Merge "Refactor policies to use constant values"
This commit is contained in:
commit
165c845e3e
|
@ -67,7 +67,7 @@ class ActionsResource(BaseResource):
|
||||||
The actions resource represent the asyncrhonous invocations of shipyard
|
The actions resource represent the asyncrhonous invocations of shipyard
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:list_actions')
|
@policy.ApiEnforcer(policy.LIST_ACTIONS)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Return actions that have been invoked through shipyard.
|
Return actions that have been invoked through shipyard.
|
||||||
|
@ -76,7 +76,7 @@ class ActionsResource(BaseResource):
|
||||||
resp.body = self.to_json(self.get_all_actions())
|
resp.body = self.to_json(self.get_all_actions())
|
||||||
resp.status = falcon.HTTP_200
|
resp.status = falcon.HTTP_200
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:create_action')
|
@policy.ApiEnforcer(policy.CREATE_ACTION)
|
||||||
def on_post(self, req, resp, **kwargs):
|
def on_post(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Accept an action into shipyard
|
Accept an action into shipyard
|
||||||
|
|
|
@ -34,7 +34,7 @@ class ActionsControlResource(BaseResource):
|
||||||
'stop': self.stop_dag
|
'stop': self.stop_dag
|
||||||
}
|
}
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:invoke_action_control')
|
@policy.ApiEnforcer(policy.INVOKE_ACTION_CONTROL)
|
||||||
def on_post(self, req, resp, **kwargs):
|
def on_post(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Returns that a control was recevied (202 response)
|
Returns that a control was recevied (202 response)
|
||||||
|
|
|
@ -28,7 +28,7 @@ class ActionsIdResource(BaseResource):
|
||||||
"""
|
"""
|
||||||
The actions resource represent the asyncrhonous invocations of shipyard
|
The actions resource represent the asyncrhonous invocations of shipyard
|
||||||
"""
|
"""
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_action')
|
@policy.ApiEnforcer(policy.GET_ACTION)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Return actions that have been invoked through shipyard.
|
Return actions that have been invoked through shipyard.
|
||||||
|
|
|
@ -24,7 +24,7 @@ class ActionsStepsResource(BaseResource):
|
||||||
"""
|
"""
|
||||||
The actions steps resource is the steps of an action
|
The actions steps resource is the steps of an action
|
||||||
"""
|
"""
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_action_step')
|
@policy.ApiEnforcer(policy.GET_ACTION_STEP)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Return step details for an action step
|
Return step details for an action step
|
||||||
|
|
|
@ -34,7 +34,7 @@ class ActionsStepsLogsResource(BaseResource):
|
||||||
the names of the logs as 1.log, 2.log, 3.log, etc.
|
the names of the logs as 1.log, 2.log, 3.log, etc.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_action_step_logs')
|
@policy.ApiEnforcer(policy.GET_ACTION_STEP_LOGS)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Returns the logs of an action step
|
Returns the logs of an action step
|
||||||
|
|
|
@ -25,7 +25,7 @@ class ActionsValidationsResource(BaseResource):
|
||||||
The actions validations resource is the validtions of an action
|
The actions validations resource is the validtions of an action
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_action_validation')
|
@policy.ApiEnforcer(policy.GET_ACTION_VALIDATION)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Return validation details for an action validation
|
Return validation details for an action validation
|
||||||
|
|
|
@ -30,7 +30,7 @@ class WorkflowResource(BaseResource):
|
||||||
/api/v1.0/workflows
|
/api/v1.0/workflows
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:list_workflows')
|
@policy.ApiEnforcer(policy.LIST_WORKFLOWS)
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
"""
|
"""
|
||||||
Return actions that have been invoked through shipyard.
|
Return actions that have been invoked through shipyard.
|
||||||
|
@ -60,7 +60,7 @@ class WorkflowIdResource(BaseResource):
|
||||||
/api/v1/workflows/{workflow_id}
|
/api/v1/workflows/{workflow_id}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_workflow')
|
@policy.ApiEnforcer(policy.GET_WORKFLOW)
|
||||||
def on_get(self, req, resp, workflow_id):
|
def on_get(self, req, resp, workflow_id):
|
||||||
"""
|
"""
|
||||||
Retrieve the step details of workflows invoked in Airflow.
|
Retrieve the step details of workflows invoked in Airflow.
|
||||||
|
|
|
@ -38,7 +38,7 @@ class ConfigDocsStatusResource(BaseResource):
|
||||||
statuses
|
statuses
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_configdocs_status')
|
@policy.ApiEnforcer(policy.GET_CONFIGDOCS_STATUS)
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
"""Returns a list of the configdocs and their statuses"""
|
"""Returns a list of the configdocs and their statuses"""
|
||||||
versions = req.params.get('versions') or None
|
versions = req.params.get('versions') or None
|
||||||
|
@ -53,7 +53,7 @@ class ConfigDocsResource(BaseResource):
|
||||||
documents into Shipyard.
|
documents into Shipyard.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:create_configdocs')
|
@policy.ApiEnforcer(policy.CREATE_CONFIGDOCS)
|
||||||
@api_lock(ApiLockType.CONFIGDOCS_UPDATE)
|
@api_lock(ApiLockType.CONFIGDOCS_UPDATE)
|
||||||
def on_post(self, req, resp, collection_id):
|
def on_post(self, req, resp, collection_id):
|
||||||
"""
|
"""
|
||||||
|
@ -92,7 +92,7 @@ class ConfigDocsResource(BaseResource):
|
||||||
resp.location = '/api/v1.0/configdocs/{}'.format(collection_id)
|
resp.location = '/api/v1.0/configdocs/{}'.format(collection_id)
|
||||||
resp.body = self.to_json(validations)
|
resp.body = self.to_json(validations)
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_configdocs')
|
@policy.ApiEnforcer(policy.GET_CONFIGDOCS)
|
||||||
def on_get(self, req, resp, collection_id):
|
def on_get(self, req, resp, collection_id):
|
||||||
"""
|
"""
|
||||||
Returns a collection of documents
|
Returns a collection of documents
|
||||||
|
@ -178,7 +178,7 @@ class CommitConfigDocsResource(BaseResource):
|
||||||
|
|
||||||
unable_to_commmit = 'Unable to commit configuration documents'
|
unable_to_commmit = 'Unable to commit configuration documents'
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:commit_configdocs')
|
@policy.ApiEnforcer(policy.COMMIT_CONFIGDOCS)
|
||||||
@api_lock(ApiLockType.CONFIGDOCS_UPDATE)
|
@api_lock(ApiLockType.CONFIGDOCS_UPDATE)
|
||||||
def on_post(self, req, resp):
|
def on_post(self, req, resp):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -37,7 +37,7 @@ class RenderedConfigDocsResource(BaseResource):
|
||||||
in a complete or rendered state.
|
in a complete or rendered state.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_renderedconfigdocs')
|
@policy.ApiEnforcer(policy.GET_RENDEREDCONFIGDOCS)
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
"""
|
"""
|
||||||
Returns the whole set of rendered documents
|
Returns the whole set of rendered documents
|
||||||
|
|
|
@ -30,7 +30,7 @@ class StatusResource(BaseResource):
|
||||||
node status and power state
|
node status and power state
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@policy.ApiEnforcer('workflow_orchestrator:get_site_statuses')
|
@policy.ApiEnforcer(policy.GET_SITE_STATUSES)
|
||||||
def on_get(self, req, resp, **kwargs):
|
def on_get(self, req, resp, **kwargs):
|
||||||
"""
|
"""
|
||||||
Return site based statuses that has been invoked through shipyard.
|
Return site based statuses that has been invoked through shipyard.
|
||||||
|
|
|
@ -25,6 +25,23 @@ CONF = cfg.CONF
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
policy_engine = None
|
policy_engine = None
|
||||||
|
|
||||||
|
# Policy name constants
|
||||||
|
LIST_ACTIONS = 'workflow_orchestrator:list_actions'
|
||||||
|
CREATE_ACTION = 'workflow_orchestrator:create_action'
|
||||||
|
GET_ACTION = 'workflow_orchestrator:get_action'
|
||||||
|
GET_ACTION_STEP = 'workflow_orchestrator:get_action_step'
|
||||||
|
GET_ACTION_STEP_LOGS = 'workflow_orchestrator:get_action_step_logs'
|
||||||
|
GET_ACTION_VALIDATION = 'workflow_orchestrator:get_action_validation'
|
||||||
|
INVOKE_ACTION_CONTROL = 'workflow_orchestrator:invoke_action_control'
|
||||||
|
GET_CONFIGDOCS_STATUS = 'workflow_orchestrator:get_configdocs_status'
|
||||||
|
CREATE_CONFIGDOCS = 'workflow_orchestrator:create_configdocs'
|
||||||
|
GET_CONFIGDOCS = 'workflow_orchestrator:get_configdocs'
|
||||||
|
COMMIT_CONFIGDOCS = 'workflow_orchestrator:commit_configdocs'
|
||||||
|
GET_RENDEREDCONFIGDOCS = 'workflow_orchestrator:get_renderedconfigdocs'
|
||||||
|
LIST_WORKFLOWS = 'workflow_orchestrator:list_workflows'
|
||||||
|
GET_WORKFLOW = 'workflow_orchestrator:get_workflow'
|
||||||
|
GET_SITE_STATUSES = 'workflow_orchestrator:get_site_statuses'
|
||||||
|
|
||||||
|
|
||||||
class ShipyardPolicy(object):
|
class ShipyardPolicy(object):
|
||||||
"""
|
"""
|
||||||
|
@ -44,7 +61,7 @@ class ShipyardPolicy(object):
|
||||||
# Orchestrator Policy
|
# Orchestrator Policy
|
||||||
task_rules = [
|
task_rules = [
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:list_actions',
|
LIST_ACTIONS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'List workflow actions invoked by users',
|
'List workflow actions invoked by users',
|
||||||
[{
|
[{
|
||||||
|
@ -53,7 +70,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:create_action',
|
CREATE_ACTION,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Create a workflow action',
|
'Create a workflow action',
|
||||||
[{
|
[{
|
||||||
|
@ -62,7 +79,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_action',
|
GET_ACTION,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve an action by its id',
|
'Retrieve an action by its id',
|
||||||
[{
|
[{
|
||||||
|
@ -71,7 +88,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_action_step',
|
GET_ACTION_STEP,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve an action step by its id',
|
'Retrieve an action step by its id',
|
||||||
[{
|
[{
|
||||||
|
@ -80,7 +97,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_action_step_logs',
|
GET_ACTION_STEP_LOGS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve logs of an action step by its id',
|
'Retrieve logs of an action step by its id',
|
||||||
[{
|
[{
|
||||||
|
@ -89,7 +106,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_action_validation',
|
GET_ACTION_VALIDATION,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve an action validation by its id',
|
'Retrieve an action validation by its id',
|
||||||
[{
|
[{
|
||||||
|
@ -99,7 +116,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:invoke_action_control',
|
INVOKE_ACTION_CONTROL,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Send a control to an action',
|
'Send a control to an action',
|
||||||
[{
|
[{
|
||||||
|
@ -108,7 +125,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_configdocs_status',
|
GET_CONFIGDOCS_STATUS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve the status of the configdocs',
|
'Retrieve the status of the configdocs',
|
||||||
[{
|
[{
|
||||||
|
@ -117,7 +134,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:create_configdocs',
|
CREATE_CONFIGDOCS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Ingest configuration documents for the site design',
|
'Ingest configuration documents for the site design',
|
||||||
[{
|
[{
|
||||||
|
@ -126,7 +143,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_configdocs',
|
GET_CONFIGDOCS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve a collection of configuration documents',
|
'Retrieve a collection of configuration documents',
|
||||||
[{
|
[{
|
||||||
|
@ -135,7 +152,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:commit_configdocs',
|
COMMIT_CONFIGDOCS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
('Move documents from the Shipyard buffer to the committed '
|
('Move documents from the Shipyard buffer to the committed '
|
||||||
'documents'),
|
'documents'),
|
||||||
|
@ -145,7 +162,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_renderedconfigdocs',
|
GET_RENDEREDCONFIGDOCS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
('Retrieve the configuration documents rendered by Deckhand into '
|
('Retrieve the configuration documents rendered by Deckhand into '
|
||||||
'a complete design'),
|
'a complete design'),
|
||||||
|
@ -155,7 +172,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:list_workflows',
|
LIST_WORKFLOWS,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
('Retrieve the list of workflows (DAGs) that have been invoked '
|
('Retrieve the list of workflows (DAGs) that have been invoked '
|
||||||
'in Airflow, whether via Shipyard or scheduled'),
|
'in Airflow, whether via Shipyard or scheduled'),
|
||||||
|
@ -165,7 +182,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_workflow',
|
GET_WORKFLOW,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
('Retrieve the detailed information for a workflow (DAG) from '
|
('Retrieve the detailed information for a workflow (DAG) from '
|
||||||
'Airflow'),
|
'Airflow'),
|
||||||
|
@ -175,7 +192,7 @@ class ShipyardPolicy(object):
|
||||||
}]
|
}]
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
'workflow_orchestrator:get_site_statuses',
|
GET_SITE_STATUSES,
|
||||||
RULE_ADMIN_REQUIRED,
|
RULE_ADMIN_REQUIRED,
|
||||||
'Retrieve the statuses for the site',
|
'Retrieve the statuses for the site',
|
||||||
[{
|
[{
|
||||||
|
|
Loading…
Reference in New Issue