Policy in code for actions/static actions

This commit implements policy in code for (static) actions API. The default rules for the (static) actions API were removed from the policy.json and moved into code under `murano.common.policies.action`. This commit specifically: - Moves policy actions related to the (static) actions API from the policy.json into code. - Documents the API information and paths associated with each actions-related policy. Partially Implements: blueprint policy-in-code Change-Id: Ia372983d2bd1010cd19f04061f3276ed16e9c1c9
2017-06-14 15:38:20 +01:00 · 2017-06-14 15:38:20 +01:00 · 640f926092
parent 192754ac0f
commit 640f926092
3 changed files with 41 additions and 3 deletions
--- a/etc/murano/policy.json
+++ b/etc/murano/policy.json
@ -1,7 +1,5 @@
 {
    "context_is_admin": "role:admin",
    "admin_api": "is_admin:True",
-    "default": "",
-
-    "execute_action": "rule:default"
+    "default": ""
 }
--- a/murano/common/policies/init.py
+++ b/murano/common/policies/init.py
@ -15,6 +15,7 @@

 import itertools

+from murano.common.policies import action
 from murano.common.policies import category
 from murano.common.policies import deployment
 from murano.common.policies import env_template
@ -24,6 +25,7 @@ from murano.common.policies import package

 def list_rules():
    return itertools.chain(
+        action.list_rules(),
        category.list_rules(),
        deployment.list_rules(),
        environment.list_rules(),
--- a/murano/common/policies/action.py
+++ b/murano/common/policies/action.py
@ -0,0 +1,38 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from murano.common.policies import base
+
+action_policies = [
+    policy.DocumentedRuleDefault(
+        name='execute_action',
+        check_str=base.RULE_DEFAULT,
+        description="""Excute an available action on a deployed environment,
+retrieve the task status of an executed action, or retrieve the result of
+an executed static action.""",
+        operations=[
+            {'path': 'v1/environments/{environment_id}/actions/{action_id}',
+             'method': 'POST'},
+            {'path': 'v1/environments/{environment_id}/actions/{task_id}',
+             'method': 'GET'},
+            {'path': 'v1/actions',
+             'method': 'POST'}])
+]
+
+
+def list_rules():
+    return action_policies