((None, 'None'), ('onos', 'ONOS'), ('custom', 'Custom'))"]; |
| 289 | optional string vtn_kind = 11 [default = "PRIVATE", choices = "(('PRIVATE', 'Private'), ('PUBLIC', 'Public'), ('MANAGEMENT_LOCAL', 'Management Local'), ('MANAGEMENT_HOST', 'Management Host'), ('VSG', 'VSG'), ('ACCESS_AGENT', 'Access Agent'), ('FLAT', 'Flat'))", max_length = 30, blank = True, db_index = False]; |
| 290 | } |
| 291 | |
| 292 | message Node (XOSBase) { |
| 293 | required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Node", db_index = False, unique = True]; |
| 294 | optional string bridgeId = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Bridge Id", db_index = False]; |
| 295 | optional string dataPlaneIntf = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Interface", db_index = False]; |
| 296 | optional string dataPlaneIp = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Ip", db_index = False]; |
| 297 | optional string hostManagementIface = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Host Management Interface", db_index = False]; |
| 298 | required manytoone site->Site:nodes = 7:1006 [db_index = True, blank = False, default=get_first_site]; |
| 299 | } |
| 300 | message NodeLabel (XOSBase) { |
| 301 | option custom_python=True; |
| 302 | required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "label name", db_index = False, unique = True]; |
| 303 | optional manytomany node->Node/NodeLabel_node:nodelabels = 2:1002 []; |
| 304 | } |
| 305 | |
| 306 | policy port_policy < *network_policy(network) > |
| 307 | |
| 308 | message Port::port_policy (XOSBase) { |
| 309 | required manytoone network->Network:links = 1:1003 [db_index = True, blank = False, unique_with = "service_instance", help_text = "Network bound to this port"]; |
| 310 | optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", db_index = False]; |
| 311 | optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, db_index = False, blank = True]; |
| 312 | optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, db_index = False, blank = True]; |
| 313 | required bool xos_created = 6 [default = False]; |
| 314 | optional manytoone service_instance->ServiceInstance:ports = 7:1001 [db_index = True, blank = True, help_text = "ServiceInstance bound to this port"]; |
| 315 | } |
| 316 | |
| 317 | message Principal (XOSBase) { |
| 318 | required string name = 1 [max_length = 128, db_index = True, blank = False, help_text = "The name of this principal"]; |
| 319 | required manytoone trust_domain->TrustDomain:principals = 2:1001 [db_index = True, blank = False, help_text = "Trust domain this principal resides in"]; |
| 320 | } |
| 321 | |
| 322 | message Role (XOSBase) { |
| 323 | required string role_type = 1 [db_index = False, max_length = 80, content_type = "stripped", blank = False]; |
| 324 | optional string role = 2 [db_index = False, max_length = 80, content_type = "stripped", blank = True]; |
| 325 | optional string description = 3 [max_length = 120, content_type = "stripped"]; |
| 326 | } |
| 327 | |
| 328 | policy service_policy <ctx.user.is_admin | exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Service" & Privilege.object_id = obj.id > |
| 329 | |
| 330 | message Service (XOSBase,AttributeMixin) { |
| 331 | option description = "A service managed by XOS"; |
| 332 | option custom_python=True; |
| 333 | |
| 334 | optional string description = 1 [ |
| 335 | help_text = "Description of Service", |
| 336 | text = True]; |
| 337 | required bool enabled = 2 [ |
| 338 | help_text = "Whether or not service is Enabled", |
| 339 | default = True, |
| 340 | gui_hidden = True]; |
| 341 | required string kind = 3 [ |
| 342 | help_text = "Kind of service", |
| 343 | choices="(('generic', 'Generic'), ('data', 'Data Plane'), ('control', 'Control Plane'), ('oss', 'OSS'))", |
| 344 | content_type = "stripped", |
| 345 | default = "generic", |
| 346 | max_length = 30]; |
| 347 | required string name = 4 [ |
| 348 | help_text = "Unique name of service", |
| 349 | content_type = "stripped", |
| 350 | max_length = 30, |
| 351 | unique = True]; |
| 352 | optional string versionNumber = 5 [ |
| 353 | help_text = "Version of Service Definition", |
| 354 | content_type = "stripped", |
| 355 | max_length = 30]; |
| 356 | required bool published = 6 [ |
| 357 | help_text = "True if this service should be published in XOS", |
| 358 | default = True, |
| 359 | gui_hidden = True]; // deprecated? |
| 360 | optional string icon_url = 8 [ |
| 361 | content_type = "stripped", |
| 362 | gui_hidden = True, |
| 363 | max_length = 1024]; // deprecated? |
| 364 | optional string public_key = 9 [ |
| 365 | help_text = "Public key string", |
| 366 | gui_hidden = True, |
| 367 | text = True]; // likely only used by VM-based services. deprecated? |
| 368 | optional string private_key_fn = 10 [ |
| 369 | help_text = "Filename of private key file, located within core container", |
| 370 | content_type = "stripped", |
| 371 | gui_hidden = True, |
| 372 | max_length = 4096]; // likely only used by VM-based services. deprecated? |
| 373 | optional string service_specific_id = 11 [ |
| 374 | help_text = "Service-specific identifier, opaque to XOS core", |
| 375 | content_type = "stripped", |
| 376 | max_length = 30]; |
| 377 | optional string service_specific_attribute = 12 [ |
| 378 | help_text = "Service-specific string attribute, opaque to XOS core", |
| 379 | gui_hidden = True, |
| 380 | text = True]; |
| 381 | } |
| 382 | |
| 383 | message ServicePort (XOSBase) { |
| 384 | option description = "Exposes a port in a service outside of the pod, implementation depends on Compute Service"; |
| 385 | |
| 386 | required string name = 1 [ |
| 387 | help_text = "Unique service port name", |
| 388 | max_length = 128]; |
| 389 | required int32 external_port = 2 [ |
| 390 | help_text = "external port number"]; |
| 391 | required int32 internal_port = 3 [ |
| 392 | help_text = "internal port number"]; |
| 393 | required string protocol = 4 [ |
| 394 | help_text = "Protocol", |
| 395 | default="TCP", |
| 396 | max_length = 32]; |
| 397 | required manytoone service->Service:serviceports = 5:1002 [ |
| 398 | help_text = "The Service this ServicePort is associated with", |
| 399 | db_index = True]; |
| 400 | } |
| 401 | |
| 402 | message ServiceAttribute (XOSBase) { |
| 403 | option description = "An (key, value) attribute associated with a Service"; |
| 404 | |
| 405 | required string name = 1 [ |
| 406 | help_text = "Attribute Name", |
| 407 | max_length = 128, |
| 408 | unique_with="service"]; |
| 409 | required string value = 2 [ |
| 410 | help_text = "Attribute Value", |
| 411 | text = True]; |
| 412 | required manytoone service->Service:serviceattributes = 3:1003 [ |
| 413 | help_text = "The Service this attribute is associated with", |
| 414 | db_index = True]; |
| 415 | } |
| 416 | |
| 417 | |
| 418 | message ServiceDependency (XOSBase) { |
| 419 | option description = "A dependency relation between a provider and a subscriber service"; |
| 420 | |
| 421 | required manytoone provider_service->Service:provided_dependencies = 1:1004 [ |
| 422 | help_text = "The service that provides this dependency", |
| 423 | db_index = True, |
| 424 | tosca_key=True]; |
| 425 | required manytoone subscriber_service->Service:subscribed_dependencies = 2:1005 [ |
| 426 | help_text = "The services that subscribes to this dependency", |
| 427 | db_index=True, |
| 428 | tosca_key=True]; |
| 429 | required string connect_method = 3 [ |
| 430 | help_text = "method to connect the two services", |
| 431 | choices = "(('none', 'None'), ('private', 'Private'), ('public', 'Public'))", |
| 432 | default="none", |
| 433 | max_length = 30]; |
| 434 | } |
| 435 | |
| 436 | |
| 437 | message Site::site_policy (XOSBase) { |
| 438 | required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name for this Site", db_index = False, unique = True]; |
| 439 | optional string site_url = 2 [max_length = 512, content_type = "url", blank = True, help_text = "Site's Home URL Page", db_index = False]; |
| 440 | required bool enabled = 3 [help_text = "Status for this Site", default = True]; |
| 441 | required bool hosts_nodes = 4 [help_text = "Indicates whether or not the site host nodes", default = True]; |
| 442 | required bool hosts_users = 5 [help_text = "Indicates whether or not the site manages user accounts", default = True]; |
| 443 | optional float longitude = 6 [db_index = False, blank = True]; |
| 444 | optional float latitude = 7 [db_index = False, blank = True]; |
| 445 | required string login_base = 8 [max_length = 50, content_type = "stripped", blank = False, help_text = "Prefix for Slices associated with this Site", db_index = False]; |
| 446 | required bool is_public = 9 [help_text = "Indicates the visibility of this site to other members", default = True]; |
| 447 | required string abbreviated_name = 10 [db_index = False, max_length = 80, content_type = "stripped", blank = False]; |
| 448 | } |
| 449 | |
| 450 | policy slice_name_no_spaces < {{ ' ' not in obj.name }} > |
| 451 | policy slice_has_creator < obj.creator > |
| 452 | |
| 453 | message Slice::slice_policy (XOSBase) { |
| 454 | option validators = "slice_name_no_spaces:Slice name contains spaces, slice_has_creator:Slice has no creator"; |
| 455 | option plural = "Slices"; |
| 456 | option custom_python=True; |
| 457 | |
| 458 | required string name = 1 [max_length = 80, content_type = "stripped", blank = False, help_text = "The Name of the Slice", db_index = False, unique = True]; |
| 459 | required bool enabled = 2 [help_text = "Status for this Slice", default = True]; |
| 460 | optional string description = 4 [help_text = "High level description of the slice and expected activities", text = True]; |
| 461 | required manytoone site->Site:slices = 6:1005 [help_text = "The Site this Slice belongs to", db_index = True, blank = False]; |
| 462 | required int32 max_instances = 7 [default = 10, db_index = False, blank = False]; |
| 463 | optional manytoone service->Service:slices = 8:1006 [db_index = True, blank = True]; |
| 464 | optional string network = 9 [blank = True, max_length = 256, db_index = False, choices = "((None, 'Default'), ('host', 'Host'), ('bridged', 'Bridged'), ('noauto', 'No Automatic Networks'))"]; |
| 465 | optional string exposed_ports = 10 [db_index = False, max_length = 256, blank = True]; |
| 466 | optional manytoone creator->User:slices = 12:1004 [db_index = True]; |
| 467 | optional manytoone default_flavor->Flavor:slices = 13:1002 [db_index = True, blank = True]; |
| 468 | optional manytoone default_image->Image:slices = 14:1005 [db_index = True, blank = True]; |
| 469 | optional manytoone default_node->Node:slices = 15:1003 [db_index = True, blank = True]; |
| 470 | optional string mount_data_sets = 16 [default = "GenBank", max_length = 256, content_type = "stripped", blank = True, db_index = False]; |
| 471 | required string default_isolation = 17 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, db_index = False]; |
| 472 | optional manytoone trust_domain->TrustDomain:slices = 18:1002 [db_index = True, help_text = "Trust domain this slice resides in"]; |
| 473 | optional manytoone principal->Principal:slices = 19:1001 [db_index = True, help_text = "Principal this slice may use to interact with other components"]; |
| 474 | optional int32 controller_replica_count = 20 [default = 0, help_text = "Replica count, controller-dependent"]; |
| 475 | optional string controller_kind = 21 [max_length = 256, content_type = "stripped", blank = True, help_text = "Type of controller, vim-dependent", db_index = False]; |
| 476 | } |
| 477 | |
| 478 | |
| 479 | policy tag_policy < ctx.user.is_admin > |
| 480 | |
| 481 | message Tag::tag_policy (XOSBase) { |
| 482 | required manytoone service->Service:tags = 1:1007 [help_text = "The Service this Tag is associated with", db_index = True, blank = False]; |
| 483 | required string name = 2 [help_text = "The name of this tag", max_length = 128, db_index = True, blank = False]; |
| 484 | required string value = 3 [max_length = 1024, content_type = "stripped", blank = False, help_text = "The value of this tag", db_index = False]; |
| 485 | required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this tag", db_index = False]; |
| 486 | required uint32 object_id = 5 [db_index = False, blank = False, help_text = "Object linked to this tag"]; |
| 487 | } |
| 488 | |
| 489 | message InterfaceType (XOSBase) { |
| 490 | option description = "Defines an InterfaceType that may be used by Services to connect ServiceInstances"; |
| 491 | |
| 492 | required string name = 1 [ |
| 493 | help_text = "Name of this interface type", |
| 494 | content_type = "stripped", |
| 495 | max_length = 200, |
| 496 | unique_with = "direction"]; |
| 497 | required string direction = 2 [ |
| 498 | help_text = "Direction, either in or out", |
| 499 | choices = "(('in', 'In'), ('out', 'Out'))", |
| 500 | content_type = "stripped", |
| 501 | max_length = 30]; |
| 502 | } |
| 503 | |
| 504 | message ServiceInterface (XOSBase) { |
| 505 | option description = "Describes the type of connection attached to a ServiceInstanceLink"; |
| 506 | |
| 507 | required manytoone service->Service:service_interfaces = 1:1008 [ |
| 508 | help_text = "Service that this ServiceInterface is associated with", |
| 509 | db_index = True, |
| 510 | tosca_key=True]; |
| 511 | required manytoone interface_type->InterfaceType:service_interfaces = 2:1001 [ |
| 512 | help_text = "Interface type that describes this interface", |
| 513 | db_index = True, |
| 514 | tosca_key=True]; |
| 515 | } |
| 516 | |
| 517 | message ServiceInstance (XOSBase, AttributeMixin) { |
| 518 | option description = "A portion of a service broken up into a tenant-sized piece"; |
| 519 | option custom_python=True; |
| 520 | |
| 521 | optional string name = 1 [ |
| 522 | help_text = "Name of ServiceInstance", |
| 523 | content_type = "stripped", |
| 524 | max_length = 200]; |
| 525 | required manytoone owner->Service:service_instances = 2:1009 [ |
| 526 | help_text = "The Service that owns this ServiceInstance", |
| 527 | db_index = True]; |
| 528 | optional string service_specific_id = 3 [ |
| 529 | help_text = "Service-specific identifier, opaque to the XOS core", |
| 530 | content_type = "stripped", |
| 531 | gui_hidden = True, |
| 532 | max_length = 30]; |
| 533 | optional string service_specific_attribute = 10 [ |
| 534 | help_text = "Service-specific text attribute, opaque to the XOS core", |
| 535 | gui_hidden = True, |
| 536 | text = True]; |
| 537 | optional uint32 link_deleted_count = 11 [ |
| 538 | help_text = "Incremented each time a provided_link is deleted from this ServiceInstance", |
| 539 | default = 0, |
| 540 | gui_hidden = True]; |
| 541 | optional manytoone master_serviceinstance->ServiceInstance:child_serviceinstances = 12:1002 [ |
| 542 | help_text = "The master service instance that set this service instance up", |
| 543 | gui_hidden = True]; |
| 544 | } |
| 545 | |
| 546 | message ServiceInstanceLink (XOSBase) { |
| 547 | option description = "A link in a chain between two ServiceInstances"; |
| 548 | option custom_python=True; |
| 549 | |
| 550 | required manytoone provider_service_instance->ServiceInstance:provided_links = 1:1003 [ |
| 551 | help_text = "Eastbound serviceinstance of this link", |
| 552 | db_index = True, |
| 553 | tosca_key=True]; |
| 554 | optional manytoone provider_service_interface->ServiceInterface:provided_links = 2:1004 [ |
| 555 | help_text = "Interface descrption of the eastbound linkage point", |
| 556 | db_index = True]; |
| 557 | optional manytoone subscriber_service_instance->ServiceInstance:subscribed_links = 3:1005 [ |
| 558 | help_text = "Westbound ServiceInstance of this link", |
| 559 | db_index = True]; |
| 560 | optional manytoone subscriber_service->Service:subscribed_links = 4:1010 [ |
| 561 | help_text = "Interface description of the westbound linkage point", |
| 562 | db_index = True, |
| 563 | tosca_key_one_of = subscriber_service_instance]; |
| 564 | optional manytoone subscriber_network->Network:subscribed_links = 5:1004 [ |
| 565 | help_text = "Alternative to subscriber_service_instance, if a Network model is the subscriber instead of a ServiceInstance", |
| 566 | db_index = True, |
| 567 | tosca_key_one_of=subscriber_service_instance]; |
| 568 | } |
| 569 | |
| 570 | message ServiceInstanceAttribute (XOSBase) { |
| 571 | option description = "A (key, value) attribute associated with a ServiceInstance"; |
| 572 | |
| 573 | required string name = 1 [ |
| 574 | help_text = "Attribute Name", |
| 575 | max_length = 128, |
| 576 | unique_with = "service_instance"]; |
| 577 | required string value = 2 [ |
| 578 | help_text = "Attribute Value", |
| 579 | text = True]; |
| 580 | required manytoone service_instance->ServiceInstance:service_instance_attributes = 3:1006 [ |
| 581 | help_text = "The Tenant this attribute is associated with", |
| 582 | db_index = True]; |
| 583 | } |
| 584 | |
| 585 | message TrustDomain (XOSBase) { |
| 586 | required string name = 1 [max_length = 256, db_index = True, blank = False, help_text = "Name of this trust domain"]; |
| 587 | required manytoone owner->Service:owned_trust_domains = 2:1011 [db_index = True, blank = False, help_text = "Service partioned by this trust domain"]; |
| 588 | } |
| 589 | |
| 590 | message XOSCore (XOSBase) { |
| 591 | option singular="XOSCore"; |
| 592 | option plural="XOSCores"; |
| 593 | required string name = 1 [default = "XOS", max_length = 200, content_type = "stripped", blank = False, help_text = "Name of XOS", db_index = False, unique = True]; |
| 594 | } |
| 595 | |
| 596 | message XOSGuiExtension::admin_policy (XOSBase) { |
| 597 | option verbose_name="XOS GUI Extension"; |
| 598 | option description="This model holds the instruction to load an extension in the GUI"; |
| 599 | // option no_sync = True; |
| 600 | // option no_policy = True; |
| 601 | |
| 602 | required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the GUI Extensions", db_index = False, unique = True]; |
| 603 | required string files = 2 [max_length = 1024, content_type = "stripped", blank = False, help_text = "List of comma separated file composing the view", db_index = False]; |
| 604 | } |
| 605 | |
| 606 | message ServiceGraphConstraint (XOSBase) { |
| 607 | option verbose_name="Graph Constraint"; |
| 608 | option description="Define the position of the nodes in the service graph"; |
| 609 | required string constraints = 1 [max_length = 1024, content_type = "stripped", help_text = "A composite array defining service positions in the graph, eg [volt, vsg, [address_manager, vrouter]]", tosca_key=True]; |
| 610 | optional int32 priority = 2 [help_text = "The priority of the constraint, the one with highest priority will be used", default=0]; |
| 611 | } |
| 612 | |