Merge "Refactor policies to use constant values"

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_api.py

@@ -67,7 +67,7 @@ class ActionsResource(BaseResource):
     The actions resource represent the asyncrhonous invocations of shipyard
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:list_actions')
+    @policy.ApiEnforcer(policy.LIST_ACTIONS)
     def on_get(self, req, resp, **kwargs):
         """
         Return actions that have been invoked through shipyard.
@@ -76,7 +76,7 @@ class ActionsResource(BaseResource):
         resp.body = self.to_json(self.get_all_actions())
         resp.status = falcon.HTTP_200
 
-    @policy.ApiEnforcer('workflow_orchestrator:create_action')
+    @policy.ApiEnforcer(policy.CREATE_ACTION)
     def on_post(self, req, resp, **kwargs):
         """
         Accept an action into shipyard

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_control_api.py

@@ -34,7 +34,7 @@ class ActionsControlResource(BaseResource):
             'stop': self.stop_dag
         }
 
-    @policy.ApiEnforcer('workflow_orchestrator:invoke_action_control')
+    @policy.ApiEnforcer(policy.INVOKE_ACTION_CONTROL)
     def on_post(self, req, resp, **kwargs):
         """
         Returns that a control was recevied (202 response)

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_id_api.py

@@ -28,7 +28,7 @@ class ActionsIdResource(BaseResource):
     """
     The actions resource represent the asyncrhonous invocations of shipyard
     """
-    @policy.ApiEnforcer('workflow_orchestrator:get_action')
+    @policy.ApiEnforcer(policy.GET_ACTION)
     def on_get(self, req, resp, **kwargs):
         """
         Return actions that have been invoked through shipyard.

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_steps_id_api.py

@@ -24,7 +24,7 @@ class ActionsStepsResource(BaseResource):
     """
     The actions steps resource is the steps of an action
     """
-    @policy.ApiEnforcer('workflow_orchestrator:get_action_step')
+    @policy.ApiEnforcer(policy.GET_ACTION_STEP)
     def on_get(self, req, resp, **kwargs):
         """
         Return step details for an action step

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_steps_id_logs_api.py

@@ -34,7 +34,7 @@ class ActionsStepsLogsResource(BaseResource):
     the names of the logs as 1.log, 2.log, 3.log, etc.
 
     """
-    @policy.ApiEnforcer('workflow_orchestrator:get_action_step_logs')
+    @policy.ApiEnforcer(policy.GET_ACTION_STEP_LOGS)
     def on_get(self, req, resp, **kwargs):
         """
         Returns the logs of an action step

src/bin/shipyard_airflow/shipyard_airflow/control/action/actions_validations_id_api.py

@@ -25,7 +25,7 @@ class ActionsValidationsResource(BaseResource):
     The actions validations resource is the validtions of an action
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_action_validation')
+    @policy.ApiEnforcer(policy.GET_ACTION_VALIDATION)
     def on_get(self, req, resp, **kwargs):
         """
         Return validation details for an action validation

src/bin/shipyard_airflow/shipyard_airflow/control/af_monitoring/workflows_api.py

@@ -30,7 +30,7 @@ class WorkflowResource(BaseResource):
     /api/v1.0/workflows
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:list_workflows')
+    @policy.ApiEnforcer(policy.LIST_WORKFLOWS)
     def on_get(self, req, resp):
         """
         Return actions that have been invoked through shipyard.
@@ -60,7 +60,7 @@ class WorkflowIdResource(BaseResource):
     /api/v1/workflows/{workflow_id}
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_workflow')
+    @policy.ApiEnforcer(policy.GET_WORKFLOW)
     def on_get(self, req, resp, workflow_id):
         """
         Retrieve the step details of workflows invoked in Airflow.

src/bin/shipyard_airflow/shipyard_airflow/control/configdocs/configdocs_api.py

@@ -38,7 +38,7 @@ class ConfigDocsStatusResource(BaseResource):
     statuses
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_configdocs_status')
+    @policy.ApiEnforcer(policy.GET_CONFIGDOCS_STATUS)
     def on_get(self, req, resp):
         """Returns a list of the configdocs and their statuses"""
         versions = req.params.get('versions') or None
@@ -53,7 +53,7 @@ class ConfigDocsResource(BaseResource):
     documents into Shipyard.
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:create_configdocs')
+    @policy.ApiEnforcer(policy.CREATE_CONFIGDOCS)
     @api_lock(ApiLockType.CONFIGDOCS_UPDATE)
     def on_post(self, req, resp, collection_id):
         """
@@ -92,7 +92,7 @@ class ConfigDocsResource(BaseResource):
         resp.location = '/api/v1.0/configdocs/{}'.format(collection_id)
         resp.body = self.to_json(validations)
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_configdocs')
+    @policy.ApiEnforcer(policy.GET_CONFIGDOCS)
     def on_get(self, req, resp, collection_id):
         """
         Returns a collection of documents
@@ -178,7 +178,7 @@ class CommitConfigDocsResource(BaseResource):
 
     unable_to_commmit = 'Unable to commit configuration documents'
 
-    @policy.ApiEnforcer('workflow_orchestrator:commit_configdocs')
+    @policy.ApiEnforcer(policy.COMMIT_CONFIGDOCS)
     @api_lock(ApiLockType.CONFIGDOCS_UPDATE)
     def on_post(self, req, resp):
         """

src/bin/shipyard_airflow/shipyard_airflow/control/configdocs/rendered_configdocs_api.py

@@ -37,7 +37,7 @@ class RenderedConfigDocsResource(BaseResource):
     in a complete or rendered state.
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_renderedconfigdocs')
+    @policy.ApiEnforcer(policy.GET_RENDEREDCONFIGDOCS)
     def on_get(self, req, resp):
         """
         Returns the whole set of rendered documents

src/bin/shipyard_airflow/shipyard_airflow/control/status/status_api.py

@@ -30,7 +30,7 @@ class StatusResource(BaseResource):
     node status and power state
     """
 
-    @policy.ApiEnforcer('workflow_orchestrator:get_site_statuses')
+    @policy.ApiEnforcer(policy.GET_SITE_STATUSES)
     def on_get(self, req, resp, **kwargs):
         """
         Return site based statuses that has been invoked through shipyard.

src/bin/shipyard_airflow/shipyard_airflow/policy.py

@@ -25,6 +25,23 @@ CONF = cfg.CONF
 LOG = logging.getLogger(__name__)
 policy_engine = None
 
+# Policy name constants
+LIST_ACTIONS = 'workflow_orchestrator:list_actions'
+CREATE_ACTION = 'workflow_orchestrator:create_action'
+GET_ACTION = 'workflow_orchestrator:get_action'
+GET_ACTION_STEP = 'workflow_orchestrator:get_action_step'
+GET_ACTION_STEP_LOGS = 'workflow_orchestrator:get_action_step_logs'
+GET_ACTION_VALIDATION = 'workflow_orchestrator:get_action_validation'
+INVOKE_ACTION_CONTROL = 'workflow_orchestrator:invoke_action_control'
+GET_CONFIGDOCS_STATUS = 'workflow_orchestrator:get_configdocs_status'
+CREATE_CONFIGDOCS = 'workflow_orchestrator:create_configdocs'
+GET_CONFIGDOCS = 'workflow_orchestrator:get_configdocs'
+COMMIT_CONFIGDOCS = 'workflow_orchestrator:commit_configdocs'
+GET_RENDEREDCONFIGDOCS = 'workflow_orchestrator:get_renderedconfigdocs'
+LIST_WORKFLOWS = 'workflow_orchestrator:list_workflows'
+GET_WORKFLOW = 'workflow_orchestrator:get_workflow'
+GET_SITE_STATUSES = 'workflow_orchestrator:get_site_statuses'
+
 
 class ShipyardPolicy(object):
     """
@@ -44,7 +61,7 @@ class ShipyardPolicy(object):
     # Orchestrator Policy
     task_rules = [
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:list_actions',
+            LIST_ACTIONS,
             RULE_ADMIN_REQUIRED,
             'List workflow actions invoked by users',
             [{
@@ -53,7 +70,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:create_action',
+            CREATE_ACTION,
             RULE_ADMIN_REQUIRED,
             'Create a workflow action',
             [{
@@ -62,7 +79,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_action',
+            GET_ACTION,
             RULE_ADMIN_REQUIRED,
             'Retrieve an action by its id',
             [{
@@ -71,7 +88,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_action_step',
+            GET_ACTION_STEP,
             RULE_ADMIN_REQUIRED,
             'Retrieve an action step by its id',
             [{
@@ -80,7 +97,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_action_step_logs',
+            GET_ACTION_STEP_LOGS,
             RULE_ADMIN_REQUIRED,
             'Retrieve logs of an action step by its id',
             [{
@@ -89,7 +106,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_action_validation',
+            GET_ACTION_VALIDATION,
             RULE_ADMIN_REQUIRED,
             'Retrieve an action validation by its id',
             [{
@@ -99,7 +116,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:invoke_action_control',
+            INVOKE_ACTION_CONTROL,
             RULE_ADMIN_REQUIRED,
             'Send a control to an action',
             [{
@@ -108,7 +125,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_configdocs_status',
+            GET_CONFIGDOCS_STATUS,
             RULE_ADMIN_REQUIRED,
             'Retrieve the status of the configdocs',
             [{
@@ -117,7 +134,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:create_configdocs',
+            CREATE_CONFIGDOCS,
             RULE_ADMIN_REQUIRED,
             'Ingest configuration documents for the site design',
             [{
@@ -126,7 +143,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_configdocs',
+            GET_CONFIGDOCS,
             RULE_ADMIN_REQUIRED,
             'Retrieve a collection of configuration documents',
             [{
@@ -135,7 +152,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:commit_configdocs',
+            COMMIT_CONFIGDOCS,
             RULE_ADMIN_REQUIRED,
             ('Move documents from the Shipyard buffer to the committed '
              'documents'),
@@ -145,7 +162,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_renderedconfigdocs',
+            GET_RENDEREDCONFIGDOCS,
             RULE_ADMIN_REQUIRED,
             ('Retrieve the configuration documents rendered by Deckhand into '
              'a complete design'),
@@ -155,7 +172,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:list_workflows',
+            LIST_WORKFLOWS,
             RULE_ADMIN_REQUIRED,
             ('Retrieve the list of workflows (DAGs) that have been invoked '
              'in Airflow, whether via Shipyard or scheduled'),
@@ -165,7 +182,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_workflow',
+            GET_WORKFLOW,
             RULE_ADMIN_REQUIRED,
             ('Retrieve the detailed information for a workflow (DAG) from '
              'Airflow'),
@@ -175,7 +192,7 @@ class ShipyardPolicy(object):
             }]
         ),
         policy.DocumentedRuleDefault(
-            'workflow_orchestrator:get_site_statuses',
+            GET_SITE_STATUSES,
             RULE_ADMIN_REQUIRED,
             'Retrieve the statuses for the site',
             [{