Making policy namespaces more unique
This adds "data-processing:" to the beginning of all namespaces for sahara's policy based actions. This will help ensure that we minimize the possibility for name collisions in unified policy files. * change policy names in policy.json * change policy names in v10 and v11 api functions * change policy tests to reflect newer names (not strictly necessary but added for consistency) Change-Id: Ieef8c8de25764197a2ed59ba9f71c37fc62a75ca Closes-Bug: 1460196
This commit is contained in:
parent
4c048161e0
commit
8636c71e1a
@ -2,65 +2,65 @@
|
||||
"context_is_admin": "role:admin",
|
||||
"default": "",
|
||||
|
||||
"clusters:get_all": "",
|
||||
"clusters:create": "",
|
||||
"clusters:scale": "",
|
||||
"clusters:get": "",
|
||||
"clusters:delete": "",
|
||||
"data-processing:clusters:get_all": "",
|
||||
"data-processing:clusters:create": "",
|
||||
"data-processing:clusters:scale": "",
|
||||
"data-processing:clusters:get": "",
|
||||
"data-processing:clusters:delete": "",
|
||||
|
||||
"cluster-templates:get_all": "",
|
||||
"cluster-templates:create": "",
|
||||
"cluster-templates:get": "",
|
||||
"cluster-templates:modify": "",
|
||||
"cluster-templates:delete": "",
|
||||
"data-processing:cluster-templates:get_all": "",
|
||||
"data-processing:cluster-templates:create": "",
|
||||
"data-processing:cluster-templates:get": "",
|
||||
"data-processing:cluster-templates:modify": "",
|
||||
"data-processing:cluster-templates:delete": "",
|
||||
|
||||
"node-group-templates:get_all": "",
|
||||
"node-group-templates:create": "",
|
||||
"node-group-templates:get": "",
|
||||
"node-group-templates:modify": "",
|
||||
"node-group-templates:delete": "",
|
||||
"data-processing:node-group-templates:get_all": "",
|
||||
"data-processing:node-group-templates:create": "",
|
||||
"data-processing:node-group-templates:get": "",
|
||||
"data-processing:node-group-templates:modify": "",
|
||||
"data-processing:node-group-templates:delete": "",
|
||||
|
||||
"plugins:get_all": "",
|
||||
"plugins:get": "",
|
||||
"plugins:get_version": "",
|
||||
"plugins:convert_config": "",
|
||||
"data-processing:plugins:get_all": "",
|
||||
"data-processing:plugins:get": "",
|
||||
"data-processing:plugins:get_version": "",
|
||||
"data-processing:plugins:convert_config": "",
|
||||
|
||||
"images:get_all": "",
|
||||
"images:get": "",
|
||||
"images:register": "",
|
||||
"images:unregister": "",
|
||||
"images:add_tags": "",
|
||||
"images:remove_tags": "",
|
||||
"data-processing:images:get_all": "",
|
||||
"data-processing:images:get": "",
|
||||
"data-processing:images:register": "",
|
||||
"data-processing:images:unregister": "",
|
||||
"data-processing:images:add_tags": "",
|
||||
"data-processing:images:remove_tags": "",
|
||||
|
||||
"job-executions:get_all": "",
|
||||
"job-executions:get": "",
|
||||
"job-executions:refresh_status": "",
|
||||
"job-executions:cancel": "",
|
||||
"job-executions:delete": "",
|
||||
"data-processing:job-executions:get_all": "",
|
||||
"data-processing:job-executions:get": "",
|
||||
"data-processing:job-executions:refresh_status": "",
|
||||
"data-processing:job-executions:cancel": "",
|
||||
"data-processing:job-executions:delete": "",
|
||||
|
||||
"data-sources:get_all": "",
|
||||
"data-sources:get": "",
|
||||
"data-sources:register": "",
|
||||
"data-sources:delete": "",
|
||||
"data-processing:data-sources:get_all": "",
|
||||
"data-processing:data-sources:get": "",
|
||||
"data-processing:data-sources:register": "",
|
||||
"data-processing:data-sources:delete": "",
|
||||
|
||||
"jobs:get_all": "",
|
||||
"jobs:create": "",
|
||||
"jobs:get": "",
|
||||
"jobs:delete": "",
|
||||
"jobs:get_config_hints": "",
|
||||
"jobs:execute": "",
|
||||
"data-processing:jobs:get_all": "",
|
||||
"data-processing:jobs:create": "",
|
||||
"data-processing:jobs:get": "",
|
||||
"data-processing:jobs:delete": "",
|
||||
"data-processing:jobs:get_config_hints": "",
|
||||
"data-processing:jobs:execute": "",
|
||||
|
||||
"job-binaries:get_all": "",
|
||||
"job-binaries:create": "",
|
||||
"job-binaries:get": "",
|
||||
"job-binaries:delete": "",
|
||||
"job-binaries:get_data": "",
|
||||
"data-processing:job-binaries:get_all": "",
|
||||
"data-processing:job-binaries:create": "",
|
||||
"data-processing:job-binaries:get": "",
|
||||
"data-processing:job-binaries:delete": "",
|
||||
"data-processing:job-binaries:get_data": "",
|
||||
|
||||
"job-binary-internals:get_all": "",
|
||||
"job-binary-internals:create": "",
|
||||
"job-binary-internals:get": "",
|
||||
"job-binary-internals:delete": "",
|
||||
"job-binary-internals:get_data": "",
|
||||
"data-processing:job-binary-internals:get_all": "",
|
||||
"data-processing:job-binary-internals:create": "",
|
||||
"data-processing:job-binary-internals:get": "",
|
||||
"data-processing:job-binary-internals:delete": "",
|
||||
"data-processing:job-binary-internals:get_data": "",
|
||||
|
||||
"job-types:get_all": ""
|
||||
"data-processing:job-types:get_all": ""
|
||||
}
|
||||
|
@ -37,21 +37,21 @@ rest = u.Rest('v10', __name__)
|
||||
# Cluster ops
|
||||
|
||||
@rest.get('/clusters')
|
||||
@acl.enforce("clusters:get_all")
|
||||
@acl.enforce("data-processing:clusters:get_all")
|
||||
def clusters_list():
|
||||
return u.render(clusters=[c.to_dict() for c in api.get_clusters(
|
||||
**u.get_request_args().to_dict())])
|
||||
|
||||
|
||||
@rest.post('/clusters')
|
||||
@acl.enforce("clusters:create")
|
||||
@acl.enforce("data-processing:clusters:create")
|
||||
@v.validate(v_c.CLUSTER_SCHEMA, v_c.check_cluster_create)
|
||||
def clusters_create(data):
|
||||
return u.render(api.create_cluster(data).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.put('/clusters/<cluster_id>')
|
||||
@acl.enforce("clusters:scale")
|
||||
@acl.enforce("data-processing:clusters:scale")
|
||||
@v.check_exists(api.get_cluster, 'cluster_id')
|
||||
@v.validate(v_c_s.CLUSTER_SCALING_SCHEMA, v_c_s.check_cluster_scaling)
|
||||
def clusters_scale(cluster_id, data):
|
||||
@ -59,7 +59,7 @@ def clusters_scale(cluster_id, data):
|
||||
|
||||
|
||||
@rest.get('/clusters/<cluster_id>')
|
||||
@acl.enforce("clusters:get")
|
||||
@acl.enforce("data-processing:clusters:get")
|
||||
@v.check_exists(api.get_cluster, 'cluster_id')
|
||||
def clusters_get(cluster_id):
|
||||
data = u.get_request_args()
|
||||
@ -68,7 +68,7 @@ def clusters_get(cluster_id):
|
||||
|
||||
|
||||
@rest.delete('/clusters/<cluster_id>')
|
||||
@acl.enforce("clusters:delete")
|
||||
@acl.enforce("data-processing:clusters:delete")
|
||||
@v.check_exists(api.get_cluster, 'cluster_id')
|
||||
def clusters_delete(cluster_id):
|
||||
api.terminate_cluster(cluster_id)
|
||||
@ -78,7 +78,7 @@ def clusters_delete(cluster_id):
|
||||
# ClusterTemplate ops
|
||||
|
||||
@rest.get('/cluster-templates')
|
||||
@acl.enforce("cluster-templates:get_all")
|
||||
@acl.enforce("data-processing:cluster-templates:get_all")
|
||||
def cluster_templates_list():
|
||||
return u.render(
|
||||
cluster_templates=[t.to_dict() for t in api.get_cluster_templates(
|
||||
@ -86,7 +86,7 @@ def cluster_templates_list():
|
||||
|
||||
|
||||
@rest.post('/cluster-templates')
|
||||
@acl.enforce("cluster-templates:create")
|
||||
@acl.enforce("data-processing:cluster-templates:create")
|
||||
@v.validate(ct_schema.CLUSTER_TEMPLATE_SCHEMA,
|
||||
v_ct.check_cluster_template_create)
|
||||
def cluster_templates_create(data):
|
||||
@ -94,7 +94,7 @@ def cluster_templates_create(data):
|
||||
|
||||
|
||||
@rest.get('/cluster-templates/<cluster_template_id>')
|
||||
@acl.enforce("cluster-templates:get")
|
||||
@acl.enforce("data-processing:cluster-templates:get")
|
||||
@v.check_exists(api.get_cluster_template, 'cluster_template_id')
|
||||
def cluster_templates_get(cluster_template_id):
|
||||
return u.render(
|
||||
@ -102,7 +102,7 @@ def cluster_templates_get(cluster_template_id):
|
||||
|
||||
|
||||
@rest.put('/cluster-templates/<cluster_template_id>')
|
||||
@acl.enforce("cluster-templates:modify")
|
||||
@acl.enforce("data-processing:cluster-templates:modify")
|
||||
@v.check_exists(api.get_cluster_template, 'cluster_template_id')
|
||||
@v.validate(ct_schema.CLUSTER_TEMPLATE_UPDATE_SCHEMA,
|
||||
v_ct.check_cluster_template_update)
|
||||
@ -113,7 +113,7 @@ def cluster_templates_update(cluster_template_id, data):
|
||||
|
||||
|
||||
@rest.delete('/cluster-templates/<cluster_template_id>')
|
||||
@acl.enforce("cluster-templates:delete")
|
||||
@acl.enforce("data-processing:cluster-templates:delete")
|
||||
@v.check_exists(api.get_cluster_template, 'cluster_template_id')
|
||||
@v.validate(None, v_ct.check_cluster_template_usage)
|
||||
def cluster_templates_delete(cluster_template_id):
|
||||
@ -124,7 +124,7 @@ def cluster_templates_delete(cluster_template_id):
|
||||
# NodeGroupTemplate ops
|
||||
|
||||
@rest.get('/node-group-templates')
|
||||
@acl.enforce("node-group-templates:get_all")
|
||||
@acl.enforce("data-processing:node-group-templates:get_all")
|
||||
def node_group_templates_list():
|
||||
return u.render(
|
||||
node_group_templates=[t.to_dict()
|
||||
@ -133,7 +133,7 @@ def node_group_templates_list():
|
||||
|
||||
|
||||
@rest.post('/node-group-templates')
|
||||
@acl.enforce("node-group-templates:create")
|
||||
@acl.enforce("data-processing:node-group-templates:create")
|
||||
@v.validate(ngt_schema.NODE_GROUP_TEMPLATE_SCHEMA,
|
||||
v_ngt.check_node_group_template_create)
|
||||
def node_group_templates_create(data):
|
||||
@ -141,7 +141,7 @@ def node_group_templates_create(data):
|
||||
|
||||
|
||||
@rest.get('/node-group-templates/<node_group_template_id>')
|
||||
@acl.enforce("node-group-templates:get")
|
||||
@acl.enforce("data-processing:node-group-templates:get")
|
||||
@v.check_exists(api.get_node_group_template, 'node_group_template_id')
|
||||
def node_group_templates_get(node_group_template_id):
|
||||
return u.render(
|
||||
@ -149,7 +149,7 @@ def node_group_templates_get(node_group_template_id):
|
||||
|
||||
|
||||
@rest.put('/node-group-templates/<node_group_template_id>')
|
||||
@acl.enforce("node-group-templates:modify")
|
||||
@acl.enforce("data-processing:node-group-templates:modify")
|
||||
@v.check_exists(api.get_node_group_template, 'node_group_template_id')
|
||||
@v.validate(ngt_schema.NODE_GROUP_TEMPLATE_UPDATE_SCHEMA,
|
||||
v_ngt.check_node_group_template_update)
|
||||
@ -160,7 +160,7 @@ def node_group_templates_update(node_group_template_id, data):
|
||||
|
||||
|
||||
@rest.delete('/node-group-templates/<node_group_template_id>')
|
||||
@acl.enforce("node-group-templates:delete")
|
||||
@acl.enforce("data-processing:node-group-templates:delete")
|
||||
@v.check_exists(api.get_node_group_template, 'node_group_template_id')
|
||||
@v.validate(None, v_ngt.check_node_group_template_usage)
|
||||
def node_group_templates_delete(node_group_template_id):
|
||||
@ -171,27 +171,27 @@ def node_group_templates_delete(node_group_template_id):
|
||||
# Plugins ops
|
||||
|
||||
@rest.get('/plugins')
|
||||
@acl.enforce("plugins:get_all")
|
||||
@acl.enforce("data-processing:plugins:get_all")
|
||||
def plugins_list():
|
||||
return u.render(plugins=[p.dict for p in api.get_plugins()])
|
||||
|
||||
|
||||
@rest.get('/plugins/<plugin_name>')
|
||||
@acl.enforce("plugins:get")
|
||||
@acl.enforce("data-processing:plugins:get")
|
||||
@v.check_exists(api.get_plugin, plugin_name='plugin_name')
|
||||
def plugins_get(plugin_name):
|
||||
return u.render(api.get_plugin(plugin_name).wrapped_dict)
|
||||
|
||||
|
||||
@rest.get('/plugins/<plugin_name>/<version>')
|
||||
@acl.enforce("plugins:get_version")
|
||||
@acl.enforce("data-processing:plugins:get_version")
|
||||
@v.check_exists(api.get_plugin, plugin_name='plugin_name', version='version')
|
||||
def plugins_get_version(plugin_name, version):
|
||||
return u.render(api.get_plugin(plugin_name, version).wrapped_dict)
|
||||
|
||||
|
||||
@rest.post_file('/plugins/<plugin_name>/<version>/convert-config/<name>')
|
||||
@acl.enforce("plugins:convert_config")
|
||||
@acl.enforce("data-processing:plugins:convert_config")
|
||||
@v.check_exists(api.get_plugin, plugin_name='plugin_name', version='version')
|
||||
@v.validate(v_p.CONVERT_TO_TEMPLATE_SCHEMA, v_p.check_convert_to_template)
|
||||
def plugins_convert_to_cluster_template(plugin_name, version, name, data):
|
||||
@ -204,7 +204,7 @@ def plugins_convert_to_cluster_template(plugin_name, version, name, data):
|
||||
# Image Registry ops
|
||||
|
||||
@rest.get('/images')
|
||||
@acl.enforce("images:get_all")
|
||||
@acl.enforce("data-processing:images:get_all")
|
||||
def images_list():
|
||||
tags = u.get_request_args().getlist('tags')
|
||||
name = u.get_request_args().get('name', None)
|
||||
@ -212,14 +212,14 @@ def images_list():
|
||||
|
||||
|
||||
@rest.get('/images/<image_id>')
|
||||
@acl.enforce("images:get")
|
||||
@acl.enforce("data-processing:images:get")
|
||||
@v.check_exists(api.get_image, id='image_id')
|
||||
def images_get(image_id):
|
||||
return u.render(api.get_registered_image(id=image_id).wrapped_dict)
|
||||
|
||||
|
||||
@rest.post('/images/<image_id>')
|
||||
@acl.enforce("images:register")
|
||||
@acl.enforce("data-processing:images:register")
|
||||
@v.check_exists(api.get_image, id='image_id')
|
||||
@v.validate(v_images.image_register_schema, v_images.check_image_register)
|
||||
def images_set(image_id, data):
|
||||
@ -227,7 +227,7 @@ def images_set(image_id, data):
|
||||
|
||||
|
||||
@rest.delete('/images/<image_id>')
|
||||
@acl.enforce("images:unregister")
|
||||
@acl.enforce("data-processing:images:unregister")
|
||||
@v.check_exists(api.get_image, id='image_id')
|
||||
def images_unset(image_id):
|
||||
api.unregister_image(image_id)
|
||||
@ -235,7 +235,7 @@ def images_unset(image_id):
|
||||
|
||||
|
||||
@rest.post('/images/<image_id>/tag')
|
||||
@acl.enforce("images:add_tags")
|
||||
@acl.enforce("data-processing:images:add_tags")
|
||||
@v.check_exists(api.get_image, id='image_id')
|
||||
@v.validate(v_images.image_tags_schema, v_images.check_tags)
|
||||
def image_tags_add(image_id, data):
|
||||
@ -243,7 +243,7 @@ def image_tags_add(image_id, data):
|
||||
|
||||
|
||||
@rest.post('/images/<image_id>/untag')
|
||||
@acl.enforce("images:remove_tags")
|
||||
@acl.enforce("data-processing:images:remove_tags")
|
||||
@v.check_exists(api.get_image, id='image_id')
|
||||
@v.validate(v_images.image_tags_schema)
|
||||
def image_tags_delete(image_id, data):
|
||||
|
@ -34,7 +34,7 @@ rest = u.Rest('v11', __name__)
|
||||
# Job execution ops
|
||||
|
||||
@rest.get('/job-executions')
|
||||
@acl.enforce("job-executions:get_all")
|
||||
@acl.enforce("data-processing:job-executions:get_all")
|
||||
def job_executions_list():
|
||||
job_executions = [je.to_dict() for je in api.job_execution_list(
|
||||
**u.get_request_args().to_dict())]
|
||||
@ -42,7 +42,7 @@ def job_executions_list():
|
||||
|
||||
|
||||
@rest.get('/job-executions/<job_execution_id>')
|
||||
@acl.enforce("job-executions:get")
|
||||
@acl.enforce("data-processing:job-executions:get")
|
||||
@v.check_exists(api.get_job_execution, id='job_execution_id')
|
||||
def job_executions(job_execution_id):
|
||||
job_execution = api.get_job_execution(job_execution_id)
|
||||
@ -50,7 +50,7 @@ def job_executions(job_execution_id):
|
||||
|
||||
|
||||
@rest.get('/job-executions/<job_execution_id>/refresh-status')
|
||||
@acl.enforce("job-executions:refresh_status")
|
||||
@acl.enforce("data-processing:job-executions:refresh_status")
|
||||
@v.check_exists(api.get_job_execution, id='job_execution_id')
|
||||
def job_executions_status(job_execution_id):
|
||||
job_execution = api.get_job_execution_status(job_execution_id)
|
||||
@ -58,7 +58,7 @@ def job_executions_status(job_execution_id):
|
||||
|
||||
|
||||
@rest.get('/job-executions/<job_execution_id>/cancel')
|
||||
@acl.enforce("job-executions:cancel")
|
||||
@acl.enforce("data-processing:job-executions:cancel")
|
||||
@v.check_exists(api.get_job_execution, id='job_execution_id')
|
||||
def job_executions_cancel(job_execution_id):
|
||||
job_execution = api.cancel_job_execution(job_execution_id)
|
||||
@ -66,7 +66,7 @@ def job_executions_cancel(job_execution_id):
|
||||
|
||||
|
||||
@rest.delete('/job-executions/<job_execution_id>')
|
||||
@acl.enforce("job-executions:delete")
|
||||
@acl.enforce("data-processing:job-executions:delete")
|
||||
@v.check_exists(api.get_job_execution, id='job_execution_id')
|
||||
def job_executions_delete(job_execution_id):
|
||||
api.delete_job_execution(job_execution_id)
|
||||
@ -76,7 +76,7 @@ def job_executions_delete(job_execution_id):
|
||||
# Data source ops
|
||||
|
||||
@rest.get('/data-sources')
|
||||
@acl.enforce("data-sources:get_all")
|
||||
@acl.enforce("data-processing:data-sources:get_all")
|
||||
def data_sources_list():
|
||||
return u.render(
|
||||
data_sources=[ds.to_dict() for ds in api.get_data_sources(
|
||||
@ -84,21 +84,21 @@ def data_sources_list():
|
||||
|
||||
|
||||
@rest.post('/data-sources')
|
||||
@acl.enforce("data-sources:register")
|
||||
@acl.enforce("data-processing:data-sources:register")
|
||||
@v.validate(v_d_s.DATA_SOURCE_SCHEMA, v_d_s.check_data_source_create)
|
||||
def data_source_register(data):
|
||||
return u.render(api.register_data_source(data).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.get('/data-sources/<data_source_id>')
|
||||
@acl.enforce("data-sources:get")
|
||||
@acl.enforce("data-processing:data-sources:get")
|
||||
@v.check_exists(api.get_data_source, 'data_source_id')
|
||||
def data_source_get(data_source_id):
|
||||
return u.render(api.get_data_source(data_source_id).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.delete('/data-sources/<data_source_id>')
|
||||
@acl.enforce("data-sources:delete")
|
||||
@acl.enforce("data-processing:data-sources:delete")
|
||||
@v.check_exists(api.get_data_source, 'data_source_id')
|
||||
def data_source_delete(data_source_id):
|
||||
api.delete_data_source(data_source_id)
|
||||
@ -108,28 +108,28 @@ def data_source_delete(data_source_id):
|
||||
# Job ops
|
||||
|
||||
@rest.get('/jobs')
|
||||
@acl.enforce("jobs:get_all")
|
||||
@acl.enforce("data-processing:jobs:get_all")
|
||||
def job_list():
|
||||
return u.render(jobs=[j.to_dict() for j in api.get_jobs(
|
||||
**u.get_request_args().to_dict())])
|
||||
|
||||
|
||||
@rest.post('/jobs')
|
||||
@acl.enforce("jobs:create")
|
||||
@acl.enforce("data-processing:jobs:create")
|
||||
@v.validate(v_j.JOB_SCHEMA, v_j.check_mains_libs)
|
||||
def job_create(data):
|
||||
return u.render(api.create_job(data).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.get('/jobs/<job_id>')
|
||||
@acl.enforce("jobs:get")
|
||||
@acl.enforce("data-processing:jobs:get")
|
||||
@v.check_exists(api.get_job, id='job_id')
|
||||
def job_get(job_id):
|
||||
return u.render(api.get_job(job_id).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.delete('/jobs/<job_id>')
|
||||
@acl.enforce("jobs:delete")
|
||||
@acl.enforce("data-processing:jobs:delete")
|
||||
@v.check_exists(api.get_job, id='job_id')
|
||||
def job_delete(job_id):
|
||||
api.delete_job(job_id)
|
||||
@ -137,7 +137,7 @@ def job_delete(job_id):
|
||||
|
||||
|
||||
@rest.post('/jobs/<job_id>/execute')
|
||||
@acl.enforce("jobs:execute")
|
||||
@acl.enforce("data-processing:jobs:execute")
|
||||
@v.check_exists(api.get_job, id='job_id')
|
||||
@v.validate(v_j_e.JOB_EXEC_SCHEMA, v_j_e.check_job_execution)
|
||||
def job_execute(job_id, data):
|
||||
@ -145,14 +145,14 @@ def job_execute(job_id, data):
|
||||
|
||||
|
||||
@rest.get('/jobs/config-hints/<job_type>')
|
||||
@acl.enforce("jobs:get_config_hints")
|
||||
@acl.enforce("data-processing:jobs:get_config_hints")
|
||||
@v.check_exists(api.get_job_config_hints, job_type='job_type')
|
||||
def job_config_hints_get(job_type):
|
||||
return u.render(api.get_job_config_hints(job_type))
|
||||
|
||||
|
||||
@rest.get('/job-types')
|
||||
@acl.enforce("job-types:get_all")
|
||||
@acl.enforce("data-processing:job-types:get_all")
|
||||
def job_types_get():
|
||||
# We want to use flat=False with to_dict() so that
|
||||
# the value of each arg is given as a list. This supports
|
||||
@ -164,28 +164,28 @@ def job_types_get():
|
||||
|
||||
|
||||
@rest.post('/job-binaries')
|
||||
@acl.enforce("job-binaries:create")
|
||||
@acl.enforce("data-processing:job-binaries:create")
|
||||
@v.validate(v_j_b.JOB_BINARY_SCHEMA, v_j_b.check_job_binary)
|
||||
def job_binary_create(data):
|
||||
return u.render(api.create_job_binary(data).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.get('/job-binaries')
|
||||
@acl.enforce("job-binaries:get_all")
|
||||
@acl.enforce("data-processing:job-binaries:get_all")
|
||||
def job_binary_list():
|
||||
return u.render(binaries=[j.to_dict() for j in api.get_job_binaries(
|
||||
**u.get_request_args().to_dict())])
|
||||
|
||||
|
||||
@rest.get('/job-binaries/<job_binary_id>')
|
||||
@acl.enforce("job-binaries:get")
|
||||
@acl.enforce("data-processing:job-binaries:get")
|
||||
@v.check_exists(api.get_job_binary, 'job_binary_id')
|
||||
def job_binary_get(job_binary_id):
|
||||
return u.render(api.get_job_binary(job_binary_id).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.delete('/job-binaries/<job_binary_id>')
|
||||
@acl.enforce("job-binaries:delete")
|
||||
@acl.enforce("data-processing:job-binaries:delete")
|
||||
@v.check_exists(api.get_job_binary, id='job_binary_id')
|
||||
def job_binary_delete(job_binary_id):
|
||||
api.delete_job_binary(job_binary_id)
|
||||
@ -193,7 +193,7 @@ def job_binary_delete(job_binary_id):
|
||||
|
||||
|
||||
@rest.get('/job-binaries/<job_binary_id>/data')
|
||||
@acl.enforce("job-binaries:get_data")
|
||||
@acl.enforce("data-processing:job-binaries:get_data")
|
||||
@v.check_exists(api.get_job_binary, 'job_binary_id')
|
||||
def job_binary_data(job_binary_id):
|
||||
data = api.get_job_binary_data(job_binary_id)
|
||||
@ -205,14 +205,14 @@ def job_binary_data(job_binary_id):
|
||||
# Job binary internals ops
|
||||
|
||||
@rest.put_file('/job-binary-internals/<name>')
|
||||
@acl.enforce("job-binary-internals:create")
|
||||
@acl.enforce("data-processing:job-binary-internals:create")
|
||||
@v.validate(None, v_j_b_i.check_job_binary_internal)
|
||||
def job_binary_internal_create(**values):
|
||||
return u.render(api.create_job_binary_internal(values).to_wrapped_dict())
|
||||
|
||||
|
||||
@rest.get('/job-binary-internals')
|
||||
@acl.enforce("job-binary-internals:get_all")
|
||||
@acl.enforce("data-processing:job-binary-internals:get_all")
|
||||
def job_binary_internal_list():
|
||||
return u.render(binaries=[j.to_dict() for j in
|
||||
api.get_job_binary_internals(
|
||||
@ -220,7 +220,7 @@ def job_binary_internal_list():
|
||||
|
||||
|
||||
@rest.get('/job-binary-internals/<job_binary_internal_id>')
|
||||
@acl.enforce("job-binary-internals:get")
|
||||
@acl.enforce("data-processing:job-binary-internals:get")
|
||||
@v.check_exists(api.get_job_binary_internal, 'job_binary_internal_id')
|
||||
def job_binary_internal_get(job_binary_internal_id):
|
||||
return u.render(api.get_job_binary_internal(job_binary_internal_id
|
||||
@ -228,7 +228,7 @@ def job_binary_internal_get(job_binary_internal_id):
|
||||
|
||||
|
||||
@rest.delete('/job-binary-internals/<job_binary_internal_id>')
|
||||
@acl.enforce("job-binary-internals:delete")
|
||||
@acl.enforce("data-processing:job-binary-internals:delete")
|
||||
@v.check_exists(api.get_job_binary_internal, 'job_binary_internal_id')
|
||||
def job_binary_internal_delete(job_binary_internal_id):
|
||||
api.delete_job_binary_internal(job_binary_internal_id)
|
||||
@ -236,7 +236,7 @@ def job_binary_internal_delete(job_binary_internal_id):
|
||||
|
||||
|
||||
@rest.get('/job-binary-internals/<job_binary_internal_id>/data')
|
||||
@acl.enforce("job-binary-internals:get_data")
|
||||
@acl.enforce("data-processing:job-binary-internals:get_data")
|
||||
@v.check_exists(api.get_job_binary_internal, 'job_binary_internal_id')
|
||||
def job_binary_internal_data(job_binary_internal_id):
|
||||
return api.get_job_binary_internal_data(job_binary_internal_id)
|
||||
|
@ -28,21 +28,21 @@ class TestAcl(base.SaharaTestCase):
|
||||
acl.ENFORCER.set_rules(rules, use_conf=False)
|
||||
|
||||
def test_policy_allow(self):
|
||||
@acl.enforce("clusters:get_all")
|
||||
@acl.enforce("data-processing:clusters:get_all")
|
||||
def test():
|
||||
pass
|
||||
|
||||
json = '{"clusters:get_all": ""}'
|
||||
json = '{"data-processing:clusters:get_all": ""}'
|
||||
self._set_policy(json)
|
||||
|
||||
test()
|
||||
|
||||
def test_policy_deny(self):
|
||||
@acl.enforce("clusters:get_all")
|
||||
@acl.enforce("data-processing:clusters:get_all")
|
||||
def test():
|
||||
pass
|
||||
|
||||
json = '{"clusters:get_all": "!"}'
|
||||
json = '{"data-processing:clusters:get_all": "!"}'
|
||||
self._set_policy(json)
|
||||
|
||||
self.assertRaises(ex.Forbidden, test)
|
||||
|
Loading…
Reference in New Issue
Block a user