Policy in code for environment templates

This commit implements policy in code for the environment templates API. The default rules for the environment templates API were removed from the policy.json and moved into code under murano.common.policies.env_template. This commit specifically: - Moves policy actions related to the environment templates API from the policy.json into code. - Documents the API information and paths associated with each environment template policy. - Updates the ``create_environment`` policy action documentation in murano.common.policies.environment to include API /v1/templates/{env_template_id}/create-environment which enforces this policy as well. Partially Implements: blueprint policy-in-code Change-Id: I715f4b0a61fd4404e20b88736a9a4c86fc038b55
2017-06-01 22:13:21 +01:00 · 2017-06-01 22:13:21 +01:00 · f8c346230c
commit f8c346230c
parent 458436040f
4 changed files with 71 additions and 10 deletions
--- a/etc/murano/policy.json
+++ b/etc/murano/policy.json
@ -19,12 +19,6 @@
    "list_deployments_all_environments": "rule:default",
    "statuses_deployments": "rule:default",

-    "list_env_templates": "rule:default",
-    "create_env_template": "rule:default",
-    "show_env_template": "rule:default",
-    "update_env_template": "rule:default",
-    "delete_env_template": "rule:default",
-
    "execute_action": "rule:default"
 }

--- a/murano/common/policies/init.py
+++ b/murano/common/policies/init.py
@ -15,10 +15,12 @@

 import itertools

+from murano.common.policies import env_template
 from murano.common.policies import environment


 def list_rules():
    return itertools.chain(
-        environment.list_rules()
+        environment.list_rules(),
+        env_template.list_rules()
    )
--- a/murano/common/policies/env_template.py
+++ b/murano/common/policies/env_template.py
@ -0,0 +1,61 @@
+# Copyright 2017 AT&T Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from murano.common.policies import base
+
+template_policies = [
+    policy.DocumentedRuleDefault(
+        name='list_env_templates',
+        check_str=base.RULE_DEFAULT,
+        description='List environment templates in a project.',
+        operations=[{'path': '/v1/templates',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
+        name='create_env_template',
+        check_str=base.RULE_DEFAULT,
+        description='Create an environment template.',
+        operations=[{'path': '/v1/templates',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
+        name='show_env_template',
+        check_str=base.RULE_DEFAULT,
+        description='Show environment template details.',
+        operations=[{'path': '/v1/templates/{env_template_id}',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
+        name='update_env_template',
+        check_str=base.RULE_DEFAULT,
+        description='Update an environment template.',
+        operations=[{'path': '/v1/templates/{env_template_id}',
+                     'method': 'PUT'}]),
+    policy.DocumentedRuleDefault(
+        name='delete_env_template',
+        check_str=base.RULE_DEFAULT,
+        description='Delete an environment template.',
+        operations=[{'path': '/v1/templates/{env_template_id}',
+                     'method': 'DELETE'}]),
+    policy.DocumentedRuleDefault(
+        name='clone_env_template',
+        check_str=base.RULE_DEFAULT,
+        description='Clone an environment template.',
+        operations=[{'path': '/v1/templates/{env_template_id}/clone',
+                     'method': 'POST'}])
+]
+
+
+def list_rules():
+    return template_policies
--- a/murano/common/policies/environment.py
+++ b/murano/common/policies/environment.py
@ -50,9 +50,13 @@ environment_policies = [
    policy.DocumentedRuleDefault(
        name='create_environment',
        check_str=base.RULE_DEFAULT,
-        description='Create an environment.',
-        operations=[{'path': '/v1/environments/{environment_id}',
-                     'method': 'POST'}]),
+        description='Create an environment or create an environment and '
+                    'session from an environment template.',
+        operations=[
+            {'path': '/v1/environments/{environment_id}',
+             'method': 'POST'},
+            {'path': '/v1/templates/{env_template_id}/create-environment',
+             'method': 'POST'}]),
    policy.DocumentedRuleDefault(
        name='delete_environment',
        check_str=base.RULE_DEFAULT,