Clean up API policy decorators

The decorators for unregistered policies were needed only during the migration to policy in code. Remove the unused ones and simplify those remaining. Change-Id: Ic53fcc62db46863c6a2b00cbc7e32250a7d6e16f
2019-10-25 00:48:19 -04:00 · 2019-10-25 00:48:19 -04:00 · 4d26be471e
parent 1457dc99a9
commit 4d26be471e
2 changed files with 7 additions and 33 deletions
--- a/heat/api/openstack/v1/util.py
+++ b/heat/api/openstack/v1/util.py
@ -19,17 +19,6 @@ from heat.common.i18n import _
 from heat.common import identifier


-def policy_enforce(handler):
-    """Decorator that enforces policies.
-
-    Checks the path matches the request context and enforce policy defined in
-    policy.json or in policies.
-
-    This is a handler method decorator.
-    """
-    return _policy_enforce(handler)
-
-
 def registered_policy_enforce(handler):
    """Decorator that enforces policies.

@ -38,10 +27,6 @@ def registered_policy_enforce(handler):

    This is a handler method decorator.
    """
-    return _policy_enforce(handler, is_registered_policy=True)
-
-
-def _policy_enforce(handler, is_registered_policy=False):
    @functools.wraps(handler)
    def handle_stack_method(controller, req, tenant_id, **kwargs):
        if req.context.tenant_id != tenant_id and not req.context.is_admin:
@ -50,7 +35,7 @@ def _policy_enforce(handler, is_registered_policy=False):
            context=req.context,
            action=handler.__name__,
            scope=controller.REQUEST_SCOPE,
-            is_registered_policy=is_registered_policy)
+            is_registered_policy=True)
        if not allowed:
            raise exc.HTTPForbidden()
        return handler(controller, req, **kwargs)
@ -58,26 +43,16 @@ def _policy_enforce(handler, is_registered_policy=False):
    return handle_stack_method


-def identified_stack(handler):
-    """Decorator that passes a stack identifier instead of path components.
-
-    This is a handler method decorator.
-    """
-
-    return _identified_stack(handler)
-
-
 def registered_identified_stack(handler):
    """Decorator that passes a stack identifier instead of path components.

-    This is a handler method decorator.
+    This is a handler method decorator. Policy is enforced using a registered
+    policy name.
    """
-
-    return _identified_stack(handler, is_registered_policy=True)
+    return registered_policy_enforce(_identified_stack(handler))


-def _identified_stack(handler, is_registered_policy=False):
-
+def _identified_stack(handler):
    @functools.wraps(handler)
    def handle_stack_method(controller, req, stack_name, stack_id, **kwargs):
        stack_identity = identifier.HeatIdentifier(req.context.tenant_id,
@ -85,8 +60,7 @@ def _identified_stack(handler, is_registered_policy=False):
                                                   stack_id)
        return handler(controller, req, dict(stack_identity), **kwargs)

-    return _policy_enforce(handle_stack_method,
-                           is_registered_policy=is_registered_policy)
+    return handle_stack_method


 def make_url(req, identity):
--- a/heat/tests/api/openstack_v1/test_util.py
+++ b/heat/tests/api/openstack_v1/test_util.py
@ -93,7 +93,7 @@ class TestPolicyEnforce(common.HeatTestCase):
        class DummyController(object):
            REQUEST_SCOPE = 'test'

-            @util.policy_enforce
+            @util.registered_policy_enforce
            def an_action(self, req):
                return 'woot'