d2d2312af9
This PS implements documentation substitution and the rendered-documents endpoint. Each time the rendered-documents is queried, the documents for the reqeust revision_id dynamically undergo secret substitution. All functional tests related to secret substitution have been unskipped. Deckhand currently does not real testing for verifying that secret substitution works for encrypted documents. This will only happen when integration testing is added to Deckhand to test its interaction with Keystone and Barbican. Included in this PS: - basic implementation for secret substitution - introduction of jsonpath_ng for searching for and updating jsonpaths in documents - rendered-documents endpoint - unit tests - all relevant functional tests unskipped - additional bucket controller tests include RBAC tests and framework testing RBAC via unit tests Change-Id: I86f269a5b616b518e5f742a4005891412226fe2a
32 lines
1.2 KiB
Python
32 lines
1.2 KiB
Python
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
policy_data = """
|
|
"admin_api": "role:admin"
|
|
"deckhand:create_cleartext_documents": "rule:admin_api"
|
|
"deckhand:create_encrypted_documents": "rule:admin_api"
|
|
"deckhand:list_cleartext_documents": "rule:admin_api"
|
|
"deckhand:list_encrypted_documents": "rule:admin_api"
|
|
"deckhand:show_revision": "rule:admin_api"
|
|
"deckhand:list_revisions": "rule:admin_api"
|
|
"deckhand:delete_revisions": "rule:admin_api"
|
|
"deckhand:show_revision_diff": "rule:admin_api"
|
|
"deckhand:create_tag": "rule:admin_api"
|
|
"deckhand:show_tag": "rule:admin_api"
|
|
"deckhand:list_tags": "rule:admin_api"
|
|
"deckhand:delete_tag": "rule:admin_api"
|
|
"deckhand:delete_tags": "rule:admin_api"
|
|
"""
|