Merge "Policy in code for packages"

This commit is contained in:
Jenkins 2017-06-07 09:45:31 +00:00 committed by Gerrit Code Review
commit de887f73b2
3 changed files with 88 additions and 9 deletions

View File

@ -3,14 +3,6 @@
"admin_api": "is_admin:True",
"default": "",
"get_package": "rule:default",
"upload_package": "rule:default",
"modify_package": "rule:default",
"publicize_package": "rule:admin_api",
"manage_public_package": "rule:default",
"delete_package": "rule:default",
"download_package": "rule:default",
"get_category": "rule:default",
"delete_category": "rule:admin_api",
"add_category": "rule:admin_api",

View File

@ -17,10 +17,12 @@ import itertools
from murano.common.policies import env_template
from murano.common.policies import environment
from murano.common.policies import package
def list_rules():
return itertools.chain(
environment.list_rules(),
env_template.list_rules()
env_template.list_rules(),
package.list_rules()
)

View File

@ -0,0 +1,85 @@
# Copyright 2017 AT&T Corporation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_policy import policy
from murano.common.policies import base
package_policies = [
policy.DocumentedRuleDefault(
name='get_package',
check_str=base.RULE_DEFAULT,
description="""Returns either detailed package information or
information specific to the package's UI or logo. In addition, checks for the
existence of a given package.""",
operations=[{'path': '/v1/catalog/packages/{package_id}',
'method': 'GET'},
{'path': '/v1/catalog/packages',
'method': 'GET'},
{'path': '/v1/catalog/packages/{package_id}/ui',
'method': 'GET'},
{'path': '/v1/catalog/packages/{package_id}/logo',
'method': 'GET'}]),
policy.DocumentedRuleDefault(
name='upload_package',
check_str=base.RULE_DEFAULT,
description='Upload a package to the application catalog.',
operations=[{'path': '/v1/catalog/packages',
'method': 'POST'}]),
policy.DocumentedRuleDefault(
name='modify_package',
check_str=base.RULE_DEFAULT,
description='Update package information for a given package.',
operations=[{'path': '/v1/catalog/packages/{package_id}',
'method': 'PATCH'}]),
policy.DocumentedRuleDefault(
name='publicize_package',
check_str=base.RULE_ADMIN_API,
description="""Publicize a package across all projects. Grants users in
any project the ability to use the package. Enforced only when `is_public`
parameter is set to True in the request body of the `update` or `upload`
package request.""",
operations=[{'path': '/v1/catalog/packages/{package_id}',
'method': 'PATCH'},
{'path': '/v1/catalog/packages',
'method': 'POST'}]),
policy.DocumentedRuleDefault(
name='manage_public_package',
check_str=base.RULE_DEFAULT,
description="""Either update, delete or check for the existence of a
public package. Only enforced when the package is public.""",
operations=[{'path': '/v1/catalog/packages/{package_id}',
'method': 'PATCH'},
{'path': '/v1/catalog/packages/{package_id}',
'method': 'DELETE'},
{'path': '/v1/catalog/packages',
'method': 'GET'}]),
policy.DocumentedRuleDefault(
name='delete_package',
check_str=base.RULE_DEFAULT,
description='Delete a given package.',
operations=[{'path': '/v1/catalog/packages/{package_id}',
'method': 'DELETE'}]),
policy.DocumentedRuleDefault(
name='download_package',
check_str=base.RULE_DEFAULT,
description='Download a package from the application catalog.',
operations=[{'path': '/v1/catalog/packages/{package_id}/download',
'method': 'GET'}])
]
def list_rules():
return package_policies