diff --git a/etc/freezer/policy.json b/etc/freezer/policy.json index 81cc6717..4dc90263 100644 --- a/etc/freezer/policy.json +++ b/etc/freezer/policy.json @@ -1,11 +1,4 @@ { - "actions:get_all": "", - "actions:create": "", - "actions:get": "", - "actions:delete": "", - "actions:update": "", - "actions:replace": "", - "sessions:get_all": "", "sessions:create": "", "sessions:get": "", diff --git a/freezer_api/api/v2/actions.py b/freezer_api/api/v2/actions.py index 06b2ee22..489a1f2c 100644 --- a/freezer_api/api/v2/actions.py +++ b/freezer_api/api/v2/actions.py @@ -100,7 +100,7 @@ class ActionsResource(resource.BaseResource): @policy.enforce('actions:replace') def on_post(self, req, resp, project_id, action_id): - # PUT /v1/actions/{job_id} creates/replaces the specified action + # PUT /v1/actions/{action_id} creates/replaces the specified action user_id = req.get_header('X-User-ID') or '' doc = self.json_body(req) new_version = self.db.replace_action(project_id=project_id, diff --git a/freezer_api/common/policies/__init__.py b/freezer_api/common/policies/__init__.py index 8984cef3..bd4e8c68 100644 --- a/freezer_api/common/policies/__init__.py +++ b/freezer_api/common/policies/__init__.py @@ -17,12 +17,14 @@ import itertools +from freezer_api.common.policies import action from freezer_api.common.policies import base from freezer_api.common.policies import job def list_rules(): return itertools.chain( + action.list_rules(), base.list_rules(), job.list_rules() ) diff --git a/freezer_api/common/policies/action.py b/freezer_api/common/policies/action.py new file mode 100644 index 00000000..a3135a1d --- /dev/null +++ b/freezer_api/common/policies/action.py @@ -0,0 +1,91 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +from oslo_policy import policy + +from freezer_api.common.policies import base + +ACTIONS = 'actions:%s' + +rules = [ + policy.DocumentedRuleDefault( + name=ACTIONS % 'create', + check_str=base.UNPROTECTED, + description='Creates action.', + operations=[ + { + 'path': '/v1/actions', + 'method': 'POST' + } + ] + ), + policy.DocumentedRuleDefault( + name=ACTIONS % 'delete', + check_str=base.UNPROTECTED, + description='Delete action.', + operations=[ + { + 'path': '/v1/actions/{action_id}', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=ACTIONS % 'get', + check_str=base.UNPROTECTED, + description='Show actions.', + operations=[ + { + 'path': '/v1/actions/{action_id}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=ACTIONS % 'get_all', + check_str=base.UNPROTECTED, + description='Lists actions.', + operations=[ + { + 'path': '/v1/actions', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=ACTIONS % 'update', + check_str=base.UNPROTECTED, + description='Updates actions.', + operations=[ + { + 'path': '/v1/actions/{action_id}', + 'method': 'PATCH' + } + ] + ), + policy.DocumentedRuleDefault( + name=ACTIONS % 'replace', + check_str=base.UNPROTECTED, + description='Creates/replaces the specified action.', + operations=[ + { + 'path': '/v1/actions/{action_id}', + 'method': 'PUT' + } + ] + ) +] + + +def list_rules(): + return rules