From 5a06c48d0256d5794589a9ad8fd897457d67b913 Mon Sep 17 00:00:00 2001 From: Felipe Monteiro Date: Wed, 7 Jun 2017 16:55:41 +0100 Subject: [PATCH] Policy in code for deployments This commit implements policy in code for deployments API. The default rules for the deployments API were removed from the policy.json and moved into code under murano.common.policies.deployment. This commit specifically: - Moves policy actions related to the deployments API from the policy.json into code. - Documents the API information and paths associated with each deployment-related policy. Partially Implements: blueprint policy-in-code Change-Id: I246261b6df4b5225b67499c89281b942013007ed --- etc/murano/policy.json | 4 --- murano/common/policies/__init__.py | 2 ++ murano/common/policies/deployment.py | 44 ++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 murano/common/policies/deployment.py diff --git a/etc/murano/policy.json b/etc/murano/policy.json index 57312626a..eea1eeddd 100644 --- a/etc/murano/policy.json +++ b/etc/murano/policy.json @@ -7,10 +7,6 @@ "delete_category": "rule:admin_api", "add_category": "rule:admin_api", - "list_deployments": "rule:default", - "list_deployments_all_environments": "rule:default", - "statuses_deployments": "rule:default", - "execute_action": "rule:default" } diff --git a/murano/common/policies/__init__.py b/murano/common/policies/__init__.py index db4b50dd8..d625ce647 100644 --- a/murano/common/policies/__init__.py +++ b/murano/common/policies/__init__.py @@ -15,6 +15,7 @@ import itertools +from murano.common.policies import deployment from murano.common.policies import env_template from murano.common.policies import environment from murano.common.policies import package @@ -22,6 +23,7 @@ from murano.common.policies import package def list_rules(): return itertools.chain( + deployment.list_rules(), environment.list_rules(), env_template.list_rules(), package.list_rules() diff --git a/murano/common/policies/deployment.py b/murano/common/policies/deployment.py new file mode 100644 index 000000000..d2ab93f0d --- /dev/null +++ b/murano/common/policies/deployment.py @@ -0,0 +1,44 @@ +# Copyright 2017 AT&T Corporation. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_policy import policy + +from murano.common.policies import base + +deployment_policies = [ + policy.DocumentedRuleDefault( + name='list_deployments', + check_str=base.RULE_DEFAULT, + description='List deployments for an environment.', + operations=[{'path': '/v1/environments/{env_id}/deployments', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( + name='list_deployments_all_environments', + check_str=base.RULE_DEFAULT, + description='List deployments for all environments in a project.', + operations=[{'path': '/v1/deployments', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( + name='statuses_deployments', + check_str=base.RULE_DEFAULT, + description='Show deployment status details for a deployment.', + operations=[{ + 'path': '/v1/environments/{env_id}/deployments/{deployment_id}', + 'method': 'GET'}]) +] + + +def list_rules(): + return deployment_policies