diff --git a/etc/policy.json b/etc/policy.json index 3e735276e..12c71b0fe 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -1,12 +1,6 @@ { "default": "rule:admin_or_owner", - "workbooks:create": "rule:admin_or_owner", - "workbooks:delete": "rule:admin_or_owner", - "workbooks:get": "rule:admin_or_owner", - "workbooks:list": "rule:admin_or_owner", - "workbooks:update": "rule:admin_or_owner", - "workflows:create": "rule:admin_or_owner", "workflows:delete": "rule:admin_or_owner", "workflows:get": "rule:admin_or_owner", diff --git a/mistral/policies/__init__.py b/mistral/policies/__init__.py index de4e2bb4b..4bb16931c 100644 --- a/mistral/policies/__init__.py +++ b/mistral/policies/__init__.py @@ -23,6 +23,7 @@ from mistral.policies import execution from mistral.policies import member from mistral.policies import service from mistral.policies import task +from mistral.policies import workbook def list_rules(): @@ -35,5 +36,6 @@ def list_rules(): execution.list_rules(), member.list_rules(), service.list_rules(), - task.list_rules() + task.list_rules(), + workbook.list_rules() ) diff --git a/mistral/policies/workbook.py b/mistral/policies/workbook.py new file mode 100644 index 000000000..81f583a23 --- /dev/null +++ b/mistral/policies/workbook.py @@ -0,0 +1,80 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +from oslo_policy import policy + +from mistral.policies import base + +WORKBOOKS = 'workbooks:%s' + +rules = [ + policy.DocumentedRuleDefault( + name=WORKBOOKS % 'create', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Create a new workbook.', + operations=[ + { + 'path': '/v2/workbooks', + 'method': 'POST' + } + ] + ), + policy.DocumentedRuleDefault( + name=WORKBOOKS % 'delete', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Delete the named workbook.', + operations=[ + { + 'path': '/v2/workbooks', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=WORKBOOKS % 'get', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Return the named workbook.', + operations=[ + { + 'path': '/v2/workbooks/{workbook_name}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=WORKBOOKS % 'list', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Return all workbooks.', + operations=[ + { + 'path': '/v2/workbooks', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=WORKBOOKS % 'update', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Update an workbook.', + operations=[ + { + 'path': '/v2/workbooks', + 'method': 'PUT' + } + ] + ) +] + + +def list_rules(): + return rules diff --git a/mistral/tests/unit/fake_policy.py b/mistral/tests/unit/fake_policy.py index 79d83d3f6..2f931f315 100644 --- a/mistral/tests/unit/fake_policy.py +++ b/mistral/tests/unit/fake_policy.py @@ -15,12 +15,6 @@ policy_data = """{ "default": "rule:admin_or_owner", - "workbooks:create": "rule:admin_or_owner", - "workbooks:delete": "rule:admin_or_owner", - "workbooks:get": "rule:admin_or_owner", - "workbooks:list": "rule:admin_or_owner", - "workbooks:update": "rule:admin_or_owner", - "workflows:create": "rule:admin_or_owner", "workflows:delete": "rule:admin_or_owner", "workflows:get": "rule:admin_or_owner",