diff --git a/etc/policy.json b/etc/policy.json index 87d47d40e..88cd97047 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -1,12 +1,6 @@ { "default": "rule:admin_or_owner", - "environments:create": "rule:admin_or_owner", - "environments:delete": "rule:admin_or_owner", - "environments:get": "rule:admin_or_owner", - "environments:list": "rule:admin_or_owner", - "environments:update": "rule:admin_or_owner", - "executions:create": "rule:admin_or_owner", "executions:delete": "rule:admin_or_owner", "executions:get": "rule:admin_or_owner", diff --git a/mistral/policies/__init__.py b/mistral/policies/__init__.py index 4bc2b2964..c8c4a4636 100644 --- a/mistral/policies/__init__.py +++ b/mistral/policies/__init__.py @@ -18,6 +18,7 @@ from mistral.policies import action from mistral.policies import action_executions from mistral.policies import base from mistral.policies import cron_trigger +from mistral.policies import environment def list_rules(): @@ -25,5 +26,6 @@ def list_rules(): action.list_rules(), action_executions.list_rules(), base.list_rules(), - cron_trigger.list_rules() + cron_trigger.list_rules(), + environment.list_rules() ) diff --git a/mistral/policies/environment.py b/mistral/policies/environment.py new file mode 100644 index 000000000..e7476941b --- /dev/null +++ b/mistral/policies/environment.py @@ -0,0 +1,80 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +from oslo_policy import policy + +from mistral.policies import base + +ENVIRONMENTS = 'environments:%s' + +rules = [ + policy.DocumentedRuleDefault( + name=ENVIRONMENTS % 'create', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Create a new environment.', + operations=[ + { + 'path': '/v2/environments', + 'method': 'POST' + } + ] + ), + policy.DocumentedRuleDefault( + name=ENVIRONMENTS % 'delete', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Delete the named environment.', + operations=[ + { + 'path': '/v2/environments/{environment_name}', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=ENVIRONMENTS % 'get', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Return the named environment.', + operations=[ + { + 'path': '/v2/environments/{environment_name}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=ENVIRONMENTS % 'list', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Return all environments.', + operations=[ + { + 'path': '/v2/environments', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=ENVIRONMENTS % 'update', + check_str=base.RULE_ADMIN_OR_OWNER, + description='Update an environment.', + operations=[ + { + 'path': '/v2/environments', + 'method': 'PUT' + } + ] + ) +] + + +def list_rules(): + return rules diff --git a/mistral/tests/unit/fake_policy.py b/mistral/tests/unit/fake_policy.py index 730ce4471..10ca84395 100644 --- a/mistral/tests/unit/fake_policy.py +++ b/mistral/tests/unit/fake_policy.py @@ -15,12 +15,6 @@ policy_data = """{ "default": "rule:admin_or_owner", - "environments:create": "rule:admin_or_owner", - "environments:delete": "rule:admin_or_owner", - "environments:get": "rule:admin_or_owner", - "environments:list": "rule:admin_or_owner", - "environments:update": "rule:admin_or_owner", - "executions:create": "rule:admin_or_owner", "executions:delete": "rule:admin_or_owner", "executions:get": "rule:admin_or_owner",