/
core.xproto
595 lines (508 loc) · 49.7 KB
/
core.xproto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
option app_label = "core";
option legacy="True";
// use thi policy to allow access to admins only
policy admin_policy < ctx.user.is_admin >
message XOSBase {
option skip_init = True;
option custom_header = "xosbase_header";
option abstract = True;
// field 1 is reserved for "id"
required string created = 2 [content_type = "date", auto_now_add = True, help_text = "Time this model was created"];
required string updated = 3 [default = "now()", content_type = "date", help_text = "Time this model was changed by a non-synchronizer"];
optional string enacted = 4 [null = True, content_type = "date", blank = True, default = None, help_text = "When synced, set to the timestamp of the data that was synced"];
optional string policed = 5 [null = True, content_type = "date", blank = True, default = None, help_text = "When policed, set to the timestamp of the data that was policed"];
optional string backend_register = 6 [default = "{}", max_length = 1024, feedback_state = True];
required bool backend_need_delete = 7 [default = False, blank = True];
required bool backend_need_reap = 8 [default = False, blank = True];
required string backend_status = 9 [default = "Provisioning in progress", max_length = 1024, null = True, feedback_state = True];
required int32 backend_code = 10 [default = 0, feedback_state = True];
required bool deleted = 11 [default = False, blank = True];
required bool write_protect = 12 [default = False, blank = True];
required bool lazy_blocked = 13 [default = False, blank = True];
required bool no_sync = 14 [default = False, blank = True];
required bool no_policy = 15 [default = False, blank = True];
optional string policy_status = 16 [default = "Policy in process", max_length = 1024, feedback_state = True];
optional int32 policy_code = 17 [default = 0, feedback_state = True];
required string leaf_model_name = 18 [null = False, max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"];
required bool backend_need_delete_policy = 19 [default = False, help_text = "True if delete model_policy must be run before object can be reaped", blank = True];
required bool xos_managed = 20 [default = True, help_text = "True if xos is responsible for creating/deleting this object", blank = True, gui_hidden = True];
optional string backend_handle = 21 [max_length = 1024, feedback_state = True, blank=True, null=True, help_text = "Handle used by the backend to track this object", gui_hidden = True];
optional string changed_by_step = 22 [null = True, content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a sync step"];
optional string changed_by_policy = 23 [null = True, content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a model policy"];
}
// The calling user represents the user being accessed, or is a site admin.
policy user_policy <
ctx.user.is_admin
| ctx.user.id = obj.id
| (exists Privilege:
Privilege.accessor_id = ctx.user.id
& Privilege.accessor_type = "User"
& Privilege.permission = "role:admin"
& Privilege.object_type = "Site"
& Privilege.object_id = ctx.user.site.id) >
message User::user_policy (AbstractBaseUser,PlModelMixIn) {
option skip_django = True;
option description = "An XOS User";
// field 1 is reserved for "id"
required string email = 2 [db_index = True, max_length = 255, null = False, blank = False, tosca_key=True];
required string username = 3 [default = "Something", max_length = 255, content_type = "stripped", blank = False, null = False, db_index = False];
required string password = 4 [default = "Something", max_length = 255, blank = False, null = False, db_index = False];
optional string last_login = 5 [db_index = False, null = True, content_type = "date", blank = True];
required string firstname = 6 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's given name", null = False, db_index = False];
required string lastname = 7 [max_length = 200, content_type = "stripped", blank = False, help_text = "person's surname", null = False, db_index = False];
optional string phone = 8 [max_length = 100, content_type = "stripped", blank = True, help_text = "phone number contact", null = True, db_index = False];
optional string user_url = 9 [db_index = False, max_length = 200, null = True, content_type = "url", blank = True];
required manytoone site->Site:users = 10:1001 [help_text = "Site this user will be homed too", null = False, db_index = True, blank = False];
optional string public_key = 11 [help_text = "Public key string", max_length = 1024, null = True, db_index = False, blank = True, varchar = True];
required bool is_active = 12 [default = True, null = False, db_index = False, blank = True];
required bool is_admin = 13 [default = False, null = False, db_index = False, blank = True];
required bool is_staff = 14 [default = True, null = False, db_index = False, blank = True];
required bool is_readonly = 15 [default = False, null = False, db_index = False, blank = True];
required bool is_registering = 16 [default = False, null = False, db_index = False, blank = True];
required bool is_appuser = 17 [default = False, null = False, db_index = False, blank = True];
optional string login_page = 18 [max_length = 200, content_type = "stripped", blank = True, help_text = "send this user to a specific page on login", null = True, db_index = False];
required string created = 19 [db_index = False, null = False, content_type = "date", blank = True];
required string updated = 20 [db_index = False, null = False, content_type = "date", blank = True];
optional string enacted = 21 [db_index = False, null = True, content_type = "date", blank = False];
optional string policed = 22 [db_index = False, null = True, content_type = "date", blank = False];
required string backend_status = 23 [default = "Provisioning in progress", max_length = 1024, content_type = "stripped", blank = False, null = False, db_index = False];
required int32 backend_code = 24 [default = 0];
required bool backend_need_delete = 25 [default = False, null = False, db_index = False, blank = True];
required bool backend_need_reap = 26 [default = False, null = False, db_index = False, blank = True];
required bool deleted = 27 [default = False, null = False, db_index = False, blank = True];
required bool write_protect = 28 [default = False, null = False, db_index = False, blank = True];
required bool lazy_blocked = 29 [default = False, null = False, db_index = False, blank = True];
required bool no_sync = 30 [default = False, null = False, db_index = False, blank = True];
required bool no_policy = 31 [default = False, null = False, db_index = False, blank = True];
required string timezone = 32 [default = "America/New_York", max_length = 100, blank = False, null = False, db_index = False];
optional string policy_status = 33 [default = "0 - Policy in process", max_length = 1024];
optional int32 policy_code = 34 [default = 0];
required string leaf_model_name = 35 [null = False, max_length = 1024, help_text = "The most specialized model in this chain of inheritance, often defined by a service developer"];
required bool backend_need_delete_policy = 36 [default = False, help_text = "True if delete model_policy must be run before object can be reaped", blank = True];
required bool xos_managed = 37 [default = True, help_text = "True if xos is responsible for creating/deleting this object", blank = True, gui_hidden = True];
optional string backend_handle = 38 [max_length = 1024, feedback_state = True, blank=True, null=True, help_text = "Handle used by the backend to track this object", gui_hidden = True];
optional string changed_by_step = 39 [null = True, content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a sync step"];
optional string changed_by_policy = 40 [null = True, content_type = "date", blank = True, default = None, gui_hidden = True, help_text = "Time this model was changed by a model policy"];
}
// A user may give a permission that he has to another user
policy grant_policy < ctx.user.is_admin
| exists Privilege:Privilege.object_type = obj.object_type
& Privilege.object_id = obj.object_id
& Privilege.accessor_type = "User"
& Privilege.accessor_id = ctx.user.id
& Privilege.permission = "role:admin" >
message Privilege::grant_policy (XOSBase) {
required int32 accessor_id = 1 [null = False, blank=False];
required string accessor_type = 2 [null = False, max_length=1024, blank = False];
optional int32 controller_id = 3 [null = True, blank = True];
required int32 object_id = 4 [null = False, blank=False];
required string object_type = 5 [null = False, max_length=1024, blank = False];
required string permission = 6 [null = False, default = "all", max_length=1024, tosca_key=True];
required string granted = 7 [content_type = "date", auto_now_add = True, max_length=1024];
required string expires = 8 [content_type = "date", null = True, max_length=1024];
}
message AddressPool (XOSBase) {
required string name = 1 [db_index = False, max_length = 32, null = False, blank = False, unique = True, help_text="Name of this AddressPool"];
optional string addresses = 2 [db_index = False, null = True, blank = True, varchar = True, help_text="Space-separated list of available addresses"];
required string gateway_ip = 3 [db_index = False, max_length = 32, help_text="Gateway IP address for this AddressPool"];
required string gateway_mac = 4 [db_index = False, max_length = 32, help_text="Gateway MAC address for this AddressPool"];
required string cidr = 5 [db_index = False, max_length = 32, help_text="Subnet for this AddressPool"];
optional string inuse = 6 [db_index = False, null = True, blank = True, varchar = True, help_text="Space-separated list of inuse addresses"];
optional manytoone service->Service:addresspools = 7:1001 [db_index = True, null = True, blank = True, help_text="Service this AddressPool belongs to"];
}
message ComputeServiceInstance (ServiceInstance) {
required manytoone slice->Slice:computeserviceinstances = 1:1001 [db_index = True, null = False, blank = False, help_text = "Slice that controls this ServiceInstance"];
required manytoone image->Image:computeserviceinstances = 2:1001 [db_index = True, null = False, blank = False, help_text = "Image used to instantiate this ServiceInstance"];
}
// Admins at a deployment have access to controllers at those deployments
policy controller_policy
< ctx.user.is_admin
| exists Privilege:
Privilege.accessor_id = ctx.user.id
& Privilege.object_type = "Deployment"
& Privilege.permission = "role:admin"
& Privilege.object_id = obj.id >
message Controller::controller_policy (XOSBase) {
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Controller", null = False, db_index = False, unique = True];
required string backend_type = 2 [max_length = 200, content_type = "stripped", blank = False, help_text = "Type of compute controller, e.g. EC2, OpenStack, or OpenStack version", null = False, db_index = False];
required string version = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Controller version", null = False, db_index = False];
optional string auth_url = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "Auth url for the compute controller", null = True, db_index = False];
optional string admin_user = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Username of an admin user at this controller", null = True, db_index = False];
optional string admin_password = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Password of theadmin user at this controller", null = True, db_index = False];
optional string admin_tenant = 7 [max_length = 200, content_type = "stripped", blank = True, help_text = "Name of the tenant the admin user belongs to", null = True, db_index = False];
optional string domain = 8 [max_length = 200, content_type = "stripped", blank = True, help_text = "Name of the domain this controller belongs to", null = True, db_index = False];
optional string rabbit_host = 9 [max_length = 200, content_type = "stripped", blank = True, help_text = "IP address of rabbitmq server at this controller", null = True, db_index = False];
optional string rabbit_user = 10 [max_length = 200, content_type = "stripped", blank = True, help_text = "Username of rabbitmq server at this controller", null = True, db_index = False];
optional string rabbit_password = 11 [max_length = 200, content_type = "stripped", blank = True, help_text = "Password of rabbitmq server at this controller", null = True, db_index = False];
required manytoone deployment->Deployment:controllerdeployments = 12:1001 [db_index = True, null = False, blank = False];
}
message ControllerImages (XOSBase) {
required manytoone image->Image:controllerimages = 1:1002 [db_index = True, null = False, blank = False, unique_with = "controller"];
required manytoone controller->Controller:controllerimages = 2:1001 [db_index = True, null = False, blank = False];
optional string glance_image_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Glance image id", null = True, db_index = False];
}
// Everyone has read access
// For write access, you have to be a site_admin
policy site_policy <
ctx.user.is_admin
| (ctx.write_access -> exists Privilege: Privilege.object_type = "Site" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") >
// If you can access (read or write) the site, you can also access its slices
// Otherwise, you need an explicit privilege on the Slice (admin for write access)
// or admin privilege on the associated site.
policy slice_policy <
ctx.user.is_admin
| (*site_policy(site)
& (ctx.user = obj.creator
| (exists Privilege:
Privilege.accessor_id = ctx.user.id
& Privilege.accessor_type = "User"
& Privilege.object_type = "Slice"
& Privilege.object_id = obj.id
& (ctx.write_access -> Privilege.permission = "role:admin"))
)
|
(exists Privilege:
Privilege.accessor_id = ctx.user.id
& Privilege.accessor_type = "User"
& Privilege.object_type = "Slice"
& Privilege.object_id = obj.id)
| (exists Privilege:
Privilege.accessor_id = ctx.user.id
& Privilege.accessor_type = "User"
& Privilege.object_type = "Site"
& Privilege.object_id = obj.site.id
& Privilege.permission = "role:admin")
) >
policy controller_network_policy <
ctx.user.is_admin
| *slice_policy(network.owner) >
message ControllerNetwork::controller_network_policy (XOSBase) {
required manytoone network->Network:controllernetworks = 1:1001 [db_index = True, null = False, blank = False, unique_with = "controller"];
required manytoone controller->Controller:controllernetworks = 2:1002 [db_index = True, null = False, blank = False];
required string subnet = 3 [db_index = False, max_length = 32, null = False, blank = True];
required string start_ip = 4 [db_index = False, max_length = 32, null = False, blank = True];
required string stop_ip = 5 [db_index = False, max_length = 32, null = False, blank = True];
optional string net_id = 6 [help_text = "Neutron network", max_length = 256, null = True, db_index = False, blank = True];
optional string router_id = 7 [help_text = "Neutron router id", max_length = 256, null = True, db_index = False, blank = True];
optional string subnet_id = 8 [help_text = "Neutron subnet id", max_length = 256, null = True, db_index = False, blank = True];
optional string gateway = 9 [db_index = False, max_length = 32, null = True, blank = True];
optional string segmentation_id = 10 [db_index = False, max_length = 32, null = True, blank = True];
}
message ControllerRole (XOSBase) {
required string role = 1 [choices = "(('admin', 'Admin'),)", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False];
}
message ControllerSite (XOSBase) {
required manytoone site->Site:controllersite = 1:1002 [db_index = True, null = False, blank = False, unique_with="controller", tosca_key = True];
optional manytoone controller->Controller:controllersite = 2:1003 [db_index = True, null = True, blank = True, tosca_key = True];
optional string tenant_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone tenant id", null = True, db_index = True];
}
message ControllerSitePrivilege (XOSBase) {
required manytoone controller->Controller:controllersiteprivileges = 1:1004 [db_index = True, null = False, blank = False, unique_with = "site_privilege"];
required manytoone site_privilege->SitePrivilege:controllersiteprivileges = 2:1001 [db_index = True, null = False, blank = False, unique_with = "role_id"];
optional string role_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone id", null = True, db_index = True];
}
policy controller_slice_policy <
ctx.user.is_admin
| *slice_policy(slice) >
message ControllerSlice::controller_slice_policy (XOSBase) {
required manytoone controller->Controller:controllerslices = 1:1005 [db_index = True, null = False, blank = False, unique_with = "slice"];
required manytoone slice->Slice:controllerslices = 2:1002 [db_index = True, null = False, blank = False];
optional string tenant_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone tenant id", null = True, db_index = False];
}
message ControllerSlicePrivilege (XOSBase) {
required manytoone controller->Controller:controllersliceprivileges = 1:1006 [db_index = True, null = False, blank = False, unique_with = "slice_privilege"];
required manytoone slice_privilege->SlicePrivilege:controllersliceprivileges = 2:1001 [db_index = True, null = False, blank = False];
optional string role_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone id", null = True, db_index = True];
}
policy controller_user_policy <
ctx.user.is_admin
| (ctx.read_access & *user_policy(user)) >
message ControllerUser::controller_user_policy (XOSBase) {
required manytoone user->User:controllerusers = 1:1001 [db_index = True, null = False, blank = False];
required manytoone controller->Controller:controllersusers = 2:1007 [db_index = True, null = False, blank = False, unique_with = "user"];
optional string kuser_id = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Keystone user id", null = True, db_index = False];
}
// Everyone has read access
// For write access you need admin privileges at that deployment
policy deployment_policy <
ctx.user.is_admin
| (ctx.write_access -> exists Privilege: Privilege.object_type = "Deployment" & Privilege.object_id = obj.id & Privilege.accessor_id = ctx.user.id & Privilege.permission = "role:admin") >
message Deployment::deployment_policy (XOSBase) {
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Deployment", null = False, db_index = False, unique = True];
required string accessControl = 2 [default = "allow all", max_length = 200, blank = False, help_text = "Access control list that specifies which sites/users may use nodes in this deployment", null = False, db_index = False, varchar = True];
}
message Flavor (XOSBase) {
required string name = 1 [max_length = 32, content_type = "stripped", blank = False, help_text = "name of this flavor, as displayed to users", null = False, db_index = False, unique = True];
optional string description = 2 [db_index = False, max_length = 1024, null = True, content_type = "stripped", blank = True];
required string flavor = 3 [max_length = 32, content_type = "stripped", blank = True, help_text = "flavor string used to configure deployments", null = False, db_index = False];
}
message Image (XOSBase) {
required string name = 1 [db_index = False, max_length = 256, null = False, content_type = "stripped", blank = False, unique_with = "tag"];
required string kind = 2 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'))", max_length = 30, blank = False, null = False, db_index = False];
optional string disk_format = 3 [db_index = False, max_length = 256, null = True, content_type = "stripped", blank = True];
optional string container_format = 4 [db_index = False, max_length = 256, null = True, content_type = "stripped", blank = True];
optional string path = 5 [max_length = 256, content_type = "stripped", blank = True, help_text = "Path to image on local disk", null = True, db_index = False];
optional string tag = 6 [max_length = 256, content_type = "stripped", blank = True, help_text = "For Docker Images, tag of image", null = True, db_index = False];
}
policy image_deployment_policy <
*deployment_policy(deployment)
>
message ImageDeployments (XOSBase) {
required manytoone image->Image:imagedeployments = 1:1003 [db_index = True, null = False, blank = False, unique_with = "deployment"];
required manytoone deployment->Deployment:imagedeployments = 2:1002 [db_index = True, null = False, blank = False];
}
policy instance_creator < obj.creator >
policy instance_isolation < (obj.isolation = "container" | obj.isolation = "container_vm" ) -> (obj.image.kind = "container") >
policy instance_isolation_container_vm_parent < (obj.isolation = "container_vm") -> obj.parent >
policy instance_parent_isolation_container_vm < obj.parent -> ( obj.isolation = "container_vm" ) >
policy instance_isolation_vm < (obj.isolation = "vm") -> (obj.image.kind = "vm") >
policy instance_creator_privilege < not (obj.slice.creator = obj.creator) -> exists Privilege:Privilege.object_id = obj.slice.id & Privilege.accessor_id = obj.creator.id & Privilege.object_type = "Slice" >
policy instance_policy < *slice_policy(slice) >
message Instance::instance_policy (XOSBase) {
option validators = "instance_creator:Instance has no creator, instance_isolation: Container instance {obj.name} must use container image, instance_isolation_container_vm_parent:Container-vm instance {obj.name} must have a parent, instance_parent_isolation_container_vm:Parent field can only be set on Container-vm instances ({obj.name}), instance_isolation_vm: VM Instance {obj.name} must use VM image, instance_creator_privilege: instance creator has no privileges on slice";
optional string instance_id = 1 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance id", null = True, db_index = False, feedback_state = True];
optional string instance_uuid = 2 [max_length = 200, content_type = "stripped", blank = True, help_text = "Nova instance uuid", null = True, db_index = False, feedback_state = True];
required string name = 3 [max_length = 200, content_type = "stripped", blank = False, help_text = "Instance name", null = False, db_index = False];
optional string instance_name = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "OpenStack generated name", null = True, db_index = False, feedback_state = True];
optional string ip = 5 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False, gui_hidden = True];
required manytoone image->Image:instances = 6:1004 [db_index = True, null = False, blank = False];
optional manytoone creator->User:instances = 7:1002 [db_index = True, null = True, blank = True];
required manytoone slice->Slice:instances = 8:1003 [db_index = True, null = False, blank = False];
required manytoone deployment->Deployment:instance_deployment = 9:1003 [db_index = True, null = False, blank = False];
required manytoone node->Node:instances = 10:1001 [db_index = True, null = False, blank = False];
required int32 numberCores = 11 [help_text = "Number of cores for instance", default = 0, null = False, db_index = False, blank = False];
required manytoone flavor->Flavor:instance = 12:1001 [help_text = "Flavor of this instance", null = False, db_index = True, blank = False];
optional string userData = 13 [help_text = "user_data passed to instance during creation", null = True, db_index = False, blank = True, varchar = True];
required string isolation = 14 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False];
optional string volumes = 15 [help_text = "Comma-separated list of directories to expose to parent context", null = True, db_index = False, blank = True];
optional manytoone parent->Instance:instance = 16:1001 [help_text = "Parent Instance for containers nested inside of VMs", null = True, db_index = True, blank = True];
}
policy network_policy < *slice_policy(owner) >
message Network::network_policy (XOSBase) {
required string name = 1 [db_index = False, max_length = 32, null = False, blank = False, unique = True];
required manytoone template->NetworkTemplate:network = 2:1001 [db_index = True, null = False, blank = False];
required string subnet = 3 [db_index = False, max_length = 32, null = False, blank = True];
required string start_ip = 4 [db_index = False, max_length = 32, null = False, blank = True];
required string end_ip = 5 [db_index = False, max_length = 32, null = False, blank = True];
optional string ports = 6 [db_index = False, max_length = 1024, null = True, blank = True];
optional string labels = 7 [db_index = False, max_length = 1024, null = True, blank = True];
required manytoone owner->Slice:ownedNetworks = 8:1004 [help_text = "Slice that owns control of this Network", null = False, db_index = True, blank = False];
required bool permit_all_slices = 10 [default = False, null = False, db_index = False, blank = True];
required bool autoconnect = 17 [help_text = "This network can be autoconnected to the slice that owns it", default = True, null = False, db_index = False, blank = True];
required manytomany permitted_slices->Slice/Network_permitted_slices:availableNetworks = 18:1005 [db_index = False, blank = True];
}
message NetworkParameter (XOSBase) {
required manytoone parameter->NetworkParameterType:networkparameters = 1:1001 [help_text = "The type of the parameter", null = False, db_index = True, blank = False];
required string value = 2 [help_text = "The value of this parameter", max_length = 1024, null = False, db_index = False, blank = False];
required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this network parameter", null = False, db_index = False];
required uint32 object_id = 5 [db_index = False, null = False, blank = False, help_text = "Object linked to this NetworkParameter"];
}
message NetworkParameterType (XOSBase) {
required string name = 1 [help_text = "The name of this parameter", max_length = 128, null = False, db_index = True, blank = False, unique = True];
required string description = 2 [db_index = False, max_length = 1024, null = False, blank = True];
}
policy network_slice_validator < (obj.slice in obj.network.permitted_slices.all()) | (obj.slice = obj.network.owner) | obj.network.permit_all_slices >
policy network_slice_policy < *slice_policy(slice) & *network_policy(network) >
message NetworkSlice::network_slice_policy (XOSBase) {
option validators = "network_slice_validator:Slice {obj.slice.name} is not allowed to connect to networks {obj.network}";
required manytoone network->Network:networkslices = 1:1002 [db_index = True, null = False, blank = False, unique_with = "slice", tosca_key=True];
required manytoone slice->Slice:networkslices = 2:1006 [db_index = True, null = False, blank = False, tosca_key=True];
}
message NetworkTemplate (XOSBase) {
required string name = 1 [db_index = False, max_length = 32, null = False, blank = False, unique = True];
optional string description = 2 [db_index = False, max_length = 1024, null = True, blank = True];
required string visibility = 4 [default = "private", choices = "(('public', 'public'), ('private', 'private'))", max_length = 30, blank = False, null = False, db_index = False];
required string translation = 5 [default = "none", choices = "(('none', 'none'), ('NAT', 'NAT'))", max_length = 30, blank = False, null = False, db_index = False];
optional string access = 6 [choices = "((None, 'None'), ('indirect', 'Indirect'), ('direct', 'Direct'))", max_length = 30, blank = True, help_text = "Advertise this network as a means for other slices to contact this slice", null = True, db_index = False];
optional string shared_network_name = 7 [db_index = False, max_length = 30, null = True, blank = True];
optional string shared_network_id = 8 [help_text = "Quantum network", max_length = 256, null = True, db_index = False, blank = True];
required string topology_kind = 9 [default = "bigswitch", choices = "(('bigswitch', 'BigSwitch'), ('physical', 'Physical'), ('custom', 'Custom'))", max_length = 30, blank = False, null = False, db_index = False];
optional string controller_kind = 10 [blank = True, max_length = 30, null = True, db_index = False, choices = "((None, 'None'), ('onos', 'ONOS'), ('custom', 'Custom'))"];
optional string vtn_kind = 11 [default = "PRIVATE", choices = "(('PRIVATE', 'Private'), ('PUBLIC', 'Public'), ('MANAGEMENT_LOCAL', 'Management Local'), ('MANAGEMENT_HOST', 'Management Host'), ('VSG', 'VSG'), ('ACCESS_AGENT', 'Access Agent'), ('FLAT', 'Flat'))", max_length = 30, blank = True, null = True, db_index = False];
}
policy node_policy < *site_policy(site_deployment.site) >
message Node::node_policy (XOSBase) {
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the Node", null = False, db_index = False, unique = True];
required manytoone site_deployment->SiteDeployment:nodes = 2:1001 [db_index = True, null = False, blank = False];
optional string bridgeId = 3 [max_length = 200, content_type = "stripped", blank = True, help_text = "Bridge Id", null = True, db_index = False];
optional string dataPlaneIntf = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Interface", null = True, db_index = False];
optional string dataPlaneIp = 5 [max_length = 200, content_type = "stripped", blank = True, help_text = "Dataplane Ip", null = True, db_index = False];
optional string hostManagementIface = 6 [max_length = 200, content_type = "stripped", blank = True, help_text = "Host Management Interface", null = True, db_index = False];
}
message NodeLabel (XOSBase) {
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "label name", null = False, db_index = False, unique = True];
required manytomany node->Node/NodeLabel_node:nodelabels = 2:1002 [db_index = False, blank = True];
}
policy port_policy < *instance_policy(instance) & *network_policy(network) >
message Port::port_policy (XOSBase) {
required manytoone network->Network:links = 1:1003 [db_index = True, null = False, blank = False, unique_with = "instance", help_text = "Network bound to this port"];
optional manytoone instance->Instance:ports = 2:1002 [db_index = True, null = True, blank = True, help_text = "Instance bound to this port"];
optional string ip = 3 [max_length = 39, content_type = "ip", blank = True, help_text = "Instance ip address", null = True, db_index = False];
optional string port_id = 4 [help_text = "Neutron port id", max_length = 256, null = True, db_index = False, blank = True];
optional string mac = 5 [help_text = "MAC address associated with this port", max_length = 256, null = True, db_index = False, blank = True];
required bool xos_created = 6 [default = False, null = False, db_index = False, blank = True];
optional manytoone service_instance->ServiceInstance:ports = 7:1001 [db_index = True, null = True, blank = True, help_text = "ServiceInstance bound to this port"];
}
message Principal (XOSBase) {
required string name = 1 [max_length = 128, null = False, db_index = True, blank = False, help_text = "The name of this principal"];
required manytoone trust_domain->TrustDomain:principals = 2:1001 [db_index = True, null = False, blank = False, help_text = "Trust domain this principal resides in"];
}
message Role (XOSBase) {
required string role_type = 1 [db_index = False, max_length = 80, null = False, content_type = "stripped", blank = False];
optional string role = 2 [db_index = False, max_length = 80, null = True, content_type = "stripped", blank = True];
required string description = 3 [db_index = False, max_length = 120, null = False, content_type = "stripped", blank = False];
}
policy service_policy <ctx.user.is_admin | exists Privilege: Privilege.accessor_id = ctx.user.id & Privilege.accessor_type = "User" & Privilege.object_type = "Service" & Privilege.object_id = obj.id >
message Service (XOSBase,AttributeMixin) {
optional string description = 1 [help_text = "Description of Service", max_length = 254, null = True, db_index = False, blank = True, varchar = True];
required bool enabled = 2 [default = True, null = False, db_index = False, blank = True, gui_hidden = True];
required string kind = 3 [default = "generic", max_length = 30, content_type = "stripped", blank = False, help_text = "Kind of service", null = False, db_index = False, choices="(('generic', 'Generic'), ('data', 'Data Plane'), ('control', 'Control Plane'), ('oss', 'OSS'))"];
required string name = 4 [max_length = 30, content_type = "stripped", blank = False, help_text = "Service Name", null = False, db_index = False, unique = True];
optional string versionNumber = 5 [max_length = 30, content_type = "stripped", blank = True, help_text = "Version of Service Definition", null = True, db_index = False];
required bool published = 6 [default = True, null = False, db_index = False, blank = True, gui_hidden = True];
optional string icon_url = 8 [db_index = False, max_length = 1024, null = True, content_type = "stripped", blank = True, gui_hidden = True];
optional string public_key = 9 [help_text = "Public key string", max_length = 4096, null = True, db_index = False, blank = True, varchar = True, gui_hidden = True];
optional string private_key_fn = 10 [db_index = False, max_length = 4096, null = True, content_type = "stripped", blank = True, gui_hidden = True];
optional string service_specific_id = 11 [db_index = False, max_length = 30, null = True, content_type = "stripped", blank = True];
optional string service_specific_attribute = 12 [db_index = False, null = True, blank = True, varchar = True, gui_hidden = True];
}
message ServicePort (XOSBase) {
required string name = 1 [max_length = 128, null = False, db_index = False, blank = False, help_text = "Service Port Name"];
required int32 external_port = 2 [blank = False, help_text = "external port number"];
required int32 internal_port = 3 [blank = False, help_text = "internal port number"];
required string protocol = 4 [max_length = 32, null = False, db_index = False, blank = False, default="TCP", help_text = "Protocol"];
required manytoone service->Service:serviceports = 5:1002 [null = False, db_index = True, blank = False, help_text = "The Service this ServicePort is associated with"];
}
message ServiceAttribute (XOSBase) {
required string name = 1 [help_text = "Attribute Name", max_length = 128, null = False, db_index = False, blank = False, unique_with="service"];
required string value = 2 [help_text = "Attribute Value", null = False, db_index = False, blank = False, varchar = True];
required manytoone service->Service:serviceattributes = 3:1003 [help_text = "The Service this attribute is associated with", null = False, db_index = True, blank = False];
}
message ServiceDependency (XOSBase) {
required manytoone provider_service->Service:provided_dependencies = 1:1004 [help_text = "The service that provides this dependency", null=False, db_index = True, blank=False, tosca_key=True];
required manytoone subscriber_service->Service:subscribed_dependencies = 2:1005 [help_text = "The services that subscribes to this dependency", null=False, db_index=True, blank=False, tosca_key=True];
required string connect_method = 3 [max_length = 30, help_text = "method to connect the two services", default="none", choices = "(('none', 'None'), ('private', 'Private'), ('public', 'Public'))"];
}
message Site::site_policy (XOSBase) {
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name for this Site", null = False, db_index = False, unique = True];
optional string site_url = 2 [max_length = 512, content_type = "url", blank = True, help_text = "Site's Home URL Page", null = True, db_index = False];
required bool enabled = 3 [help_text = "Status for this Site", default = True, null = False, db_index = False, blank = True];
required bool hosts_nodes = 4 [help_text = "Indicates whether or not the site host nodes", default = True, null = False, db_index = False, blank = True];
required bool hosts_users = 5 [help_text = "Indicates whether or not the site manages user accounts", default = True, null = False, db_index = False, blank = True];
optional float longitude = 6 [db_index = False, null = True, blank = True];
optional float latitude = 7 [db_index = False, null = True, blank = True];
required string login_base = 8 [max_length = 50, content_type = "stripped", blank = False, help_text = "Prefix for Slices associated with this Site", null = False, db_index = False];
required bool is_public = 9 [help_text = "Indicates the visibility of this site to other members", default = True, null = False, db_index = False, blank = True];
required string abbreviated_name = 10 [db_index = False, max_length = 80, null = False, content_type = "stripped", blank = False];
}
message SiteDeployment (XOSBase) {
required manytoone site->Site:sitedeployments = 1:1003 [db_index = True, null = False, blank = False, unique_with = "deployment", tosca_key=True];
required manytoone deployment->Deployment:sitedeployments = 2:1004 [db_index = True, null = False, blank = False, unique_with = "controller", tosca_key=True];
optional manytoone controller->Controller:sitedeployments = 3:1008 [db_index = True, null = True, blank = True];
optional string availability_zone = 4 [max_length = 200, content_type = "stripped", blank = True, help_text = "OpenStack availability zone", null = True, db_index = False];
}
message SitePrivilege (XOSBase) {
required manytoone user->User:siteprivileges = 1:1003 [db_index = True, null = False, blank = False];
required manytoone site->Site:siteprivileges = 2:1004 [db_index = True, null = False, blank = False, tosca_key=True];
required manytoone role->SiteRole:siteprivileges = 3:1001 [db_index = True, null = False, blank = False, tosca_key=True];
}
message SiteRole (XOSBase) {
required string role = 1 [choices = "(('admin', 'Admin'), ('pi', 'PI'), ('tech', 'Tech'), ('billing', 'Billing'))", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False, tosca_key=True];
}
policy slice_name_no_spaces < {{ ' ' not in obj.name }} >
policy slice_has_creator < obj.creator >
message Slice::slice_policy (XOSBase) {
option validators = "slice_name_no_spaces:Slice name contains spaces, slice_has_creator:Slice has no creator";
option plural = "Slices";
required string name = 1 [max_length = 80, content_type = "stripped", blank = False, help_text = "The Name of the Slice", null = False, db_index = False, unique = True];
required bool enabled = 2 [help_text = "Status for this Slice", default = True, null = False, db_index = False, blank = True];
required string description = 4 [help_text = "High level description of the slice and expected activities", max_length = 1024, null = False, db_index = False, blank = True, varchar = True];
required manytoone site->Site:slices = 6:1005 [help_text = "The Site this Slice belongs to", null = False, db_index = True, blank = False];
required int32 max_instances = 7 [default = 10, null = False, db_index = False, blank = False];
optional manytoone service->Service:slices = 8:1006 [db_index = True, null = True, blank = True];
optional string network = 9 [blank = True, max_length = 256, null = True, db_index = False, choices = "((None, 'Default'), ('host', 'Host'), ('bridged', 'Bridged'), ('noauto', 'No Automatic Networks'))"];
optional string exposed_ports = 10 [db_index = False, max_length = 256, null = True, blank = True];
optional manytoone creator->User:slices = 12:1004 [db_index = True, null = False, blank = False];
optional manytoone default_flavor->Flavor:slices = 13:1002 [db_index = True, null = True, blank = True];
optional manytoone default_image->Image:slices = 14:1005 [db_index = True, null = True, blank = True];
optional manytoone default_node->Node:slices = 15:1003 [db_index = True, null = True, blank = True];
optional string mount_data_sets = 16 [default = "GenBank", max_length = 256, content_type = "stripped", blank = True, null = True, db_index = False];
required string default_isolation = 17 [default = "vm", choices = "(('vm', 'Virtual Machine'), ('container', 'Container'), ('container_vm', 'Container In VM'))", max_length = 30, blank = False, null = False, db_index = False];
optional manytoone trust_domain->TrustDomain:slices = 18:1002 [db_index = True, null = False, blank = False, help_text = "Trust domain this slice resides in"];
optional manytoone principal->Principal:slices = 19:1001 [db_index = True, null = False, blank = False, help_text = "Principal this slice may use to interact with other components"];
optional int32 controller_replica_count = 20 [default = 0, null = False, db_index = False, blank = False, help_text = "Replica count, controller-dependent"];
optional string controller_kind = 21 [max_length = 256, content_type = "stripped", blank = True, help_text = "Type of controller, vim-dependent", null = True, db_index = False];
}
message SlicePrivilege (XOSBase) {
required manytoone user->User:sliceprivileges = 1:1005 [db_index = True, null = False, blank = False, unique_with = "slice"];
required manytoone slice->Slice:sliceprivileges = 2:1007 [db_index = True, null = False, blank = False, unique_with = "role"];
required manytoone role->SliceRole:sliceprivileges = 3:1002 [db_index = True, null = False, blank = False];
}
message SliceRole (XOSBase) {
required string role = 1 [choices = "(('admin', 'Admin'), ('default', 'Default'), ('access', 'Access'))", max_length = 30, content_type = "stripped", blank = False, null = False, db_index = False, tosca_key=True];
}
policy tag_policy < ctx.user.is_admin >
message Tag::tag_policy (XOSBase) {
required manytoone service->Service:tags = 1:1007 [help_text = "The Service this Tag is associated with", null = False, db_index = True, blank = False];
required string name = 2 [help_text = "The name of this tag", max_length = 128, null = False, db_index = True, blank = False];
required string value = 3 [max_length = 1024, content_type = "stripped", blank = False, help_text = "The value of this tag", null = False, db_index = False];
required string content_type = 4 [max_length = 1024, content_type = "stripped", blank = False, help_text = "Content type id linked to this tag", null = False, db_index = False];
required uint32 object_id = 5 [db_index = False, null = False, blank = False, help_text = "Object linked to this tag"];
}
message InterfaceType (XOSBase) {
required string name = 1 [db_index = False, max_length = 200, null = False, content_type = "stripped", blank = False, unique_with = "direction"];
required string direction = 2 [db_index = False, max_length = 30, null = False, content_type = "stripped", blank = False, choices = "(('in', 'In'), ('out', 'Out'))"];
}
message ServiceInterface (XOSBase) {
required manytoone service->Service:service_interfaces = 1:1008 [db_index = True, null = False, blank = False, tosca_key=True];
required manytoone interface_type->InterfaceType:service_interfaces = 2:1001 [db_index = True, null = False, blank = False, tosca_key=True];
}
message ServiceInstance (XOSBase, AttributeMixin) {
optional string name = 1 [db_index = False, max_length = 200, null = True, content_type = "stripped", blank = True];
required manytoone owner->Service:service_instances = 2:1009 [db_index = True, null = False, blank = False];
optional string service_specific_id = 3 [db_index = False, max_length = 30, null = True, content_type = "stripped", blank = True, gui_hidden = True];
optional string service_specific_attribute = 10 [db_index = False, null = True, blank = True, varchar = True, gui_hidden = True];
optional uint32 link_deleted_count = 11 [default = 0, help_text = "Incremented each time a provided_link is deleted from this ServiceInstance", gui_hidden = True];
optional manytoone master_serviceinstance->ServiceInstance:child_serviceinstances = 12:1002 [help_text = "The master service instance that set this service instance up", gui_hidden = True, blank = True];
}
message ServiceInstanceLink (XOSBase) {
required manytoone provider_service_instance->ServiceInstance:provided_links = 1:1003 [db_index = True, null = False, blank = False, tosca_key=True];
optional manytoone provider_service_interface->ServiceInterface:provided_links = 2:1004 [db_index = True, null = True, blank = True];
optional manytoone subscriber_service_instance->ServiceInstance:subscribed_links = 3:1005 [db_index = True, null = True, blank = True];
optional manytoone subscriber_service->Service:subscribed_links = 4:1010 [db_index = True, null = True, blank = True, tosca_key_one_of=subscriber_service_instance];
optional manytoone subscriber_network->Network:subscribed_links = 5:1004 [db_index = True, null = True, blank = True, tosca_key_one_of=subscriber_service_instance];
}
message ServiceInstanceAttribute (XOSBase) {
required string name = 1 [help_text = "Attribute Name", max_length = 128, null = False, db_index = False, blank = False, unique_with="service_instance"];
required string value = 2 [help_text = "Attribute Value", null = False, db_index = False, blank = False];
required manytoone service_instance->ServiceInstance:service_instance_attributes = 3:1006 [help_text = "The Tenant this attribute is associated with", null = False, db_index = True, blank = False];
}
message TenantWithContainer (ServiceInstance) {
optional manytoone instance->Instance:+ = 1:1003 [help_text = "Instance used by this Tenant", null = True, db_index = True, blank = True];
optional manytoone creator->User:+ = 2:1006 [help_text = "Creator of this Tenant", null = True, db_index = True, blank = True];
optional string external_hostname = 3 [max_length = 30, content_type = "stripped", blank = True, help_text = "External host name", null = True, db_index = False];
optional string external_container = 4 [max_length = 30, content_type = "stripped", blank = True, help_text = "External host name", null = True, db_index = False];
optional string node_label = 5 [max_length = 30, content_type = "stripped", blank = True, help_text = "Node constraint", null = True, db_index = False];
}
message TrustDomain (XOSBase) {
required string name = 1 [max_length = 255, null = False, db_index = True, blank = False, help_text = "Name of this trust domain"];
required manytoone owner->Service:owned_trust_domains = 2:1011 [null = False, db_index = True, blank = False, help_text = "Service partioned by this trust domain"];
}
message XOSCore (XOSBase) {
option singular="XOSCore";
option plural="XOSCores";
required string name = 1 [default = "XOS", max_length = 200, content_type = "stripped", blank = False, help_text = "Name of XOS", null = False, db_index = False, unique = "True"];
}
message XOSGuiExtension::admin_policy (XOSBase) {
option verbose_name="XOS GUI Extension";
option description="This model holds the instruction to load an extension in the GUI";
// option no_sync = True;
// option no_policy = True;
required string name = 1 [max_length = 200, content_type = "stripped", blank = False, help_text = "Name of the GUI Extensions", null = False, db_index = False, unique = True];
required string files = 2 [max_length = 1024, content_type = "stripped", blank = False, help_text = "List of comma separated file composing the view", null = False, db_index = False];
}
message ServiceGraphConstraint (XOSBase) {
option verbose_name="Graph Constraint";
option description="Define the position of the nodes in the service graph";
required string constraints = 1 [max_length = 1024, content_type = "stripped", blank = True, help_text = "A composite array defining positions, eg [volt, vsg, [address_manager, vrouter]]", null = False, tosca_key=True];
}