This commit removes the murano default policy.json file from
etc/murano and references to it in murano's devstack plugin.
(References to the policy.json in muranodashboard remain
the same).
This commit specifically:
- removes the default policy.json
- removes references to it in devstack plugin
- adds base rules to murano.common.policies.__init__ because
they are the last rules to be included
- updates base admin_api rule to is_admin:True from
is_admin:1 (because the latter was causing issues)
- updates Murano policy documentation
Partially Implements: blueprint policy-in-code
Depends-On: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
Change-Id: I1a8581a559e4333a74d56a5bdce7e6d1f117907d
This commit implements policy in code for (static) actions
API. The default rules for the (static) actions API were
removed from the policy.json and moved into code under
`murano.common.policies.action`.
This commit specifically:
- Moves policy actions related to the (static) actions
API from the policy.json into code.
- Documents the API information and paths associated with
each actions-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
This commit implements policy in code for categories
API. The default rules for the categories API were
removed from the policy.json and moved into code under
murano.common.policies.category.
This commit specifically:
- Moves policy actions related to the categories
API from the policy.json into code.
- Documents the API information and paths associated with
each category-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I7171369650d7d55ed44154481d03d48153f3640a
This commit implements policy in code for deployments
API. The default rules for the deployments API were
removed from the policy.json and moved into code under
murano.common.policies.deployment.
This commit specifically:
- Moves policy actions related to the deployments
API from the policy.json into code.
- Documents the API information and paths associated with
each deployment-related policy.
Partially Implements: blueprint policy-in-code
Change-Id: I246261b6df4b5225b67499c89281b942013007ed
This commit implements policy in code for packages
API. The default rules for the packages API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the packages
API from the policy.json into code.
- Documents the API information and paths associated with
each package policy.
Partially Implements: blueprint policy-in-code
Change-Id: I9a091606bec7c74ce7cf53fd327a2a40c6b9c364
This commit implements policy in code for the environment templates
API. The default rules for the environment templates API were
removed from the policy.json and moved into code under
murano.common.policies.env_template.
This commit specifically:
- Moves policy actions related to the environment templates
API from the policy.json into code.
- Documents the API information and paths associated with
each environment template policy.
- Updates the ``create_environment`` policy action documentation
in murano.common.policies.environment to include API
/v1/templates/{env_template_id}/create-environment
which enforces this policy as well.
Partially Implements: blueprint policy-in-code
Change-Id: I715f4b0a61fd4404e20b88736a9a4c86fc038b55
This patch introduces the beginning implementation for registering
default policy rules in code. Default rules are defined under
murano.common.policies. Each API's policies are defined in a
sub-folder under that path and __init__.py contains all the
default policies in code which are registered in the ``init``
enforcer function in murano/common/policy.py.
The default rules for the environments API was removed from the
policy.json and moved into code under
murano.common.policies.environment. This can be gradually done
for the rest of the APIs in follow-up patches.
This commit does the following:
- Creates the ``policies`` module that contains all the default
policies in code.
- Adds the base policy rules into code (the admin_api,
context_is_admin, and default rules).
- Adds the environment default policy module with default
policy rules for the environments API.
Partially Implements: blueprint policy-in-code
Change-Id: Iebf2c60d1d31b73829fad189ada7ceee28e714bd