openstack
/
mistral
Code Issues Proposed changes

Merge "Implement policy in code - workflow (10)"

This commit is contained in:
Zuul 2017-12-01 14:59:45 +00:00 committed by Gerrit Code Review
parent 10df485718 c73fb88c01
commit da4cd934a0
4 changed files with 94 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/policy.json
View File

@ -1,13 +1,6 @@
{
"default": "rule:admin_or_owner",
"workflows:create": "rule:admin_or_owner",
"workflows:delete": "rule:admin_or_owner",
"workflows:get": "rule:admin_or_owner",
"workflows:list": "rule:admin_or_owner",
"workflows:list:all_projects": "rule:admin_only",
"workflows:update": "rule:admin_or_owner",
"event_triggers:create": "rule:admin_or_owner",
"event_triggers:create:public": "rule:admin_only",
"event_triggers:delete": "rule:admin_or_owner",

4
mistral/policies/__init__.py
View File

@ -24,6 +24,7 @@ from mistral.policies import member
from mistral.policies import service
from mistral.policies import task
from mistral.policies import workbook
from mistral.policies import workflow
def list_rules():
@ -37,5 +38,6 @@ def list_rules():
member.list_rules(),
service.list_rules(),
task.list_rules(),
workbook.list_rules()
workbook.list_rules(),
workflow.list_rules()
)

91
mistral/policies/workflow.py Normal file
View File

@ -0,0 +1,91 @@
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from mistral.policies import base
WORKFLOWS = 'workflows:%s'
rules = [
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'create',
check_str=base.RULE_ADMIN_OR_OWNER,
description='Create a new workflow.',
operations=[
{
'path': '/v2/workflows',
'method': 'POST'
}
]
),
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'delete',
check_str=base.RULE_ADMIN_OR_OWNER,
description='Delete a workflow.',
operations=[
{
'path': '/v2/workflows',
'method': 'DELETE'
}
]
),
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'get',
check_str=base.RULE_ADMIN_OR_OWNER,
description='Return the named workflow.',
operations=[
{
'path': '/v2/workflows/{workflow_id}',
'method': 'GET'
}
]
),
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'list',
check_str=base.RULE_ADMIN_OR_OWNER,
description='Return a list of workflows.',
operations=[
{
'path': '/v2/workflows',
'method': 'GET'
}
]
),
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'list:all_projects',
check_str=base.RULE_ADMIN_ONLY,
description='Return a list of workflows from all projects.',
operations=[
{
'path': '/v2/workflows',
'method': 'GET'
}
]
),
policy.DocumentedRuleDefault(
name=WORKFLOWS % 'update',
check_str=base.RULE_ADMIN_OR_OWNER,
description='Update one or more workflows.',
operations=[
{
'path': '/v2/workflows',
'method': 'PUT'
}
]
)
]
def list_rules():
return rules

7
mistral/tests/unit/fake_policy.py
View File

@ -14,11 +14,4 @@
policy_data = """{
"default": "rule:admin_or_owner",
"workflows:create": "rule:admin_or_owner",
"workflows:delete": "rule:admin_or_owner",
"workflows:get": "rule:admin_or_owner",
"workflows:list": "rule:admin_or_owner",
"workflows:list:all_projects": "rule:admin_only",
"workflows:update": "rule:admin_or_owner",
}"""