🪐
OpenStack 源码分析之 Neutron
  • 前言
  • 整体结构
  • bin
  • doc
  • etc
    • init.d/
    • neutron/
    • api-paste.ini
    • dhcp_agent.ini
    • fwaas_driver.ini
    • l3_agent.ini
    • lbaas_agent.ini
    • metadata_agent.ini
    • metering_agent.ini
    • vpn_agent.ini
    • neutron.conf
    • policy.json
    • rootwrap.conf
    • services.conf
  • neutron
    • agent
      • common/
      • linux/
      • metadata/
      • dhcp_agent.py
      • firewall.py
      • l2population_rpc.py
      • l3_agent.py
      • l3_ha_agent.py
      • netns_cleanup_util.py
      • ovs_cleanup_util.py
      • rpc.py
      • securitygroups_rpc.py
    • api
      • rpc
      • v2
      • views
      • api_common.py
      • extensions.py
      • versions.py
    • cmd
    • common
      • config.py
      • constants.py
      • exceptions.py
      • ipv6_utils.py
      • log.py
      • rpc.py
      • test_lib.py
      • topics.py
      • utils.py
    • db
      • agents_db.py
      • agentschedulers_db.py
      • api.py
      • common_db_mixin.py
      • db_base_plugin_v2.py
      • migration
      • model_base.py
      • models_v2.py
      • securitygroups_rpc_base.py
      • sqlalchemyutils.py
      • 扩展资源和操作类
        • allowedaddresspairs_db.py
        • dvr_mac_db.py
        • external_net_db.py
        • extradhcpopt_db.py
        • extraroute_db.py
        • firewall
        • l3_agentschedulers_db.py
        • l3_attrs_db.py
        • l3_db.py
        • l3_dvr_db.py
        • l3_dvrscheduler_db.py
        • l3_gwmode_db.py
        • l3_hamode_db.py
        • l3_hascheduler_db.py
        • loadbalancer
        • metering
        • portbindings_base.py
        • portbindings_db.py
        • portsecurity_db.py
        • quota_db.py
        • routedserviceinsertion_db.py
        • routerservicetype_db.py
        • securitygroups_db.py
        • servicetype_db.py
        • vpn
    • debug
      • commands.py
      • debug_agent.py
      • shell.py
    • extensions
      • agent.py
      • allowedaddresspairs.py
      • dhcpagentscheduler.py
      • dvr.py
      • external_net.py
      • extraroute.py
      • extra_dhcp_opt.py
      • firewall.py
      • flavor.py
      • l3.py
      • l3agentscheduler.py
      • l3_ext_gw_mode.py
      • l3_ext_ha_mode.py
      • lbaas_agentscheduler.py
      • loadbalancer.py
      • metering.py
      • multiprovidernet.py
      • portbindings.py
      • portsecurity.py
      • providernet.py
      • quotasv2.py
      • routedserviceinsertion.py
      • routerservicetype.py
      • securitygroup.py
      • servicetype.py
      • vpnaas.py
      • init.py
    • hacking
      • checks.py
      • init.py
    • locale
    • notifiers
      • nova.py
      • init.py
    • openstack
      • common
        • cache
        • context.py
        • eventlet_backdoor.py
        • fileutils.py
        • fixture
        • local.py
        • lockutils.py
        • log.py
        • loopingcall.py
        • middleware
        • periodic_task.py
        • policy.py
        • processutils.py
        • service.py
        • systemd.py
        • threadgroup.py
        • uuidutils.py
        • versionutils.py
        • _i18n.py
    • plugins
      • bigswitch
        • agent
        • config.py
        • db
        • extensions
        • l3_router_plugin.py
        • plugin.py
        • routerrule_db.py
        • servermanager.py
        • tests
        • vcsversion.py
        • version.py
        • init.py
      • brocade
        • db
        • NeutronPlugin.py
        • nos
        • tests
        • vlanbm.py
        • init.py
      • cisco
        • cfg_agent
        • common
        • db
        • extensions
        • l2device_plugin_base.py
        • l3
        • models
        • n1kv
        • network_plugin.py
        • service_plugins
        • init.py
      • common
        • constants.py
        • utils.py
        • init.py
      • embrane
        • agent
        • base_plugin.py
        • common
        • l2base
        • plugins
        • init.py
      • hyperv
        • agent
        • agent_notifier_api.py
        • common
        • db.py
        • hyperv_neutron_plugin.py
        • model.py
        • rpc_callbacks.py
        • init.py
      • ibm
        • agent
        • common
        • sdnve_api.py
        • sdnve_api_fake.py
        • sdnve_neutron_plugin.py
      • linuxbridge
        • agent
        • common
        • db
        • init.py
      • metaplugin
        • common
        • meta_db_v2.py
        • meta_models_v2.py
        • meta_neutron_plugin.py
        • proxy_neutron_plugin.py
        • init.py
      • midonet
        • agent
        • common
        • midonet_lib.py
        • plugin.py
        • init.py
      • ml2
        • common
        • config.py
        • db.py
        • drivers
        • driver_api.py
        • driver_context.py
        • managers.py
        • models.py
        • plugin.py
        • rpc.py
      • mlnx
        • agent
        • agent_notify_api.py
        • common
        • db
        • mlnx_plugin.py
        • rpc_callbacks.py
        • init.py
      • nec
        • agent
        • common
        • db
        • drivers
        • extensions
        • nec_plugin.py
        • nec_router.py
        • ofc_driver_base.py
        • ofc_manager.py
        • packet_filter.py
        • router_drivers.py
        • init.py
      • nuage
        • common
        • extensions
        • nuagedb.py
        • nuage_models.py
        • plugin.py
        • syncmanager.py
        • init.py
      • ofagent
        • agent
        • common
      • oneconvergence
        • agent
        • lib
        • plugin.py
        • init.py
      • opencontrail
        • common
        • contrail_plugin.py
        • init.py
      • openvswitch
        • agent
        • common
        • ovs_models_v2.py
        • init.py
      • plumgrid
        • common
        • drivers
        • plumgrid_plugin
        • init.py
      • sriovnicagent
        • common
        • eswitch_manager.py
        • pci_lib.py
        • sriov_nic_agent.py
        • init.py
      • vmware
        • api_client
        • check_nsx_config.py
        • common
        • dbexts
        • dhcpmeta_modes.py
        • dhcp_meta
        • extensions
        • nsxlib
        • nsx_cluster.py
        • plugin.py
        • plugins
        • shell
        • vshield
        • init.py
    • scheduler
      • dhcp_agent_scheduler.py
      • l3_agent_scheduler.py
    • server
    • service.py
    • services
      • firewall
        • agents
        • drivers
        • fwaas_plugin.py
      • l3_router
        • brocade
        • l3_apic.py
        • l3_arista.py
        • l3_router_plugin.py
        • init.py
      • loadbalancer
        • agent
        • agent_scheduler.py
        • constants.py
        • drivers
        • plugin.py
      • metering
        • agents
        • drivers
        • metering_plugin.py
      • provider_configuration.py
      • service_base.py
      • vpn
        • agent.py
        • common
        • device_drivers
        • plugin.py
        • service_drivers
        • init.py
      • init.py
    • tests
      • base.py
      • common
        • agents
        • init.py
      • etc
        • rootwrap.d
      • fake_notifier.py
      • functional
        • agent
        • base.py
        • contrib
        • db
        • sanity
        • init.py
      • post_mortem_debug.py
      • tools.py
      • unit
      • var
      • init.py
    • auth.py
    • context.py
    • hooks.py
    • i18n.py
    • manager.py
    • neutron_plugin_base_v2.py
    • policy.py
    • quota.py
    • service.py
    • version.py
    • wsgi.py
  • rally-jobs
    • extra
      • README.rst
    • plugins
      • README.rst
      • init.py
    • neutron-neutron.yaml
    • README.rst
  • tools
    • check_bash.sh
    • check_i18n.py
    • check_i18n_test_case.txt
    • clean.sh
    • i18n_cfg.py
    • install_venv.py
    • install_venv_common.py
    • pretty_tox.sh
    • with_venv.sh
  • 理解代码
    • 调用逻辑
    • REST API 专题
    • RPC 专题
      • agent RPC
      • plugin RPC
      • neutron-server RPC
    • Plugin 专题
    • Extension 专题
    • Agent 专题
    • Driver 专题
Powered by GitBook
On this page

Was this helpful?

  1. etc

policy.json

配置策略。每次进行API调用时,会采取对应的检查,policy.json文件发生更新后会立即生效。

目前支持的策略有三种:rule、role或者generic。

其中rule后面会跟一个文件名,例如

"get_floatingip": "rule:admin_or_owner",

其策略为rule:admin_or_owner,表明要从文件中读取具体策略内容。 role策略后面会跟一个role名称,表明只有指定role才可以执行。 generic策略则根据参数来进行比较。

{
    "context_is_admin":  "role:admin",
    "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
    "context_is_advsvc":  "role:advsvc",
    "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
    "admin_only": "rule:context_is_admin",
    "regular_user": "",
    "shared": "field:networks:shared=True",
    "shared_firewalls": "field:firewalls:shared=True",
    "external": "field:networks:router:external=True",
    "default": "rule:admin_or_owner",

    "create_subnet": "rule:admin_or_network_owner",
    "get_subnet": "rule:admin_or_owner or rule:shared",
    "update_subnet": "rule:admin_or_network_owner",
    "delete_subnet": "rule:admin_or_network_owner",

    "create_network": "",
    "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
    "get_network:router:external": "rule:regular_user",
    "get_network:segments": "rule:admin_only",
    "get_network:provider:network_type": "rule:admin_only",
    "get_network:provider:physical_network": "rule:admin_only",
    "get_network:provider:segmentation_id": "rule:admin_only",
    "get_network:queue_id": "rule:admin_only",
    "create_network:shared": "rule:admin_only",
    "create_network:router:external": "rule:admin_only",
    "create_network:segments": "rule:admin_only",
    "create_network:provider:network_type": "rule:admin_only",
    "create_network:provider:physical_network": "rule:admin_only",
    "create_network:provider:segmentation_id": "rule:admin_only",
    "update_network": "rule:admin_or_owner",
    "update_network:segments": "rule:admin_only",
    "update_network:shared": "rule:admin_only",
    "update_network:provider:network_type": "rule:admin_only",
    "update_network:provider:physical_network": "rule:admin_only",
    "update_network:provider:segmentation_id": "rule:admin_only",
    "update_network:router:external": "rule:admin_only",
    "delete_network": "rule:admin_or_owner",

    "create_port": "",
    "create_port:mac_address": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "create_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "create_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "create_port:binding:host_id": "rule:admin_only",
    "create_port:binding:profile": "rule:admin_only",
    "create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "get_port": "rule:admin_or_owner or rule:context_is_advsvc",
    "get_port:queue_id": "rule:admin_only",
    "get_port:binding:vif_type": "rule:admin_only",
    "get_port:binding:vif_details": "rule:admin_only",
    "get_port:binding:host_id": "rule:admin_only",
    "get_port:binding:profile": "rule:admin_only",
    "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
    "update_port:fixed_ips": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "update_port:port_security_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "update_port:binding:host_id": "rule:admin_only",
    "update_port:binding:profile": "rule:admin_only",
    "update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
    "delete_port": "rule:admin_or_owner or rule:context_is_advsvc",

    "get_router:ha": "rule:admin_only",
    "create_router": "rule:regular_user",
    "create_router:external_gateway_info:enable_snat": "rule:admin_only",
    "create_router:distributed": "rule:admin_only",
    "create_router:ha": "rule:admin_only",
    "get_router": "rule:admin_or_owner",
    "get_router:distributed": "rule:admin_only",
    "update_router:external_gateway_info:enable_snat": "rule:admin_only",
    "update_router:distributed": "rule:admin_only",
    "update_router:ha": "rule:admin_only",
    "delete_router": "rule:admin_or_owner",

    "add_router_interface": "rule:admin_or_owner",
    "remove_router_interface": "rule:admin_or_owner",

    "create_firewall": "",
    "get_firewall": "rule:admin_or_owner",
    "create_firewall:shared": "rule:admin_only",
    "get_firewall:shared": "rule:admin_only",
    "update_firewall": "rule:admin_or_owner",
    "update_firewall:shared": "rule:admin_only",
    "delete_firewall": "rule:admin_or_owner",

    "create_firewall_policy": "",
    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls",
    "create_firewall_policy:shared": "rule:admin_or_owner",
    "update_firewall_policy": "rule:admin_or_owner",
    "delete_firewall_policy": "rule:admin_or_owner",

    "create_firewall_rule": "",
    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
    "update_firewall_rule": "rule:admin_or_owner",
    "delete_firewall_rule": "rule:admin_or_owner",

    "create_qos_queue": "rule:admin_only",
    "get_qos_queue": "rule:admin_only",

    "update_agent": "rule:admin_only",
    "delete_agent": "rule:admin_only",
    "get_agent": "rule:admin_only",

    "create_dhcp-network": "rule:admin_only",
    "delete_dhcp-network": "rule:admin_only",
    "get_dhcp-networks": "rule:admin_only",
    "create_l3-router": "rule:admin_only",
    "delete_l3-router": "rule:admin_only",
    "get_l3-routers": "rule:admin_only",
    "get_dhcp-agents": "rule:admin_only",
    "get_l3-agents": "rule:admin_only",
    "get_loadbalancer-agent": "rule:admin_only",
    "get_loadbalancer-pools": "rule:admin_only",

    "create_floatingip": "rule:regular_user",
    "update_floatingip": "rule:admin_or_owner",
    "delete_floatingip": "rule:admin_or_owner",
    "get_floatingip": "rule:admin_or_owner",

    "create_network_profile": "rule:admin_only",
    "update_network_profile": "rule:admin_only",
    "delete_network_profile": "rule:admin_only",
    "get_network_profiles": "",
    "get_network_profile": "",
    "update_policy_profiles": "rule:admin_only",
    "get_policy_profiles": "",
    "get_policy_profile": "",

    "create_metering_label": "rule:admin_only",
    "delete_metering_label": "rule:admin_only",
    "get_metering_label": "rule:admin_only",

    "create_metering_label_rule": "rule:admin_only",
    "delete_metering_label_rule": "rule:admin_only",
    "get_metering_label_rule": "rule:admin_only",

    "get_service_provider": "rule:regular_user",
    "get_lsn": "rule:admin_only",
    "create_lsn": "rule:admin_only"
}
Previousneutron.confNextrootwrap.conf

Last updated 5 years ago

Was this helpful?