summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-07 09:45:31 +0000
committerGerrit Code Review <review@openstack.org>2017-06-07 09:45:31 +0000
commitde887f73b29ab71412eb5b5e31c1c81f941e447e (patch)
treeccc78f4321cb0bf66130e4fb9475fa9756b1968d
parentf0f6dece9ee71685e0ebe9e1ad87b8104c6eed20 (diff)
parent7a01e294ff82a648d17676c9d32e1865e74e1f15 (diff)
Merge "Policy in code for packages"4.0.0.0b2
-rw-r--r--etc/murano/policy.json8
-rw-r--r--murano/common/policies/__init__.py4
-rw-r--r--murano/common/policies/package.py85
3 files changed, 88 insertions, 9 deletions
diff --git a/etc/murano/policy.json b/etc/murano/policy.json
index 7c72b1a..5731262 100644
--- a/etc/murano/policy.json
+++ b/etc/murano/policy.json
@@ -3,14 +3,6 @@
3 "admin_api": "is_admin:True", 3 "admin_api": "is_admin:True",
4 "default": "", 4 "default": "",
5 5
6 "get_package": "rule:default",
7 "upload_package": "rule:default",
8 "modify_package": "rule:default",
9 "publicize_package": "rule:admin_api",
10 "manage_public_package": "rule:default",
11 "delete_package": "rule:default",
12 "download_package": "rule:default",
13
14 "get_category": "rule:default", 6 "get_category": "rule:default",
15 "delete_category": "rule:admin_api", 7 "delete_category": "rule:admin_api",
16 "add_category": "rule:admin_api", 8 "add_category": "rule:admin_api",
diff --git a/murano/common/policies/__init__.py b/murano/common/policies/__init__.py
index d8b1ad9..db4b50d 100644
--- a/murano/common/policies/__init__.py
+++ b/murano/common/policies/__init__.py
@@ -17,10 +17,12 @@ import itertools
17 17
18from murano.common.policies import env_template 18from murano.common.policies import env_template
19from murano.common.policies import environment 19from murano.common.policies import environment
20from murano.common.policies import package
20 21
21 22
22def list_rules(): 23def list_rules():
23 return itertools.chain( 24 return itertools.chain(
24 environment.list_rules(), 25 environment.list_rules(),
25 env_template.list_rules() 26 env_template.list_rules(),
27 package.list_rules()
26 ) 28 )
diff --git a/murano/common/policies/package.py b/murano/common/policies/package.py
new file mode 100644
index 0000000..9fdeb91
--- /dev/null
+++ b/murano/common/policies/package.py
@@ -0,0 +1,85 @@
1# Copyright 2017 AT&T Corporation.
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16from oslo_policy import policy
17
18from murano.common.policies import base
19
20package_policies = [
21 policy.DocumentedRuleDefault(
22 name='get_package',
23 check_str=base.RULE_DEFAULT,
24 description="""Returns either detailed package information or
25information specific to the package's UI or logo. In addition, checks for the
26existence of a given package.""",
27 operations=[{'path': '/v1/catalog/packages/{package_id}',
28 'method': 'GET'},
29 {'path': '/v1/catalog/packages',
30 'method': 'GET'},
31 {'path': '/v1/catalog/packages/{package_id}/ui',
32 'method': 'GET'},
33 {'path': '/v1/catalog/packages/{package_id}/logo',
34 'method': 'GET'}]),
35 policy.DocumentedRuleDefault(
36 name='upload_package',
37 check_str=base.RULE_DEFAULT,
38 description='Upload a package to the application catalog.',
39 operations=[{'path': '/v1/catalog/packages',
40 'method': 'POST'}]),
41 policy.DocumentedRuleDefault(
42 name='modify_package',
43 check_str=base.RULE_DEFAULT,
44 description='Update package information for a given package.',
45 operations=[{'path': '/v1/catalog/packages/{package_id}',
46 'method': 'PATCH'}]),
47 policy.DocumentedRuleDefault(
48 name='publicize_package',
49 check_str=base.RULE_ADMIN_API,
50 description="""Publicize a package across all projects. Grants users in
51any project the ability to use the package. Enforced only when `is_public`
52parameter is set to True in the request body of the `update` or `upload`
53package request.""",
54 operations=[{'path': '/v1/catalog/packages/{package_id}',
55 'method': 'PATCH'},
56 {'path': '/v1/catalog/packages',
57 'method': 'POST'}]),
58 policy.DocumentedRuleDefault(
59 name='manage_public_package',
60 check_str=base.RULE_DEFAULT,
61 description="""Either update, delete or check for the existence of a
62public package. Only enforced when the package is public.""",
63 operations=[{'path': '/v1/catalog/packages/{package_id}',
64 'method': 'PATCH'},
65 {'path': '/v1/catalog/packages/{package_id}',
66 'method': 'DELETE'},
67 {'path': '/v1/catalog/packages',
68 'method': 'GET'}]),
69 policy.DocumentedRuleDefault(
70 name='delete_package',
71 check_str=base.RULE_DEFAULT,
72 description='Delete a given package.',
73 operations=[{'path': '/v1/catalog/packages/{package_id}',
74 'method': 'DELETE'}]),
75 policy.DocumentedRuleDefault(
76 name='download_package',
77 check_str=base.RULE_DEFAULT,
78 description='Download a package from the application catalog.',
79 operations=[{'path': '/v1/catalog/packages/{package_id}/download',
80 'method': 'GET'}])
81]
82
83
84def list_rules():
85 return package_policies