| option app_label = "core"; |
| |
| // use thi policy to allow access to admins only |
| policy admin_policy < ctx.user.is_admin > |
| |
| message XOSBase { |
| option skip_init = True; |
| |
| required string created = 1 [content_type = "date", auto_now_add = True]; |
| required string updated = 2 [default = "now()", content_type = "date"]; |
| optional string enacted = 3 [null = True, content_type = "date", blank = True, default = None]; |
| optional string policed = 4 [null = True, content_type = "date", blank = True, default = None]; |
| optional string backend_register = 5 [default = "{}", max_length = 1024]; |
| required bool backend_need_delete = 6 [default = False, blank = True]; |
| required bool backend_need_reap = 7 [default = False, blank = True]; |
| required string backend_status = 8 [default = "Provisioning in progress", max_length = 1024, null = True]; |
| required int32 backend_code = 9 [default = 0]; |
| required bool deleted = 10 [default = False, blank = True]; |
| required bool write_protect = 12 [default = False, blank = True]; |
| required bool lazy_blocked = 13 [default = False, blank = True]; |
| required bool no_sync = 14 [default = False, blank = True]; |
| required bool no_policy = 15 [default = False, blank = True]; |
| optional string policy_status = 16 [default = "Policy in process", max_length = 1024]; |
| optional int32 policy_code = 16 [default = 0]; |
| required string leaf_model_name = 17 [null = False, max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"]; |
| required bool backend_need_delete_policy = 18 [default = False, help_text = "True if delete model_policy must be run before object can be reaped", blank = True]; |
| } |
| |
| // The calling user represents the user being accessed, or is a site admin. |
| policy user_policy < |
| ctx.user.is_admin |
| | ctx.user.id = obj.id |
| | (exists Privilege: |
| Privilege.accessor_id = ctx.user.id |
| & Privilege.accessor_type = "User" |
| & Privilege.permission = "role:admin" |
| & Privilege.object_type = "Site" |
| & Privilege.object_id = ctx.user.site.id) > |
| |
| message User::user_policy (AbstractBaseUser,PlModelMixIn) { |
| option skip_django = True; |
| option description = "An XOS User"; |
| |
| required string email = 1 [db_index = True, max_length = 255, null = False, blank = False, tosca_key=True]; |
| required string username = 2 [default = "Something", max_length = 255, content_type = "stripped", blank = False, null = False, db_index = False]; |
| required string password = 3 [default = "Something", max_length = 255, blank = False, null = False, db_index = False]; |
| optional string last_login = 4 [db_index = False, null = True, content_type = "date", blank = True]; |
| required string firstname = 5 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's given name", null = False, db_index = False]; |
| required string lastname = 6 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's surname", null = False, db_index = False]; |
| optional string phone = 7 [max_length = 100, content_type = "stripped", blank = True, help_text = "phone number contact", null = True, db_index = False]; |
| optional string user_url = 8 [db_index = False, max_length = 200, null = True, content_type = "url", blank = True]; |
| required manytoone site->Site:users = 9 [help_text = "Site this user will be homed too", null = False, db_index = True, blank = False]; |
| optional string public_key = 10 [help_text = "Public key string", max_length = 1024, null = True, db_index = False, blank = True, varchar = True]; |
| required bool is_active = 11 [default = True, null = False, db_index = False, blank = True]; |
| required bool is_admin = 12 [default = False, null = False, db_index = False, blank = True]; |
| required bool is_staff = 13 [default = True, null = False, db_index = False, blank = True]; |
| required bool is_readonly = 14 [default = False, null = False, db_index = False, blank = True]; |
| required bool is_registering = 15 [default = False, null = False, db_index = False, blank = True]; |
| required bool is_appuser = 16 [default = False, null = False, db_index = False, blank = True]; |
| optional string login_page = 17 [max_length = 200, content_type = "stripped", blank = True, help_text = "send this user to a specific page on login", null = True, db_index = False]; |
| required string created = 18 [db_index = False, null = False, content_type = "date", blank = True]; |
| required string updated = 19 [db_index = False, null = False, content_type = "date", blank = True]; |
| optional string enacted = 20 [db_index = False, null = True, content_type = "date", blank = False]; |
| optional string policed = 21 [db_index = False, null = True, content_type = "date", blank = False]; |
| required string backend_status = 22 [default = "Provisioning in progress", max_length = 1024, content_type = "stripped", blank = False, null = False, db_index = False]; |
| required int32 backend_code = 34 [default = 0]; |
| required bool backend_need_delete = 23 [default = False, null = False, db_index = False, blank = True]; |
| required bool backend_need_reap = 24 [default = False, null = False, db_index = False, blank = True]; |
| required bool deleted = 25 [default = False, null = False, db_index = False, blank = True]; |
| required bool write_protect = 26 [default = False, null = False, db_index = False, blank = True]; |
| required bool lazy_blocked = 27 [default = False, null = False, db_index = False, blank = True]; |
| required bool no_sync = 28 [default = False, null = False, db_index = False, blank = True]; |
| required bool no_policy = 29 [default = False, null = False, db_index = False, blank = True]; |
| required string timezone = 30 [default = "America/New_York", max_length = 100, blank = False, null = False, db_index = False]; |
| optional string policy_status = 32 [default = "0 - Policy in process", max_length = 1024]; |
| optional int32 policy_code = 35 [default = 0]; |
| required string leaf_model_name = 33 [null = False, max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"]; |
| } |
| |
| // A user may give a permission that he has to another user |
| policy grant_policy < ctx.user.is_admin |
| | exists Privilege:Privilege.object_type = obj.object_type |
| & Privilege.object_id = obj.object_id |
| & Privilege.accessor_type = "User" |
| & Privilege.accessor_id = ctx.user.id |
| & Privilege.permission = "role:admin" > |
| |
| message Privilege::grant_policy (XOSBase) { |
| required int32 accessor_id = 1 [null = False, blank=False]; |
| required string accessor_type = 2 [null = False, max_length=1024]; |
| required int32 controller_id = 3 [null = True]; |
| required int32 object_id = 4 [null = False, blank=False]; |
| required string object_type = 5 [null = False, max_length=1024]; |
| required string permission = 6 [null = False, default = "all", max_length=1024, tosca_key=True]; |
| required string granted = 7 [content_type = "date", auto_now_add = True, max_length=1024]; |
| required string expires = 8 [content_type = "date", null = True, max_length=1024]; |
| } |
| |
| message AddressPool (XOSBase) { |
| required string name = 1 [db_index = False, max_length = 32, null = False, blank = False]; |
| optional string addresses = 2 [db_index = False, null = True, blank = True, varchar = True]; |
| optional string gateway_ip = 3 [db_index = False, max_length = 32, null = True, blank = False]; |
| optional string gateway_mac = 4 [db_index = False, max_length = 32, null = True, blank = False]; |
| optional string cidr = 5 [db_index = False, max_length = 32, null = True, blank = False]; |
| optional string inuse = 6 [db_index = False, null = True, blank = True, varchar = True]; |
| optional manytoone service->Service:addresspools = 7 [db_index = True, null = True, blank = True]; |
| } |
| |
| // Admins at a deployment have access to controllers at those deployments |
| policy controller_policy |
| < ctx.user.is_admin |
| | exists Privilege: |
| Privilege.accessor_id = ctx.user.id |
| & Privilege.object_type = "Deployment" |
| & Privilege.permission = "role:admin" |
| & Privilege.object_id = obj.id > |
| |
| message Controller::controller_policy (XOSBase) { |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Controller", null = False, db_index = False]; |
| required string backend_type = 2 [max_length = 200, content_type = "stripped", blank = False, help_text = "Type of compute controller, e.g. EC2, OpenStack, or OpenStack version", null = False, db_index = False]; |
| required string version = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Controller version", null = False, db_index = False]; |
| optional string auth_url = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "Auth url for the compute controller", null = True, db_index = False]; |
| optional string admin_user = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Username of an admin user at this controller", null = True, db_index = False]; |
| optional string admin_password = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Password of theadmin user at this controller", null = True, db_index = False]; |
| optional string admin_tenant = 7 [max_length = 200, content_type = "stripped", blank = True, help_text = "Name of the tenant the admin user belongs to", null = True, db_index = False]; |
| optional string domain = 8 [max_length = 200, content_type = "stripped", blank = True, help_text = "Name of the domain this controller belongs to", null = True, db_index = False]; |
| optional string rabbit_host = 9 [max_length = 200, content_type = "stripped", blank = True, help_text = "IP address of rabbitmq server at this controller", null = True, db_index = False]; |
| optional string rabbit_user = 10 [max_length = 200, content_type = "stripped", blank = True, help_text = "Username of rabbitmq server at this controller", null = True, db_index = False]; |
| optional string rabbit_password = 11 [max_length = 200, content_type = "stripped", blank = True, help_text = "Password of rabbitmq server at this controller", null = True, db_index = False]; |
| required manytoone deployment->Deployment:controllerdeployments = 12 [db_index = True, null = False, blank = False]; |
| } |
| |
| message ControllerImages (XOSBase) { |
| required manytoone image->Image:controllerimages = 1 [db_index = True, null = False, blank = False, unique_with = "controller"]; |
| required manytoone controller->Controller:controllerimages = 2 [db_index = True, null = False, blank = False]; |
| optional string glance_image_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Glance image id", null = True, db_index = False]; |
| } |
| |
| // Everyone has read access |
| // For write access, you have to be a site_admin |
| |
| policy site_policy < |
| ctx.user.is_admin |
| | (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") > |
| |
| // If you can access (read or write) the site, you can also access its slices |
| // Otherwise, you need an explicit privilege on the Slice (admin for write access) |
| // or admin privilege on the associated site. |
| policy slice_policy < |
| ctx.user.is_admin |
| | (*site_policy(site) |
| & (ctx.user = obj.creator |
| | (exists Privilege: |
| Privilege.accessor_id = ctx.user.id |
| & Privilege.accessor_type = "User" |
| & Privilege.object_type = "Slice" |
| & Privilege.object_id = obj.id |
| & (ctx.write_access -> Privilege.permission = "role:admin")) |
| ) |
| | |
| (exists Privilege: |
| Privilege.accessor_id = ctx.user.id |
| & Privilege.accessor_type = "User" |
| & Privilege.object_type = "Slice" |
| & Privilege.object_id = obj.id) |
| | (exists Privilege: |
| Privilege.accessor_id = ctx.user.id |
| & Privilege.accessor_type = "User" |
| & Privilege.object_type = "Site" |
| & Privilege.object_id = obj.site.id |
| & Privilege.permission = "role:admin") |
| ) > |
| |
| policy controller_network_policy < |
| ctx.user.is_admin |
| | *slice_policy(network.owner) > |
| |
| |
| message ControllerNetwork::controller_network_policy (XOSBase) { |
| required manytoone network->Network:controllernetworks = 1 [db_index = True, null = False, blank = False, unique_with = "controller"]; |
| required manytoone controller->Controller:controllernetworks = 2 [db_index = True, null = False, blank = False]; |
| required string subnet = 3 [db_index = False, max_length = 32, null = False, blank = True]; |
| required string start_ip = 4 [db_index = False, max_length = 32, null = False, blank = True]; |
| required string stop_ip = 5 [db_index = False, max_length = 32, null = False, blank = True]; |
| optional string net_id = 6 [help_text = "Neutron network", max_length = 256, null = True, db_index = False, blank = True]; |
| optional string router_id = 7 [help_text = "Neutron router id", max_length = 256, null = True, db_index = False, blank = True]; |
| optional string subnet_id = 8 [help_text = "Neutron subnet id", max_length = 256, null = True, db_index = False, blank = True]; |
| optional string gateway = 9 [db_index = False, max_length = 32, null = True, blank = True]; |
| optional string segmentation_id = 10 [db_index = False, max_length = 32, null = True, blank = True]; |
| } |
| |
| |
| message ControllerRole (XOSBase) { |
| required string role = 1 [choices = "(('admin', 'Admin'),)", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False]; |
| } |
| |
| |
| message ControllerSite (XOSBase) { |
| required manytoone site->Site:controllersite = 1 [db_index = True, null = False, blank = False, unique_with="controller", tosca_key = True]; |
| optional manytoone controller->Controller:controllersite = 2 [db_index = True, null = True, blank = True, tosca_key = True]; |
| optional string tenant_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone tenant id", null = True, db_index = True]; |
| } |
| |
| message ControllerPrivilege (XOSBase) { |
| required manytoone controller->Controller:controllerprivileges = 1 [db_index = True, null = False, blank = False]; |
| required manytoone privilege->Privilege:controllerprivileges = 2 [db_index = True, null = False, blank = False]; |
| optional string role_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone id", null = True, db_index = True]; |
| } |
| |
| message ControllerSitePrivilege (XOSBase) { |
| required manytoone controller->Controller:controllersiteprivileges = 1 [db_index = True, null = False, blank = False, unique_with = "site_privilege"]; |
| required manytoone site_privilege->SitePrivilege:controllersiteprivileges = 2 [db_index = True, null = False, blank = False, unique_with = "role_id"]; |
| optional string role_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone id", null = True, db_index = True]; |
| } |
| |
| policy controller_slice_policy < |
| ctx.user.is_admin |
| | *slice_policy(slice) > |
| |
| message ControllerSlice::controller_slice_policy (XOSBase) { |
| required manytoone controller->Controller:controllerslices = 1 [db_index = True, null = False, blank = False, unique_with = "slice"]; |
| required manytoone slice->Slice:controllerslices = 2 [db_index = True, null = False, blank = False]; |
| optional string tenant_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone tenant id", null = True, db_index = False]; |
| } |
| |
| |
| message ControllerSlicePrivilege (XOSBase) { |
| required manytoone controller->Controller:controllersliceprivileges = 1 [db_index = True, null = False, blank = False, unique_with = "slice_privilege"]; |
| required manytoone slice_privilege->SlicePrivilege:controllersliceprivileges = 2 [db_index = True, null = False, blank = False]; |
| optional string role_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone id", null = True, db_index = True]; |
| } |
| |
| policy controller_user_policy < |
| ctx.user.is_admin |
| | (ctx.read_access & *user_policy(user)) > |
| |
| message ControllerUser::controller_user_policy (XOSBase) { |
| required manytoone user->User:controllerusers = 1 [db_index = True, null = False, blank = False]; |
| required manytoone controller->Controller:controllersusers = 2 [db_index = True, null = False, blank = False, unique_with = "user"]; |
| optional string kuser_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone user id", null = True, db_index = False]; |
| } |
| |
| // Everyone has read access |
| // For write access you need admin privileges at that deployment |
| policy deployment_policy < |
| ctx.user.is_admin |
| | (ctx.write_access -> exists Privilege: Privilege.object_type = "Deployment" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") > |
| |
| message Deployment::deployment_policy (XOSBase) { |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Deployment", null = False, db_index = False]; |
| required string accessControl = 2 [default = "allow all", max_length = 200, blank = False, help_text = "Access control list that specifies which sites/users may use nodes in this deployment", null = False, db_index = False, varchar = True]; |
| } |
| |
| |
| message DeploymentPrivilege (XOSBase) { |
| required manytoone user->User:deploymentprivileges = 1 [db_index = True, null = False, blank = False, unique_with="deployment"]; |
| required manytoone deployment->Deployment:deploymentprivileges = 2 [db_index = True, null = False, blank = False, unique_with="role"]; |
| required manytoone role->DeploymentRole:deploymentprivileges = 3 [db_index = True, null = False, blank = False]; |
| } |
| |
| |
| message DeploymentRole (XOSBase) { |
| required string role = 1 [choices = "(('admin', 'Admin'),)", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False, tosca_key=True]; |
| } |
| |
| |
| message Diag (XOSBase) { |
| option gui_hidden = True; |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the synchronizer", null = False, db_index = False]; |
| } |
| |
| |
| message Flavor (XOSBase) { |
| required string name = 1 [max_length = 32, content_type = "stripped", blank = False, help_text = "name of this flavor, as displayed to users", null = False, db_index = False]; |
| optional string description = 2 [db_index = False, max_length = 1024, null = True, content_type = "stripped", blank = True]; |
| required string flavor = 3 [max_length = 32, content_type = "stripped", blank = False, help_text = "flavor string used to configure deployments", null = False, db_index = False]; |
| } |
| |
| |
| message Image (XOSBase) { |
| required string name = 1 [db_index = False, max_length = 256, null = False, content_type = "stripped", blank = False]; |
| required string kind = 2 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'))", max_length = 30, blank = False, null = False, db_index = False]; |
| required string disk_format = 3 [db_index = False, max_length = 256, null = False, content_type = "stripped", blank = False]; |
| required string container_format = 4 [db_index = False, max_length = 256, null = False, content_type = "stripped", blank = False]; |
| optional string path = 5 [max_length = 256, content_type = "stripped", blank = True, help_text = "Path to image on local disk", null = True, db_index = False]; |
| optional string tag = 6 [max_length = 256, content_type = "stripped", blank = True, help_text = "For Docker Images, tag of image", null = True, db_index = False]; |
| } |
| |
| policy image_deployment_policy < |
| *deployment_policy(deployment) |
| > |
| |
| message ImageDeployments (XOSBase) { |
| required manytoone image->Image:imagedeployments = 1 [db_index = True, null = False, blank = False, unique_with = "deployment"]; |
| required manytoone deployment->Deployment:imagedeployments = 2 [db_index = True, null = False, blank = False]; |
| } |
| |
| policy instance_creator < obj.creator > |
| policy instance_isolation < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") > |
| policy instance_isolation_container_vm_parent < (obj.isolation = "container_vm") -> obj.parent > |
| policy instance_parent_isolation_container_vm < obj.parent -> ( obj.isolation = "container_vm" ) > |
| policy instance_isolation_vm < (obj.isolation = "vm") -> (obj.image.kind = "vm") > |
| policy instance_creator_privilege < not (obj.slice.creator = obj.creator) -> exists Privilege:Privilege.object_id = obj.slice.id & Privilege.accessor_id = obj.creator.id & Privilege.object_type = "Slice" > |
| |
| policy instance_policy < *slice_policy(slice) > |
| |
| message Instance::instance_policy (XOSBase) { |
| option validators = "instance_creator:Instance has no creator, instance_isolation: Container instance {obj.name} must use container image, instance_isolation_container_vm_parent:Container-vm instance {obj.name} must have a parent, instance_parent_isolation_container_vm:Parent field can only be set on Container-vm instances ({obj.name}), instance_isolation_vm: VM Instance {obj.name} must use VM image, instance_creator_privilege: instance creator has no privileges on slice"; |
| optional string instance_id = 1 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance id", null = True, db_index = False]; |
| optional string instance_uuid = 2 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance uuid", null = True, db_index = False]; |
| required string name = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Instance name", null = False, db_index = False]; |
| optional string instance_name = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "OpenStack generated name", null = True, db_index = False]; |
| optional string ip = 5 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False, gui_hidden = True]; |
| required manytoone image->Image:instances = 6 [db_index = True, null = False, blank = False]; |
| optional manytoone creator->User:instances = 7 [db_index = True, null = True, blank = True]; |
| required manytoone slice->Slice:instances = 8 [db_index = True, null = False, blank = False]; |
| required manytoone deployment->Deployment:instance_deployment = 9 [db_index = True, null = False, blank = False]; |
| required manytoone node->Node:instances = 10 [db_index = True, null = False, blank = False]; |
| required int32 numberCores = 11 [help_text = "Number of cores for instance", default = 0, null = False, db_index = False, blank = False]; |
| required manytoone flavor->Flavor:instance = 12 [help_text = "Flavor of this instance", null = False, db_index = True, blank = False]; |
| optional string userData = 13 [help_text = "user_data passed to instance during creation", null = True, db_index = False, blank = True, varchar = True]; |
| required string isolation = 14 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False]; |
| optional string volumes = 15 [help_text = "Comma-separated list of directories to expose to parent context", null = True, db_index = False, blank = True]; |
| optional manytoone parent->Instance:instance = 16 [help_text = "Parent Instance for containers nested inside of VMs", null = True, db_index = True, blank = True]; |
| } |
| |
| |
| policy network_policy < *slice_policy(owner) > |
| |
| message Network::network_policy (XOSBase) { |
| required string name = 1 [db_index = False, max_length = 32, null = False, blank = False]; |
| required manytoone template->NetworkTemplate:network = 2 [db_index = True, null = False, blank = False]; |
| required string subnet = 3 [db_index = False, max_length = 32, null = False, blank = True]; |
| required string start_ip = 4 [db_index = False, max_length = 32, null = False, blank = True]; |
| required string end_ip = 5 [db_index = False, max_length = 32, null = False, blank = True]; |
| optional string ports = 6 [db_index = False, max_length = 1024, null = True, blank = True]; |
| optional string labels = 7 [db_index = False, max_length = 1024, null = True, blank = True]; |
| required manytoone owner->Slice:ownedNetworks = 8 [help_text = "Slice that owns control of this Network", null = False, db_index = True, blank = False]; |
| required bool permit_all_slices = 10 [default = False, null = False, db_index = False, blank = True]; |
| required bool autoconnect = 17 [help_text = "This network can be autoconnected to the slice that owns it", default = True, null = False, db_index = False, blank = True]; |
| required manytomany permitted_slices->Slice/Network_permitted_slices:availableNetworks = 18 [db_index = False, null = False, blank = True]; |
| required manytomany slices->Slice/NetworkSlice:networks = 19 [db_index = False, null = False, blank = True]; |
| required manytomany instances->Instance/Port:networks = 20 [db_index = False, null = False, blank = True]; |
| } |
| |
| |
| message NetworkParameter (XOSBase) { |
| required manytoone parameter->NetworkParameterType:networkparameters = 1 [help_text = "The type of the parameter", null = False, db_index = True, blank = False]; |
| required string value = 2 [help_text = "The value of this parameter", max_length = 1024, null = False, db_index = False, blank = False]; |
| required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this network parameter", null = False, db_index = False]; |
| required uint32 object_id = 4 [db_index = False, null = False, blank = False, help_text = "Object linked to this NetworkParameter"]; |
| } |
| |
| |
| message NetworkParameterType (XOSBase) { |
| required string name = 1 [help_text = "The name of this parameter", max_length = 128, null = False, db_index = True, blank = False]; |
| required string description = 2 [db_index = False, max_length = 1024, null = False, blank = False]; |
| } |
| |
| policy network_slice_validator < (obj.slice in obj.network.permitted_slices.all()) | (obj.slice = obj.network.owner) | obj.network.permit_all_slices > |
| policy network_slice_policy < *slice_policy(slice) & *network_policy(network) > |
| |
| message NetworkSlice::network_slice_policy (XOSBase) { |
| option validators = "network_slice_validator:Slice {obj.slice.name} is not allowed to connect to networks {obj.network}"; |
| required manytoone network->Network:networkslices = 1 [db_index = True, null = False, blank = False, unique_with = "slice", tosca_key=True]; |
| required manytoone slice->Slice:networkslices = 2 [db_index = True, null = False, blank = False, tosca_key=True]; |
| } |
| |
| message NetworkTemplate (XOSBase) { |
| required string name = 1 [db_index = False, max_length = 32, null = False, blank = False]; |
| optional string description = 2 [db_index = False, max_length = 1024, null = True, blank = True]; |
| required string visibility = 4 [default = "private", choices = "(('public', 'public'), ('private', 'private'))", max_length = 30, blank = False, null = False, db_index = False]; |
| required string translation = 5 [default = "none", choices = "(('none', 'none'), ('NAT', 'NAT'))", max_length = 30, blank = False, null = False, db_index = False]; |
| optional string access = 6 [choices = "((None, 'None'), ('indirect', 'Indirect'), ('direct', 'Direct'))", max_length = 30, blank = True, help_text = "Advertise this network as a means for other slices to contact this slice", null = True, db_index = False]; |
| optional string shared_network_name = 7 [db_index = False, max_length = 30, null = True, blank = True]; |
| optional string shared_network_id = 8 [help_text = "Quantum network", max_length = 256, null = True, db_index = False, blank = True]; |
| required string topology_kind = 9 [default = "bigswitch", choices = "(('bigswitch', 'BigSwitch'), ('physical', 'Physical'), ('custom', 'Custom'))", max_length = 30, blank = False, null = False, db_index = False]; |
| optional string controller_kind = 10 [blank = True, max_length = 30, null = True, db_index = False, choices = "((None, 'None'), ('onos', 'ONOS'), ('custom', 'Custom'))"]; |
| optional string vtn_kind = 11 [default = "PRIVATE", choices = "(('PRIVATE', 'Private'), ('PUBLIC', 'Public'), ('MANAGEMENT_LOCAL', 'Management Local'), ('MANAGEMENT_HOST', 'Management Host'), ('VSG', 'VSG'), ('ACCESS_AGENT', 'Access Agent'))", max_length = 30, blank = True, null = True, db_index = False]; |
| } |
| |
| policy node_policy < *site_policy(site_deployment.site) > |
| |
| message Node::node_policy (XOSBase) { |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Node", null = False, db_index = False]; |
| required manytoone site_deployment->SiteDeployment:nodes = 2 [db_index = True, null = False, blank = False]; |
| required string bridgeId = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Bridge Id", null = False, db_index = False]; |
| required string dataPlaneIntf = 4 [max_length = 200, content_type = "stripped", blank = False, help_text = "Dataplane Interface", null = False, db_index = False]; |
| required string dataPlaneIp = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Ip", null = True, db_index = False]; |
| required string hostManagementIface = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Host Management Interface", null = True, db_index = False]; |
| } |
| message NodeLabel (XOSBase) { |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "label name", null = False, db_index = False]; |
| required manytomany node->Node/NodeLabel_node:nodelabels = 2 [db_index = False, null = False, blank = True]; |
| } |
| |
| policy port_validator < (obj.instance.slice in obj.network.permitted_slices.all()) | (obj.instance.slice = obj.network.owner) | obj.network.permit_all_slices > |
| policy port_policy < *instance_policy(instance) & *network_policy(network) > |
| |
| message Port::port_policy (XOSBase) { |
| option validators = "port_validator:Slice is not allowed to connect to network"; |
| required manytoone network->Network:links = 1 [db_index = True, null = False, blank = False, unique_with = "instance"]; |
| optional manytoone instance->Instance:ports = 2 [db_index = True, null = True, blank = True]; |
| optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False]; |
| optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, null = True, db_index = False, blank = True]; |
| optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, null = True, db_index = False, blank = True]; |
| required bool xos_created = 6 [default = False, null = False, db_index = False, blank = True]; |
| } |
| |
| |
| message Role (XOSBase) { |
| required string role_type = 1 [db_index = False, max_length = 80, null = False, content_type = "stripped", blank = False]; |
| optional string role = 2 [db_index = False, max_length = 80, null = True, content_type = "stripped", blank = True]; |
| required string description = 3 [db_index = False, max_length = 120, null = False, content_type = "stripped", blank = False]; |
| } |
| |
| policy service_policy <ctx.user.is_admin | exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Service" & Privilege.object_id = obj.id > |
| |
| message Service (XOSBase,AttributeMixin) { |
| optional string description = 1 [help_text = "Description of Service", max_length = 254, null = True, db_index = False, blank = True, varchar = True]; |
| required bool enabled = 2 [default = True, null = False, db_index = False, blank = True]; |
| required string kind = 3 [default = "generic", max_length = 30, content_type = "stripped", blank = False, help_text = "Kind of service", null = False, db_index = False, choices="(('generic', 'Generic'), ('data', 'Data Plane'), ('control', 'Control Plane'))"]; |
| required string name = 4 [max_length = 30, content_type = "stripped", blank = False, help_text = "Service Name", null = False, db_index = False]; |
| optional string versionNumber = 5 [max_length = 30, content_type = "stripped", blank = True, help_text = "Version of Service Definition", null = True, db_index = False]; |
| required bool published = 6 [default = True, null = False, db_index = False, blank = True]; |
| optional string view_url = 7 [db_index = False, max_length = 1024, null = True, content_type = "stripped", blank = True]; |
| optional string icon_url = 8 [db_index = False, max_length = 1024, null = True, content_type = "stripped", blank = True]; |
| optional string public_key = 9 [help_text = "Public key string", max_length = 4096, null = True, db_index = False, blank = True, varchar = True]; |
| optional string private_key_fn = 10 [db_index = False, max_length = 4096, null = True, content_type = "stripped", blank = True]; |
| optional string service_specific_id = 11 [db_index = False, max_length = 30, null = True, content_type = "stripped", blank = True]; |
| optional string service_specific_attribute = 12 [db_index = False, null = True, blank = True, varchar = True]; |
| } |
| |
| |
| message ServiceAttribute (XOSBase) { |
| required string name = 1 [help_text = "Attribute Name", max_length = 128, null = False, db_index = False, blank = False]; |
| required string value = 2 [help_text = "Attribute Value", null = False, db_index = False, blank = False, varchar = True]; |
| required manytoone service->Service:serviceattributes = 3 [help_text = "The Service this attribute is associated with", null = False, db_index = True, blank = False]; |
| } |
| |
| |
| message ServiceDependency (XOSBase) { |
| required manytoone provider_service->Service:provided_dependencies = 1 [help_text = "The service that provides this dependency", null=False, db_index = True, blank=False, tosca_key=True]; |
| required manytoone subscriber_service->Service:subscribed_dependencies = 2 [help_text = "The services that subscribes to this dependency", null=False, db_index=True, blank=False, tosca_key=True]; |
| required string connect_method = 3 [max_length = 30, help_text = "method to connect the two services", null=False, blank=False, default="none", choices = "(('none', 'None'), ('private', 'Private'), ('public', 'Public'))"]; |
| } |
| |
| |
| message ServiceMonitoringAgentInfo (XOSBase) { |
| required string name = 1 [help_text = "Monitoring Agent Name", max_length = 128, null = False, db_index = False, blank = False]; |
| optional manytoone service->Service:servicemonitoringagents = 2 [help_text = "The Service this attribute is associated with", null = True, db_index = True, blank = True]; |
| required string target_uri = 3 [help_text = "Monitoring collector URI to be used by agents to publish the data", null = False, db_index = False, blank = False, varchar = True]; |
| } |
| |
| |
| message ServicePrivilege (XOSBase) { |
| required manytoone user->User:serviceprivileges = 1 [db_index = True, null = False, blank = False, unique_with = "service"]; |
| required manytoone service->Service:serviceprivileges = 2 [db_index = True, null = False, blank = False, unique_with = "role"]; |
| required manytoone role->ServiceRole:serviceprivileges = 3 [db_index = True, null = False, blank = False]; |
| } |
| |
| |
| message ServiceRole (XOSBase) { |
| required string role = 1 [choices = "(('admin', 'Admin'),)", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False]; |
| } |
| |
| |
| |
| message Site::site_policy (XOSBase) { |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name for this Site", null = False, db_index = False]; |
| optional string site_url = 2 [max_length = 512, content_type = "url", blank = True, help_text = "Site's Home URL Page", null = True, db_index = False]; |
| required bool enabled = 3 [help_text = "Status for this Site", default = True, null = False, db_index = False, blank = True]; |
| required bool hosts_nodes = 4 [help_text = "Indicates whether or not the site host nodes", default = True, null = False, db_index = False, blank = True]; |
| required bool hosts_users = 5 [help_text = "Indicates whether or not the site manages user accounts", default = True, null = False, db_index = False, blank = True]; |
| optional float longitude = 6 [db_index = False, null = True, blank = True]; |
| optional float latitude = 7 [db_index = False, null = True, blank = True]; |
| required string login_base = 8 [max_length = 50, content_type = "stripped", blank = False, help_text = "Prefix for Slices associated with this Site", null = False, db_index = False]; |
| required bool is_public = 9 [help_text = "Indicates the visibility of this site to other members", default = True, null = False, db_index = False, blank = True]; |
| required string abbreviated_name = 10 [db_index = False, max_length = 80, null = False, content_type = "stripped", blank = False]; |
| required manytomany deployments->Deployment/SiteDeployment:sites = 11 [help_text = "Select which sites are allowed to host nodes in this deployment", null = False, db_index = False, blank = True]; |
| } |
| |
| |
| message SiteDeployment (XOSBase) { |
| required manytoone site->Site:sitedeployments = 1 [db_index = True, null = False, blank = False, unique_with = "deployment", tosca_key=True]; |
| required manytoone deployment->Deployment:sitedeployments = 2 [db_index = True, null = False, blank = False, unique_with = "controller", tosca_key=True]; |
| optional manytoone controller->Controller:sitedeployments = 3 [db_index = True, null = True, blank = True]; |
| optional string availability_zone = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "OpenStack availability zone", null = True, db_index = False]; |
| } |
| |
| |
| message SitePrivilege (XOSBase) { |
| required manytoone user->User:siteprivileges = 1 [db_index = True, null = False, blank = False]; |
| required manytoone site->Site:siteprivileges = 2 [db_index = True, null = False, blank = False, tosca_key=True]; |
| required manytoone role->SiteRole:siteprivileges = 3 [db_index = True, null = False, blank = False, tosca_key=True]; |
| } |
| |
| |
| message SiteRole (XOSBase) { |
| required string role = 1 [choices = "(('admin', 'Admin'), ('pi', 'PI'), ('tech', 'Tech'), ('billing', 'Billing'))", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False, tosca_key=True]; |
| } |
| |
| policy slice_name < obj.id | {{ obj.name.startswith(obj.site.login_base) }} > |
| policy slice_name_length_and_no_spaces < {{ len(obj.site.login_base) + 1 < len(obj.name) and ' ' not in obj.name }} > |
| policy slice_has_creator < obj.creator > |
| |
| |
| |
| message Slice::slice_policy (XOSBase) { |
| option validators = "slice_name:Slice name ({obj.name}) must begin with site login_base ({obj.site.login_base}), slice_name_length_and_no_spaces:Slice name too short or contains spaces, slice_has_creator:Slice has no creator"; |
| option plural = "Slices"; |
| |
| required string name = 1 [max_length = 80, content_type = "stripped", blank = False, help_text = "The Name of the Slice", null = False, db_index = False]; |
| required bool enabled = 2 [help_text = "Status for this Slice", default = True, null = False, db_index = False, blank = True]; |
| required string description = 4 [help_text = "High level description of the slice and expected activities", max_length = 1024, null = False, db_index = False, blank = True, varchar = True]; |
| required string slice_url = 5 [db_index = False, max_length = 512, null = False, content_type = "url", blank = True]; |
| required manytoone site->Site:slices = 6 [help_text = "The Site this Slice belongs to", null = False, db_index = True, blank = False]; |
| required int32 max_instances = 7 [default = 10, null = False, db_index = False, blank = False]; |
| optional manytoone service->Service:slices = 8 [db_index = True, null = True, blank = True]; |
| optional string network = 9 [blank = True, max_length = 256, null = True, db_index = False, choices = "((None, 'Default'), ('host', 'Host'), ('bridged', 'Bridged'), ('noauto', 'No Automatic Networks'))"]; |
| optional string exposed_ports = 10 [db_index = False, max_length = 256, null = True, blank = True]; |
| optional manytoone creator->User:slices = 12 [db_index = True, null = False, blank = False]; |
| optional manytoone default_flavor->Flavor:slices = 13 [db_index = True, null = True, blank = True]; |
| optional manytoone default_image->Image:slices = 14 [db_index = True, null = True, blank = True]; |
| optional manytoone default_node->Node:slices = 15 [db_index = True, null = True, blank = True]; |
| optional string mount_data_sets = 16 [default = "GenBank", max_length = 256, content_type = "stripped", blank = True, null = True, db_index = False]; |
| required string default_isolation = 17 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False]; |
| } |
| |
| |
| message SlicePrivilege (XOSBase) { |
| required manytoone user->User:sliceprivileges = 1 [db_index = True, null = False, blank = False, unique_with = "slice"]; |
| required manytoone slice->Slice:sliceprivileges = 2 [db_index = True, null = False, blank = False, unique_with = "role"]; |
| required manytoone role->SliceRole:sliceprivileges = 3 [db_index = True, null = False, blank = False]; |
| } |
| |
| |
| message SliceRole (XOSBase) { |
| required string role = 1 [choices = "(('admin', 'Admin'), ('default', 'Default'))", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False, tosca_key=True]; |
| } |
| |
| policy tag_policy < ctx.user.is_admin > |
| |
| message Tag::tag_policy (XOSBase) { |
| required manytoone service->Service:tags = 1 [help_text = "The Service this Tag is associated with", null = False, db_index = True, blank = False]; |
| required string name = 2 [help_text = "The name of this tag", max_length = 128, null = False, db_index = True, blank = False]; |
| required string value = 3 [max_length = 1024, content_type = "stripped", blank = False, help_text = "The value of this tag", null = False, db_index = False]; |
| required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this tag", null = False, db_index = False]; |
| required uint32 object_id = 5 [db_index = False, null = False, blank = False, help_text = "Object linked to this tag"]; |
| } |
| |
| message InterfaceType (XOSBase) { |
| required string name = 1 [db_index = False, max_length = 200, null = False, content_type = "stripped", blank = False]; |
| required string direction = 2 [db_index = False, max_length = 30, null = False, content_type = "stripped", blank = False, choices = "(('in', 'In'), ('out', 'Out'))"]; |
| } |
| |
| message ServiceInterface (XOSBase) { |
| required manytoone service->Service:service_interfaces = 1 [db_index = True, null = False, blank = False, tosca_key=True]; |
| required manytoone interface_type->InterfaceType:service_interfaces = 2 [db_index = True, null = False, blank = False, tosca_key=True]; |
| } |
| |
| message ServiceInstance (XOSBase, AttributeMixin) { |
| optional string name = 1 [db_index = False, max_length = 200, null = True, content_type = "stripped", blank = True]; |
| required manytoone owner->Service:service_instances = 2 [db_index = True, null = False, blank = False]; |
| optional string service_specific_id = 3 [db_index = False, max_length = 30, null = True, content_type = "stripped", blank = True]; |
| optional string service_specific_attribute = 10 [db_index = False, null = True, blank = True, varchar = True]; |
| optional uint32 link_deleted_count = 11 [default = 0, help_text = "Incremented each time a provided_link is deleted from this ServiceInstance"]; |
| optional manytoone master_serviceinstance->ServiceInstance:child_serviceinstances = 12 [help_text = "The master service instance that set this service instance up"]; |
| } |
| |
| message ServiceInstanceLink (XOSBase) { |
| required manytoone provider_service_instance->ServiceInstance:provided_links = 1 [db_index = True, null = False, blank = False, tosca_key=True]; |
| optional manytoone provider_service_interface->ServiceInterface:provided_links = 2 [db_index = True, null = True, blank = True]; |
| optional manytoone subscriber_service_instance->ServiceInstance:subscribed_links = 3 [db_index = True, null = True, blank = True]; |
| optional manytoone subscriber_service->Service:subscribed_links = 4 [db_index = True, null = True, blank = True, tosca_key_one_of=subscriber_service_instance]; |
| optional manytoone subscriber_network->Network:subscribed_links = 5 [db_index = True, null = True, blank = True, tosca_key_one_of=subscriber_service_instance]; |
| } |
| |
| message ServiceInstanceAttribute (XOSBase) { |
| required string name = 1 [help_text = "Attribute Name", max_length = 128, null = False, db_index = False, blank = False]; |
| required string value = 2 [help_text = "Attribute Value", null = False, db_index = False, blank = False]; |
| required manytoone service_instance->ServiceInstance:service_instance_attributes = 3 [help_text = "The Tenant this attribute is associated with", null = False, db_index = True, blank = False]; |
| } |
| |
| message TenantWithContainer (ServiceInstance) { |
| optional manytoone instance->Instance:+ = 1 [help_text = "Instance used by this Tenant", null = True, db_index = True, blank = True]; |
| optional manytoone creator->User:+ = 2 [help_text = "Creator of this Tenant", null = True, db_index = True, blank = True]; |
| optional string external_hostname = 3 [max_length = 30, content_type = "stripped", blank = True, help_text = "External host name", null = True, db_index = False]; |
| optional string external_container = 4 [max_length = 30, content_type = "stripped", blank = True, help_text = "External host name", null = True, db_index = False]; |
| optional string node_label = 5 [max_length = 30, content_type = "stripped", blank = True, help_text = "Node constraint", null = True, db_index = False]; |
| } |
| |
| message XOS (XOSBase) { |
| option singular="XOS"; |
| option plural="XOSes"; |
| required string name = 1 [default = "XOS", max_length = 200, content_type = "stripped", blank = False, help_text = "Name of XOS", null = False, db_index = False]; |
| } |
| |
| message XOSGuiExtension::admin_policy (XOSBase) { |
| option verbose_name="XOS GUI Extension"; |
| option description="This model holds the instruction to load an extension in the GUI"; |
| // option no_sync = True; |
| // option no_policy = True; |
| |
| required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the GUI Extensions", null = False, db_index = False]; |
| required string files = 2 [max_length = 1024, content_type = "stripped", blank = False, help_text = "List of comma separated file composing the view", null = False, db_index = False]; |
| } |
| |
| message ServiceGraphConstraint (XOSBase) { |
| option verbose_name="Graph Constraint"; |
| option description="Define the position of the nodes in the service graph"; |
| required string constraints = 1 [max_length = 1024, content_type = "stripped", blank = True, help_text = "A composite array defining positions, eg [volt, vsg, [address_manager, vrouter]]", null = False, tosca_key=True]; |
| } |
| |