This commit removes the murano default policy.json file from
etc/murano and references to it in murano's devstack plugin.
(References to the policy.json in muranodashboard remain
the same).
This commit specifically:
- removes the default policy.json
- removes references to it in devstack plugin
- adds base rules to murano.common.policies.__init__ because
they are the last rules to be included
- updates base admin_api rule to is_admin:True from
is_admin:1 (because the latter was causing issues)
- updates Murano policy documentation
Partially Implements: blueprint policy-in-code
Depends-On: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
Change-Id: I1a8581a559e4333a74d56a5bdce7e6d1f117907d
This commit implements policy in code for (static) actions
API. The default rules for the (static) actions API were
removed from the policy.json and moved into code under
`murano.common.policies.action`.
This commit specifically:
- Moves policy actions related to the (static) actions
API from the policy.json into code.
- Documents the API information and paths associated with
each actions-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
This commit implements policy in code for categories
API. The default rules for the categories API were
removed from the policy.json and moved into code under
murano.common.policies.category.
This commit specifically:
- Moves policy actions related to the categories
API from the policy.json into code.
- Documents the API information and paths associated with
each category-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I7171369650d7d55ed44154481d03d48153f3640a
This commit implements policy in code for deployments
API. The default rules for the deployments API were
removed from the policy.json and moved into code under
murano.common.policies.deployment.
This commit specifically:
- Moves policy actions related to the deployments
API from the policy.json into code.
- Documents the API information and paths associated with
each deployment-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I246261b6df4b5225b67499c89281b942013007ed
This commit implements policy in code for packages
API. The default rules for the packages API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the packages
API from the policy.json into code.
- Documents the API information and paths associated with
each package policy.
Partially Implements: blueprint policy-in-code
Change-Id: I9a091606bec7c74ce7cf53fd327a2a40c6b9c364
This commit implements policy in code for the environment templates
API. The default rules for the environment templates API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the environment templates
API from the policy.json into code.
- Documents the API information and paths associated with
each environment template policy.
- Updates the ``create_environment`` policy action documentation
in murano.common.policies.environment to include API
/v1/templates/{env_template_id}/create-environment
which enforces this policy as well.
Partially Implements: blueprint policy-in-code
Change-Id: I715f4b0a61fd4404e20b88736a9a4c86fc038b55
This patch introduces the beginning implementation for registering
default policy rules in code. Default rules are defined under
murano.common.policies. Each API's policies are defined in a
sub-folder under that path and __init__.py contains all the
default policies in code which are registered in the ``init``
enforcer function in murano/common/policy.py.
The default rules for the environments API was removed from the
policy.json and moved into code under
murano.common.policies.environment. This can be gradually done
for the rest of the APIs in follow-up patches.
This commit does the following:
- Creates the ``policies`` module that contains all the default
policies in code.
- Adds the base policy rules into code (the admin_api,
context_is_admin, and default rules).
- Adds the environment default policy module with default
policy rules for the environments API.
Partially Implements: blueprint policy-in-code
Change-Id: Iebf2c60d1d31b73829fad189ada7ceee28e714bd
Adds new endpoint /deployments to Murano, to enable
Murano Dashboard to get all deployments for all environments.
This is needed in order to improve log browsing for
deployments, which calls for creating a new view in which
all deployments across all environments can be viewed.
Also made deployment unit tests more robust.
Partially-implements: blueprint improve-deployment-log-browsing
Change-Id: I1b6a313af1a0c4aa57bd4e6f51da92b396b35165
Adds request param all_tenants allowing listing environments from all tenants.
Congress data source needs populate its tables by data from all tenants.
Similar machansim uses nova to allow list servers from all tenants.
Partially implements: blueprint murano-api-all-tenants-search
Change-Id: I842292720a475992a137c1e4715873a059ec605c
Also, there were some issues with policy:
* 'publicize_image' instead of 'publicize_package';
* corresponding actions have different names;
* user could not upload packages by default;
* user could mark package public/unpublic;
* user could delete pablic packages.
Change-Id: I5459016a4e7401b58fcb343e40d0047a4959b7df
Closes-Bug: #1439240
Closes-Bug: #1436289
Adds new API calls, responsible for add,
browse and delete categories.
Implements blueprint enable-category-management
Change-Id: I9da0680cfa244ef225be0706a54f492644c0dcba
* Set admin rule for a several API calls and remove direct check in code
* Now admin can configure policy.json and enable package management for regular users
* Update common policy module
Closes-Bug: #1412868
Change-Id: I8d0725b613564529d32a5acef289f4822f32915c
Adds ability for deploy-time auth checks to allow/disallow
functionality, in line with other openstack projects.
Includes update of code in openstack/common, which is why the
patchset is so large. oslo-incubator changeset is May 27th
caed79d8239679cb74476bb0d9e5011b4fcc39da.
Implements blueprint policy-checks-in-api
Change-Id: I67a431dcc74f0a77ed48b7a489136d5008773cea