154a099b28
- upgraded Airflow to 1.10.15 - https://airflow.apache.org/docs/apache-airflow/1.10.15/changelog.html - disabled xenial, bionic and opensuse images build gates - added focal image build gate - added focal zuul build node - adjusted Makefile for focal - added bindep.txt to utilize bindep zuul base role for zuul build node pre-setup - added focal Dockerfile - implemented freeze requirements.txt approach like in other Airship projects - removed specific requirements.txt for airflow in favor of using requirements-frozen.txt from shipyard_airflow project when building airflow docker image - fixed docker image publishing to Quay - replaces deprecated LOG.warn with new LOG.warning call - replaced deprecated body attribute in responce wiht responce.text attribute - update of falcon module deprecated .API call - replaced wiht falcon.App call - deprecated routing.create_http_method_map method replaced with routing.map_http_methods - re-formatted code tabulations based on yapf recommendations - replaced deprecated protocol attribute in Pytest create_environ() with http_version attribute - replaced deprecated app attribute in Pytest create_environ() with root_path attribute - fixed airflow CLI commands to match 1.10.15 version - updated zuul gates to work on focal nodes and added focal specific node setup items by adding appriate ansible tasks and roles - uplifted Helm to 3.9.4 - uplifted stable HTK commit id - updated tox.in to with with tox v4 - uplifted dependences references to other Airship projects - common python dependences were syncronized with other Airship projects(Promenade, Deckhand, Armada, Drydock) - fixed airskiff deployment gate - fixed genconfig* profiles in shipyard-airflow tox.ini responsible for maintanance of policy.yaml.sample and shipyard.conf.sample Change-Id: I0c85187dc9bacf0849382563dd5ff7e9b2814c59
109 lines
4.0 KiB
Plaintext
109 lines
4.0 KiB
Plaintext
# Actions requiring admin authority
|
|
#"admin_required": "role:admin"
|
|
|
|
# Rule to deny all access. Used for default denial
|
|
#"deny_all": "!"
|
|
|
|
# List workflow actions invoked by users
|
|
# GET /api/v1.0/actions
|
|
#"workflow_orchestrator:list_actions": "rule:admin_required"
|
|
|
|
# Create a workflow action
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:create_action": "rule:admin_required"
|
|
|
|
# Retrieve an action by its id
|
|
# GET /api/v1.0/actions/{action_id}
|
|
#"workflow_orchestrator:get_action": "rule:admin_required"
|
|
|
|
# Retrieve an action step by its id
|
|
# GET /api/v1.0/actions/{action_id}/steps/{step_id}
|
|
#"workflow_orchestrator:get_action_step": "rule:admin_required"
|
|
|
|
# Retrieve logs of an action step by its id
|
|
# GET /api/v1.0/actions/{action_id}/steps/{step_id}/logs
|
|
#"workflow_orchestrator:get_action_step_logs": "rule:admin_required"
|
|
|
|
# Retrieve an action validation by its id
|
|
# GET /api/v1.0/actions/{action_id}/validations/{validation_id}
|
|
#"workflow_orchestrator:get_action_validation": "rule:admin_required"
|
|
|
|
# Send a control to an action
|
|
# POST /api/v1.0/actions/{action_id}/control/{control_verb}
|
|
#"workflow_orchestrator:invoke_action_control": "rule:admin_required"
|
|
|
|
# Retrieve the status of the configdocs
|
|
# GET /api/v1.0/configdocs
|
|
#"workflow_orchestrator:get_configdocs_status": "rule:admin_required"
|
|
|
|
# Ingest configuration documents for the site design
|
|
# POST /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:create_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve a collection of configuration documents with redacted
|
|
# secrets
|
|
# GET /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:get_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve a collection of configuration documents with cleartext
|
|
# secrets.
|
|
# GET /api/v1.0/configdocs/{collection_id}
|
|
#"workflow_orchestrator:get_configdocs_cleartext": "rule:admin_required"
|
|
|
|
# Move documents from the Shipyard buffer to the committed documents
|
|
# POST /api/v1.0/commitconfigdocs
|
|
#"workflow_orchestrator:commit_configdocs": "rule:admin_required"
|
|
|
|
# Retrieve the configuration documents rendered by Deckhand into a
|
|
# complete design
|
|
# GET /api/v1.0/renderedconfigdocs
|
|
#"workflow_orchestrator:get_renderedconfigdocs": "rule:admin_required"
|
|
|
|
# Retrieve the configuration documents with cleartext secrets rendered
|
|
# by Deckhand into a complete design
|
|
# GET /api/v1.0/renderedconfigdocs
|
|
#"workflow_orchestrator:get_renderedconfigdocs_cleartext": "rule:admin_required"
|
|
|
|
# Retrieve the list of workflows (DAGs) that have been invoked in
|
|
# Airflow, whether via Shipyard or scheduled
|
|
# GET /api/v1.0/workflows
|
|
#"workflow_orchestrator:list_workflows": "rule:admin_required"
|
|
|
|
# Retrieve the detailed information for a workflow (DAG) from Airflow
|
|
# GET /api/v1.0/workflows/{id}
|
|
#"workflow_orchestrator:get_workflow": "rule:admin_required"
|
|
|
|
# Retrieve the details for a note. Further authorization is required
|
|
# depending on the topic of the note
|
|
# GET /api/v1.0/notedetails/{note_id}
|
|
#"workflow_orchestrator:get_notedetails": "rule:admin_required"
|
|
|
|
# Retrieve the statuses for the site
|
|
# GET /api/v1.0/site_statuses
|
|
#"workflow_orchestrator:get_site_statuses": "rule:admin_required"
|
|
|
|
# Create a workflow action to deploy the site
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_deploy_site": "rule:admin_required"
|
|
|
|
# Create a workflow action to update the site
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_update_site": "rule:admin_required"
|
|
|
|
# Create a workflow action to update the site software
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_update_software": "rule:admin_required"
|
|
|
|
# Create a workflow action to redeploy target servers
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_redeploy_server": "rule:admin_required"
|
|
|
|
# Create a workflow action to relabel target nodes
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_relabel_nodes": "rule:admin_required"
|
|
|
|
# Create a workflow action to invoke Helm tests on all releases or a
|
|
# targeted release
|
|
# POST /api/v1.0/actions
|
|
#"workflow_orchestrator:action_test_site": "rule:admin_required"
|