7eca672645
This patch introduces the implementation for registering default policy rules in code. Default rules are defined under cloudkitty.common.policies. Each API's policies are defined in a sub-folder under that path and __init__.py contains all the default policies in code which are registered in the ``init`` enforcer function in cloudkitty/common/policy.py. This commit does the following: - Creates the ``policies`` module that contains all the default policies in code. - Adds the base policy rules into code (context_is_admin, admin_or_owner and default rules). - Add policies in code for current APIs - Add a tox env to generate default policy sample file - Delete policy.json from repo as policies in code will be used. Change-Id: I257e8cefc2b699fc979c717531cd9ba77233d94b Implements: blueprint policy-in-code
44 lines
1.5 KiB
Python
44 lines
1.5 KiB
Python
# Copyright 2017 GohighSec.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_policy import policy
|
|
|
|
from cloudkitty.common.policies import base
|
|
|
|
info_policies = [
|
|
policy.DocumentedRuleDefault(
|
|
name='info:list_services_info',
|
|
check_str=base.UNPROTECTED,
|
|
description='List available services information in Cloudkitty.',
|
|
operations=[{'path': '/v1/info/services',
|
|
'method': 'LIST'}]),
|
|
policy.DocumentedRuleDefault(
|
|
name='info:get_service_info',
|
|
check_str=base.UNPROTECTED,
|
|
description='Get specified service information.',
|
|
operations=[{'path': '/v1/info/services/{service_id}',
|
|
'method': 'GET'}]),
|
|
policy.DocumentedRuleDefault(
|
|
name='info:get_config',
|
|
check_str=base.UNPROTECTED,
|
|
description='Get current configuration in Cloudkitty.',
|
|
operations=[{'path': '/v1/info/config',
|
|
'method': 'GET'}])
|
|
]
|
|
|
|
|
|
def list_rules():
|
|
return info_policies
|