PolicyGuidedFulfillmentLibertyPlanning MuranoAPI

This topic is part of PolicyGuidedFulfillmentLibertyPlanning

Improving Murano API/core-model for better integration
During Kilo development we met limitations of Murano API in following areas
 * Murano REST API
 * REST API supports only single tenant query, so list of all environments returns just environments of tenant for which token was issued. Thus Murano Congress datasource driver can only populate data from single tenant (e.g., Nova REST API is capable to list servers from all tenants).


 * Murano Core Model
 * Core Model can be seen as API, because user is using it when writing Datalog queries in Congress, or integrating with Mistral workflows.

Murano REST API
Current Murano REST API returns list of environments from current tenant only GET http://:8082/v1/environments

{  "environments": [ {      "status": "deploying", "updated": "2015-05-06T08:14:06", "networking": {}, "name": "test", "created": "2015-05-06T08:08:40", "tenant_id": "cd9e218f9b894ebdb421e9906fbec15e", "version": 1, "id": "8cc3187c763f4ca9bc58cdaf89f926d3" }  ] }

Proposal is to enhance environment REST API with query search all_tenants=true GET http://:8082/v1/environments?all_tenants=true

{  "environments": [ {      "status": "deploying", "updated": "2015-05-06T08:14:06", "networking": {}, "name": "test", "created": "2015-05-06T08:08:40", "tenant_id": "cd9e218f9b894ebdb421e9906fbec15e", "version": 1, "id": "8cc3187c763f4ca9bc58cdaf89f926d3" },    {       "status": "deploying", "updated": "2015-05-08T09:34:16", "networking": {}, "name": "test 2", "created": "2015-05-08T08:18:20", "tenant_id": "8908989abbeec239023489023ccc1234f", "version": 1, "id": "abecbf88328932bbecbefe82348238b" }  ] }

Notes GET http://:8082/v1/environments/ GET http://:8082/v1/environments//services/
 * accessing an environment detail (and all environment subresources) shall not strictly check project of the token - it shall allows to read environment details for owner or user in admin role in environment's project (so token can be issued for different project that environment's project).

Following rules shall be add and used in Murano policy.json "admin_required": "role:admin or is_admin:1", "owner" : "user_id:%(user_id)s", "admin_or_owner": "rule:admin_required or rule:owner", "identity:change_password": "rule:admin_or_owner"


 * it also means, that user specified in Murano Congress datasource driver configuration shall be in admin role in projects from which environments will be pull.

Murano Core Model
Enhancement of
 * io.murano.resource.Instance
 * add output serverId property having uuid of server realization of the Instance. It shall be set from the result of deployed Heat stack.

serverId: Contract: [$.string] Usage: Out