test/test.xproto

option app_label = "core";

// use thi policy to allow access to admins only
policy admin_policy < ctx.user.is_admin >

message XOSBase {
     option skip_init = True;
     option custom_header = "xosbase_header";
     option abstract = True;
     option custom_python=True;

     // field 1 is reserved for "id"
     required string created = 2 [content_type = "date", auto_now_add = True, bookkeeping_state = True, help_text = "Time this model was created"];
     required string updated = 3 [default = "now()", content_type = "date", bookkeeping_state = True, help_text = "Time this model was changed by a non-synchronizer"];
     optional string enacted = 4 [content_type = "date", blank = True, default = None, bookkeeping_state = True, help_text = "When synced, set to the timestamp of the data that was synced"];
     optional string policed = 5 [content_type = "date", blank = True, default = None, bookkeeping_state = True, help_text = "When policed, set to the timestamp of the data that was policed"];
     optional string backend_register = 6 [default = "{}", max_length = 1024, feedback_state = True];
     required bool backend_need_delete = 7 [default = False, bookkeeping_state = True];
     required bool backend_need_reap = 8 [default = False, bookkeeping_state = True];
     required string backend_status = 9 [default = "Provisioning in progress", max_length = 1024, feedback_state = True];
     required int32 backend_code = 10 [default = 0, feedback_state = True];
     required bool deleted = 11 [default = False, bookkeeping_state = True];
     required bool write_protect = 12 [default = False, bookkeeping_state = True];
     required bool lazy_blocked = 13 [default = False, bookkeeping_state = True];
     required bool no_sync = 14 [default = False, bookkeeping_state = True];
     required bool no_policy = 15 [default = False, bookkeeping_state = True];
     optional string policy_status = 16 [default = "Policy in process", max_length = 1024, feedback_state = True];
     optional int32 policy_code = 17 [default = 0, feedback_state = True];
     required string leaf_model_name = 18 [max_length = 1024, bookkeeping_state = True, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"];
     required bool backend_need_delete_policy = 19 [default = False, bookkeeping_state = True, help_text = "True if delete model_policy must be run before object can be reaped"];
     required bool xos_managed = 20 [default = True, help_text = "True if xos is responsible for creating/deleting this object", gui_hidden = True];
     optional string backend_handle = 21 [max_length = 1024, feedback_state = True, blank=True, help_text = "Handle used by the backend to track this object", gui_hidden = True];
     optional string changed_by_step = 22 [content_type = "date", blank = True, default = None, bookkeeping_state = True, gui_hidden = True, help_text = "Time this model was changed by a sync step"];
     optional string changed_by_policy = 23 [content_type = "date", blank = True, default = None, bookkeeping_state = True, gui_hidden = True, help_text = "Time this model was changed by a model policy"];
}

// The calling user represents the user being accessed, or is a site admin.
policy user_policy <
         ctx.user.is_admin
         | ctx.user.id = obj.id
         | (exists Privilege:
             Privilege.accessor_id = ctx.user.id
             & Privilege.accessor_type = "User"
             & Privilege.permission = "role:admin"
             & Privilege.object_type = "Site"
             & Privilege.object_id = ctx.user.site.id) >

message User::user_policy (AbstractBaseUser,PlModelMixIn) {
     option skip_django = True;
     option description = "An XOS User";

     // field 1 is reserved for "id"
     required string email = 2 [db_index = True, max_length = 256, blank = False, tosca_key=True];
     required string username = 3 [default = "Something", max_length = 256, content_type = "stripped", blank = False, db_index = False];
     required string password = 4 [default = "Something", max_length = 256, blank = False, db_index = False];
     optional string last_login = 5 [db_index = False, content_type = "date", blank = True];
     required string firstname = 6 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's given name", db_index = False];
     required string lastname = 7 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's surname", db_index = False];
     optional string phone = 8 [max_length = 100, content_type = "stripped", blank = True, help_text = "phone number contact", db_index = False];
     optional string user_url = 9 [db_index = False, max_length = 200, content_type = "url", blank = True];
     required manytoone site->Site:users = 10:1001 [help_text = "Site this user will be homed too", db_index = True, blank = False];
     optional string public_key = 11 [help_text = "Public key string", db_index = False, blank = True, text = True];
     required bool is_active = 12 [default = True, db_index = False];
     required bool is_admin = 13 [default = False, db_index = False];
     required bool is_staff = 14 [default = True, db_index = False];
     required bool is_readonly = 15 [default = False, db_index = False];
     required bool is_registering = 16 [default = False, db_index = False];
     required bool is_appuser = 17 [default = False, db_index = False];
     optional string login_page = 18 [max_length = 200, content_type = "stripped", blank = True, help_text = "send this user to a specific page on login", db_index = False];
     required string created = 19 [content_type = "date", auto_now_add = True, help_text = "Time this model was created"];
     required string updated = 20 [default = "now()", content_type = "date", help_text = "Time this model was changed by a non-synchronizer"];
     optional string enacted = 21 [content_type = "date", blank = True, default = None, help_text = "When synced, set to the timestamp of the data that was synced"];
     optional string policed = 22 [content_type = "date", blank = True, default = None, help_text = "When policed, set to the timestamp of the data that was policed"];
     required string backend_status = 23 [default = "Provisioning in progress", max_length = 1024, content_type = "stripped", blank = False, db_index = False];
     required int32 backend_code = 24 [default = 0];
     required bool backend_need_delete = 25 [default = False, db_index = False];
     required bool backend_need_reap = 26 [default = False, db_index = False];
     required bool deleted = 27 [default = False, db_index = False];
     required bool write_protect = 28 [default = False, db_index = False];
     required bool lazy_blocked = 29 [default = False, db_index = False];
     required bool no_sync = 30 [default = False, db_index = False];
     required bool no_policy = 31 [default = False, db_index = False];
     required string timezone = 32 [default = "America/New_York", max_length = 100, blank = False, db_index = False];
     optional string policy_status = 33 [default = "0 - Policy in process", max_length = 1024];
     optional int32 policy_code = 34 [default = 0];
     required string leaf_model_name = 35 [max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"];
     required bool backend_need_delete_policy = 36 [default = False, help_text = "True if delete model_policy must be run before object can be reaped"];
     required bool xos_managed = 37 [default = True, help_text = "True if xos is responsible for creating/deleting this object", gui_hidden = True];
     optional string backend_handle = 38 [max_length = 1024, feedback_state = True, blank=True, help_text = "Handle used by the backend to track this object", gui_hidden = True];
     optional string changed_by_step = 39 [content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a sync step"];
     optional string changed_by_policy = 40 [content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a model policy"];
}

// A user may give a permission that he has to another user
policy grant_policy < ctx.user.is_admin
                      | exists Privilege:Privilege.object_type = obj.object_type
                        & Privilege.object_id = obj.object_id
                        & Privilege.accessor_type = "User"
                        & Privilege.accessor_id = ctx.user.id
                        & Privilege.permission = "role:admin" >

message Privilege::grant_policy (XOSBase) {
     required int32 accessor_id = 1 [blank=False];
     required string accessor_type = 2 [max_length=1024, blank = False];
     required int32 object_id = 4 [blank=False];
     required string object_type = 5 [max_length=1024, blank = False];
     required string permission = 6 [default = "all", max_length=1024, tosca_key=True];
     required string granted = 7 [content_type = "date", auto_now_add = True, max_length=1024];
     optional string expires = 8 [content_type = "date", max_length=1024];
}

message AddressPool (XOSBase) {
     option custom_python=True;
     required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True, help_text="Name of this AddressPool"];
     optional string addresses = 2 [db_index = False, blank = True, text = True, help_text="Space-separated list of available addresses"];
     required string gateway_ip = 3 [max_length = 32, help_text="Gateway IP address for this AddressPool"];
     required string gateway_mac = 4 [max_length = 32, help_text="Gateway MAC address for this AddressPool"];
     required string cidr = 5 [max_length = 32, help_text="Subnet for this AddressPool"];
     optional string inuse = 6 [db_index = False, blank = True, text = True, help_text="Space-separated list of inuse addresses"];
     optional manytoone service->Service:addresspools = 7:1001 [db_index = True, blank = True, help_text="Service this AddressPool belongs to"];
}

message BackupFile (XOSBase) {
    required string name = 1 [
        help_text = "human-readable name of this backup file",
        max_length = 256];
    required string uri = 2 [
        help_text = "location of the backup file",
        max_length = 1024];
    optional string checksum = 3 [
        help_text = "checksum of backup file, formatted as algorithm:hash",
        max_length = 1024];
    // status:
    //    retrieved - file has been retrieved from URI
    //    sent - file has been sent to URI
    //    inprogress - file transfer is in progress
    optional string status = 4 [
        help_text = "status of file transfer",
        choices = "(('retrieved', 'retrieved'), ('sent', 'sent'), ('inprogress', 'inprogress'))",
        feedback_state = True,
        max_length = 32];
    optional string backend_filename = 5 [
        help_text = "for internal use, local filename",
        feedback_state = True,
        max_length = 1024];
}

message BackupOperation (XOSBase) {
    // `file` is required for restores.
    // `file` is optional for backups. If file is unspecified then XOS will create a backup file using
    // a default mechanism.
    optional manytoone file->BackupFile:operations = 1:1001 [
        help_text = "File to backup to or restore from"];
    required string component = 2 [
        help_text = "component that this operation applies to",
        // XOS is currently the only allowed component
        choices = "(('xos', 'XOS'), )",
        default = "xos",
        max_length = 32];
    required string operation = 3 [
        help_text = "operation to perform",
        choices = "(('create', 'create'), ('restore', 'restore'), ('verify', 'verify'))",
        max_length = 32];
    optional string status = 4 [
        help_text = "status of operation",
        choices = "(('created', 'created'), ('restored', 'restored'), ('failed', 'failed'), ('inprogress', 'in progress'), ('orphaned', 'orphaned'))",
        feedback_state = True,
        max_length = 32];
    optional string error_msg = 5 [
        help_text = "error message from backup processor, if status is failure",
        feedback_state = True,
        max_length = 4096];
    // `effective_date` may be different from `XOSBase.enacted` if a synchronizer is performing
    // an operation on an external component. `XOSBase.enacted` is always set to the time the
    // model is saved, which could differ from the time the backup or restore completed by
    // a short time.
    optional string effective_date = 6 [
        help_text = "the time and date the operation was completed",
        content_type = "date",
        feedback_state = True];
}

message ComputeServiceInstance (ServiceInstance) {
     required manytoone slice->Slice:computeserviceinstances = 1:1001 [db_index = True, blank = False, help_text = "Slice that controls this ServiceInstance"];
     required manytoone image->Image:computeserviceinstances = 2:1001 [db_index = True, blank = False, help_text = "Image used to instantiate this ServiceInstance"];
}

// Everyone has read access
// For write access, you have to be a site_admin

policy site_policy <
         ctx.user.is_admin
         | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") >

// If you can access (read or write) the site, you can also access its slices
// Otherwise, you need an explicit privilege on the Slice (admin for write access)
// or admin privilege on the associated site.
policy slice_policy <
         ctx.user.is_admin
         | (*site_policy(site)
         & (ctx.user = obj.creator
               | (exists Privilege:
                     Privilege.accessor_id = ctx.user.id
                     & Privilege.accessor_type = "User"
                     & Privilege.object_type = "Slice"
                     & Privilege.object_id = obj.id
                     & (ctx.write_access -> Privilege.permission = "role:admin"))
             )
             |
              (exists Privilege:
                 Privilege.accessor_id = ctx.user.id
                 & Privilege.accessor_type = "User"
                 & Privilege.object_type = "Slice"
                 & Privilege.object_id = obj.id)
             | (exists Privilege:
                 Privilege.accessor_id = ctx.user.id
                 & Privilege.accessor_type = "User"
                 & Privilege.object_type = "Site"
                 & Privilege.object_id = obj.site.id
                 & Privilege.permission = "role:admin")
                ) >


message Flavor (XOSBase) {
     required string name = 1 [max_length = 32, content_type = "stripped", blank = False, help_text = "name of this flavor, as displayed to users", db_index = False, unique = True];
     optional string description = 2 [db_index = False, max_length = 1024, content_type = "stripped"];
     required string flavor = 3 [max_length = 32, content_type = "stripped", help_text = "flavor string used to configure deployments"];
}


message Image (XOSBase) {
     required string name = 1 [db_index = False, max_length = 256, content_type = "stripped", blank = False, unique_with = "tag"];
     required string kind = 2 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'))", max_length = 30, blank = False, db_index = False];
     optional string disk_format = 3 [db_index = False, max_length = 256, content_type = "stripped", blank = True];
     optional string container_format = 4 [db_index = False, max_length = 256, content_type = "stripped", blank = True];
     optional string path = 5 [max_length = 256, content_type = "stripped", blank = True, help_text = "Path to image on local disk", db_index = False];
     optional string tag = 6 [max_length = 256, content_type = "stripped", blank = True, help_text = "For Docker Images, tag of image", db_index = False];
}

policy network_policy < *slice_policy(owner) >

message Network::network_policy (XOSBase) {
     required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True];
     required manytoone template->NetworkTemplate:network = 2:1001 [db_index = True, blank = False];
     optional string subnet = 3 [max_length = 32];
     optional string start_ip = 4 [max_length = 32];
     optional string end_ip = 5 [max_length = 32];
     optional string ports = 6 [max_length = 1024];
     optional string labels = 7 [max_length = 1024];
     required manytoone owner->Slice:ownedNetworks = 8:1004 [help_text = "Slice that owns control of this Network", db_index = True, blank = False];
     required bool permit_all_slices = 10 [default = False, db_index = False];
     required bool autoconnect = 17 [help_text = "This network can be autoconnected to the slice that owns it", default = True, db_index = False];
     optional manytomany permitted_slices->Slice/Network_permitted_slices:availableNetworks = 18:1005 [];
}


message NetworkParameter (XOSBase) {
     required manytoone parameter->NetworkParameterType:networkparameters = 1:1001 [help_text = "The type of the parameter", db_index = True, blank = False];
     required string value = 2 [help_text = "The value of this parameter", max_length = 1024, db_index = False, blank = False];
     required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this network parameter", db_index = False];
     required uint32 object_id = 5 [db_index = False, blank = False, help_text = "Object linked to this NetworkParameter"];
}


message NetworkParameterType (XOSBase) {
     required string name = 1 [help_text = "The name of this parameter", max_length = 128, db_index = True, blank = False, unique = True];
     optional string description = 2 [max_length = 1024];
}

policy network_slice_validator < (obj.slice in obj.network.permitted_slices.all()) | (obj.slice = obj.network.owner) | obj.network.permit_all_slices >
policy network_slice_policy < *slice_policy(slice) & *network_policy(network) >

message NetworkSlice::network_slice_policy (XOSBase) {
     option validators = "network_slice_validator:Slice {obj.slice.name} is not allowed to connect to networks {obj.network}";
     required manytoone network->Network:networkslices = 1:1002 [db_index = True, blank = False, unique_with = "slice", tosca_key=True];
     required manytoone slice->Slice:networkslices = 2:1006 [db_index = True, blank = False, tosca_key=True];
}

message NetworkTemplate (XOSBase) {
     required string name = 1 [db_index = False, max_length = 32, blank = False, unique = True];
     optional string description = 2 [max_length = 1024];
     required string visibility = 4 [default = "private", choices = "(('public', 'public'), ('private', 'private'))", max_length = 30, blank = False, db_index = False];
     required string translation = 5 [default = "none", choices = "(('none', 'none'), ('NAT', 'NAT'))", max_length = 30, blank = False, db_index = False];
     optional string access = 6 [choices = "((None, 'None'), ('indirect', 'Indirect'), ('direct', 'Direct'))", max_length = 30, blank = True, help_text = "Advertise this network as a means for other slices to contact this slice", db_index = False];
     optional string shared_network_name = 7 [db_index = False, max_length = 30, blank = True];
     optional string shared_network_id = 8 [help_text = "Quantum network", max_length = 256, db_index = False, blank = True];
     required string topology_kind = 9 [default = "bigswitch", choices = "(('bigswitch', 'BigSwitch'), ('physical', 'Physical'), ('custom', 'Custom'))", max_length = 30, blank = False, db_index = False];
     optional string controller_kind = 10 [blank = True, max_length = 30, db_index = False, choices = "((None, 'None'), ('onos', 'ONOS'), ('custom', 'Custom'))"];
     optional string vtn_kind = 11 [default = "PRIVATE", choices = "(('PRIVATE', 'Private'), ('PUBLIC', 'Public'), ('MANAGEMENT_LOCAL', 'Management Local'), ('MANAGEMENT_HOST', 'Management Host'), ('VSG', 'VSG'), ('ACCESS_AGENT', 'Access Agent'), ('FLAT', 'Flat'))", max_length = 30, blank = True, db_index = False];
}

message Node (XOSBase) {
     required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Node", db_index = False, unique = True];
     optional string bridgeId = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Bridge Id", db_index = False];
     optional string dataPlaneIntf = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Interface", db_index = False];
     optional string dataPlaneIp = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Ip", db_index = False];
     optional string hostManagementIface = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Host Management Interface", db_index = False];
     required manytoone site->Site:nodes = 7:1006 [db_index = True, blank = False, default=get_first_site];
}
message NodeLabel (XOSBase) {
     option custom_python=True;
     required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "label name", db_index = False, unique = True];
     optional manytomany node->Node/NodeLabel_node:nodelabels = 2:1002 [];
}

policy port_policy < *network_policy(network) >

message Port::port_policy (XOSBase) {
     required manytoone network->Network:links = 1:1003 [db_index = True, blank = False, unique_with = "service_instance", help_text = "Network bound to this port"];
     optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", db_index = False];
     optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, db_index = False, blank = True];
     optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, db_index = False, blank = True];
     required bool xos_created = 6 [default = False];
     optional manytoone service_instance->ServiceInstance:ports = 7:1001 [db_index = True, blank = True, help_text = "ServiceInstance bound to this port"];
}

message Principal (XOSBase) {
     required string name = 1 [max_length = 128, db_index = True, blank = False, help_text = "The name of this principal"];
     required manytoone trust_domain->TrustDomain:principals = 2:1001 [db_index = True, blank = False, help_text = "Trust domain this principal resides in"];
}

message Role (XOSBase) {
     required string role_type = 1 [db_index = False, max_length = 80, content_type = "stripped", blank = False];
     optional string role = 2 [db_index = False, max_length = 80, content_type = "stripped", blank = True];
     optional string description = 3 [max_length = 120, content_type = "stripped"];
}

policy service_policy <ctx.user.is_admin | exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Service" & Privilege.object_id = obj.id >

message Service (XOSBase,AttributeMixin) {
     option description = "A service managed by XOS";
     option custom_python=True;

     optional string description = 1 [
         help_text = "Description of Service",
         text = True];
     required bool enabled = 2 [
         help_text = "Whether or not service is Enabled",
         default = True,
         gui_hidden = True];
     required string kind = 3 [
         help_text = "Kind of service",
         choices="(('generic', 'Generic'), ('data', 'Data Plane'), ('control', 'Control Plane'), ('oss', 'OSS'))",
         content_type = "stripped",
         default = "generic",
         max_length = 30];
     required string name = 4 [
         help_text = "Unique name of service",
         content_type = "stripped",
         max_length = 30,
         unique = True];
     optional string versionNumber = 5 [
         help_text = "Version of Service Definition",
         content_type = "stripped",
         max_length = 30];
     required bool published = 6 [
         help_text = "True if this service should be published in XOS",
         default = True,
         gui_hidden = True]; // deprecated?
     optional string icon_url = 8 [
         content_type = "stripped",
         gui_hidden = True,
         max_length = 1024]; // deprecated?
     optional string public_key = 9 [
         help_text = "Public key string",
         gui_hidden = True,
         text = True]; // likely only used by VM-based services. deprecated?
     optional string private_key_fn = 10 [
         help_text = "Filename of private key file, located within core container",
         content_type = "stripped",
         gui_hidden = True,
         max_length = 4096]; // likely only used by VM-based services. deprecated?
     optional string service_specific_id = 11 [
         help_text = "Service-specific identifier, opaque to XOS core",
         content_type = "stripped",
         max_length = 30];
     optional string service_specific_attribute = 12 [
         help_text = "Service-specific string attribute, opaque to XOS core",
         gui_hidden = True,
         text = True];
}

message ServicePort (XOSBase) {
     option description = "Exposes a port in a service outside of the pod, implementation depends on Compute Service";

     required string name = 1 [
         help_text = "Unique service port name",
         max_length = 128];
     required int32 external_port = 2 [
         help_text = "external port number"];
     required int32 internal_port = 3 [
         help_text = "internal port number"];
     required string protocol = 4 [
         help_text = "Protocol",
         default="TCP",
         max_length = 32];
     required manytoone service->Service:serviceports = 5:1002 [
         help_text = "The Service this ServicePort is associated with",
         db_index = True];
}

message ServiceAttribute (XOSBase) {
     option description = "An (key, value) attribute associated with a Service";

     required string name = 1 [
         help_text = "Attribute Name",
         max_length = 128,
         unique_with="service"];
     required string value = 2 [
         help_text = "Attribute Value",
         text = True];
     required manytoone service->Service:serviceattributes = 3:1003 [
         help_text = "The Service this attribute is associated with",
         db_index = True];
}


message ServiceDependency (XOSBase) {
     option description = "A dependency relation between a provider and a subscriber service";

     required manytoone provider_service->Service:provided_dependencies = 1:1004 [
         help_text = "The service that provides this dependency",
         db_index = True,
         tosca_key=True];
     required manytoone subscriber_service->Service:subscribed_dependencies = 2:1005 [
         help_text = "The services that subscribes to this dependency",
         db_index=True,
         tosca_key=True];
     required string connect_method = 3 [
         help_text = "method to connect the two services",
         choices = "(('none', 'None'), ('private', 'Private'), ('public', 'Public'))",
         default="none",
         max_length = 30];
}


message Site::site_policy (XOSBase) {
     required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name for this Site", db_index = False, unique = True];
     optional string site_url = 2 [max_length = 512, content_type = "url", blank = True, help_text = "Site's Home URL Page", db_index = False];
     required bool enabled = 3 [help_text = "Status for this Site", default = True];
     required bool hosts_nodes = 4 [help_text = "Indicates whether or not the site host nodes", default = True];
     required bool hosts_users = 5 [help_text = "Indicates whether or not the site manages user accounts", default = True];
     optional float longitude = 6 [db_index = False, blank = True];
     optional float latitude = 7 [db_index = False, blank = True];
     required string login_base = 8 [max_length = 50, content_type = "stripped", blank = False, help_text = "Prefix for Slices associated with this Site", db_index = False];
     required bool is_public = 9 [help_text = "Indicates the visibility of this site to other members", default = True];
     required string abbreviated_name = 10 [db_index = False, max_length = 80, content_type = "stripped", blank = False];
}

policy slice_name_no_spaces < {{ ' ' not in obj.name }} >
policy slice_has_creator < obj.creator >

message Slice::slice_policy (XOSBase) {
     option validators = "slice_name_no_spaces:Slice name contains spaces, slice_has_creator:Slice has no creator";
     option plural = "Slices";
     option custom_python=True;

     required string name = 1 [max_length = 80, content_type = "stripped", blank = False, help_text = "The Name of the Slice", db_index = False, unique = True];
     required bool enabled = 2 [help_text = "Status for this Slice", default = True];
     optional string description = 4 [help_text = "High level description of the slice and expected activities", text = True];
     required manytoone site->Site:slices = 6:1005 [help_text = "The Site this Slice belongs to", db_index = True, blank = False];
     required int32 max_instances = 7 [default = 10, db_index = False, blank = False];
     optional manytoone service->Service:slices = 8:1006 [db_index = True, blank = True];
     optional string network = 9 [blank = True, max_length = 256, db_index = False, choices = "((None, 'Default'), ('host', 'Host'), ('bridged', 'Bridged'), ('noauto', 'No Automatic Networks'))"];
     optional string exposed_ports = 10 [db_index = False, max_length = 256, blank = True];
     optional manytoone creator->User:slices = 12:1004 [db_index = True];
     optional manytoone default_flavor->Flavor:slices = 13:1002 [db_index = True, blank = True];
     optional manytoone default_image->Image:slices = 14:1005 [db_index = True, blank = True];
     optional manytoone default_node->Node:slices = 15:1003 [db_index = True, blank = True];
     optional string mount_data_sets = 16 [default = "GenBank", max_length = 256, content_type = "stripped", blank = True, db_index = False];
     required string default_isolation = 17 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, db_index = False];
     optional manytoone trust_domain->TrustDomain:slices = 18:1002 [db_index = True, help_text = "Trust domain this slice resides in"];
     optional manytoone principal->Principal:slices = 19:1001 [db_index = True, help_text = "Principal this slice may use to interact with other components"];
     optional int32 controller_replica_count = 20 [default = 0, help_text = "Replica count, controller-dependent"];
     optional string controller_kind = 21 [max_length = 256, content_type = "stripped", blank = True, help_text = "Type of controller, vim-dependent", db_index = False];
}


policy tag_policy < ctx.user.is_admin >

message Tag::tag_policy (XOSBase) {
     required manytoone service->Service:tags = 1:1007 [help_text = "The Service this Tag is associated with", db_index = True, blank = False];
     required string name = 2 [help_text = "The name of this tag", max_length = 128, db_index = True, blank = False];
     required string value = 3 [max_length = 1024, content_type = "stripped", blank = False, help_text = "The value of this tag", db_index = False];
     required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this tag", db_index = False];
     required uint32 object_id = 5 [db_index = False, blank = False, help_text = "Object linked to this tag"];
}

message InterfaceType (XOSBase) {
     option description = "Defines an InterfaceType that may be used by Services to connect ServiceInstances";

     required string name = 1 [
         help_text = "Name of this interface type",
         content_type = "stripped",
         max_length = 200,
         unique_with = "direction"];
     required string direction = 2 [
         help_text = "Direction, either in or out",
         choices = "(('in', 'In'), ('out', 'Out'))",
         content_type = "stripped",
         max_length = 30];
}

message ServiceInterface (XOSBase) {
     option description = "Describes the type of connection attached to a ServiceInstanceLink";

     required manytoone service->Service:service_interfaces = 1:1008 [
         help_text = "Service that this ServiceInterface is associated with",
         db_index = True,
         tosca_key=True];
     required manytoone interface_type->InterfaceType:service_interfaces = 2:1001 [
         help_text = "Interface type that describes this interface",
         db_index = True,
         tosca_key=True];
}

message ServiceInstance (XOSBase, AttributeMixin) {
     option description = "A portion of a service broken up into a tenant-sized piece";
     option custom_python=True;

     optional string name = 1 [
         help_text = "Name of ServiceInstance",
         content_type = "stripped",
         max_length = 200];
     required manytoone owner->Service:service_instances = 2:1009 [
         help_text = "The Service that owns this ServiceInstance",
         db_index = True];
     optional string service_specific_id = 3 [
         help_text = "Service-specific identifier, opaque to the XOS core",
         content_type = "stripped",
         gui_hidden = True,
         max_length = 30];
     optional string service_specific_attribute = 10 [
         help_text = "Service-specific text attribute, opaque to the XOS core",
         gui_hidden = True,
         text = True];
     optional uint32 link_deleted_count = 11 [
         help_text = "Incremented each time a provided_link is deleted from this ServiceInstance",
         default = 0,
         gui_hidden = True];
     optional manytoone master_serviceinstance->ServiceInstance:child_serviceinstances = 12:1002 [
         help_text = "The master service instance that set this service instance up",
         gui_hidden = True];
}

message ServiceInstanceLink (XOSBase) {
     option description = "A link in a chain between two ServiceInstances";
     option custom_python=True;

     required manytoone provider_service_instance->ServiceInstance:provided_links = 1:1003 [
         help_text = "Eastbound serviceinstance of this link",
         db_index = True,
         tosca_key=True];
     optional manytoone provider_service_interface->ServiceInterface:provided_links = 2:1004 [
         help_text = "Interface descrption of the eastbound linkage point",
         db_index = True];
     optional manytoone subscriber_service_instance->ServiceInstance:subscribed_links = 3:1005 [
         help_text = "Westbound ServiceInstance of this link",
         db_index = True];
     optional manytoone subscriber_service->Service:subscribed_links = 4:1010 [
         help_text = "Interface description of the westbound linkage point",
         db_index = True,
         tosca_key_one_of = subscriber_service_instance];
     optional manytoone subscriber_network->Network:subscribed_links = 5:1004 [
         help_text = "Alternative to subscriber_service_instance, if a Network model is the subscriber instead of a ServiceInstance",
         db_index = True,
         tosca_key_one_of=subscriber_service_instance];
}

message ServiceInstanceAttribute (XOSBase) {
     option description = "A (key, value) attribute associated with a ServiceInstance";

     required string name = 1 [
         help_text = "Attribute Name",
         max_length = 128,
         unique_with = "service_instance"];
     required string value = 2 [
         help_text = "Attribute Value",
         text = True];
     required manytoone service_instance->ServiceInstance:service_instance_attributes = 3:1006 [
         help_text = "The Tenant this attribute is associated with",
         db_index = True];
}

message TrustDomain (XOSBase) {
     required string name = 1 [max_length = 256, db_index = True, blank = False, help_text = "Name of this trust domain"];
     required manytoone owner->Service:owned_trust_domains = 2:1011 [db_index = True, blank = False, help_text = "Service partioned by this trust domain"];
}

message XOSCore (XOSBase) {
     option singular="XOSCore";
     option plural="XOSCores";
     required string name = 1 [default = "XOS", max_length = 200, content_type = "stripped", blank = False, help_text = "Name of XOS", db_index = False, unique = True];
}

message XOSGuiExtension::admin_policy (XOSBase) {
     option verbose_name="XOS GUI Extension";
     option description="This model holds the instruction to load an extension in the GUI";
     // option no_sync = True;
     // option no_policy = True;

     required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the GUI Extensions", db_index = False, unique = True];
     required string files = 2 [max_length = 1024, content_type = "stripped", blank = False, help_text = "List of comma separated file composing the view", db_index = False];
}

message ServiceGraphConstraint (XOSBase) {
    option verbose_name="Graph Constraint";
    option description="Define the position of the nodes in the service graph";
    required string constraints = 1 [max_length = 1024, content_type = "stripped", help_text = "A composite array defining service positions in the graph, eg [volt, vsg, [address_manager, vrouter]]", tosca_key=True];
    optional int32 priority = 2 [help_text = "The priority of the constraint, the one with highest priority will be used", default=0];
}