Policy in code[10]
Add policy for extension Partially Implements: blueprint policy-in-code Change-Id: I8a4dc2e1c634bc531e769418eb2b4cde44bae4ee
This commit is contained in:
parent
edaafde320
commit
4047d4193e
@ -18,6 +18,7 @@ import wsmeext.pecan as wsme_pecan
|
|||||||
from solum.api.controllers.v1.datamodel import extension
|
from solum.api.controllers.v1.datamodel import extension
|
||||||
from solum.api.handlers import extension_handler
|
from solum.api.handlers import extension_handler
|
||||||
from solum.common import exception
|
from solum.common import exception
|
||||||
|
from solum.common import policy
|
||||||
from solum import objects
|
from solum import objects
|
||||||
|
|
||||||
|
|
||||||
@ -31,6 +32,8 @@ class ExtensionController(rest.RestController):
|
|||||||
@wsme_pecan.wsexpose(extension.Extension, wtypes.text)
|
@wsme_pecan.wsexpose(extension.Extension, wtypes.text)
|
||||||
def get(self):
|
def get(self):
|
||||||
"""Return this extension."""
|
"""Return this extension."""
|
||||||
|
policy.check('show_extension',
|
||||||
|
pecan.request.security_context)
|
||||||
handler = extension_handler.ExtensionHandler(
|
handler = extension_handler.ExtensionHandler(
|
||||||
pecan.request.security_context)
|
pecan.request.security_context)
|
||||||
return extension.Extension.from_db_model(handler.get(self._id),
|
return extension.Extension.from_db_model(handler.get(self._id),
|
||||||
@ -41,6 +44,8 @@ class ExtensionController(rest.RestController):
|
|||||||
body=extension.Extension)
|
body=extension.Extension)
|
||||||
def put(self, data):
|
def put(self, data):
|
||||||
"""Modify this extension."""
|
"""Modify this extension."""
|
||||||
|
policy.check('update_extension',
|
||||||
|
pecan.request.security_context)
|
||||||
handler = extension_handler.ExtensionHandler(
|
handler = extension_handler.ExtensionHandler(
|
||||||
pecan.request.security_context)
|
pecan.request.security_context)
|
||||||
obj = handler.update(self._id,
|
obj = handler.update(self._id,
|
||||||
@ -51,6 +56,8 @@ class ExtensionController(rest.RestController):
|
|||||||
@wsme_pecan.wsexpose(None, wtypes.text, status_code=204)
|
@wsme_pecan.wsexpose(None, wtypes.text, status_code=204)
|
||||||
def delete(self):
|
def delete(self):
|
||||||
"""Delete this extension."""
|
"""Delete this extension."""
|
||||||
|
policy.check('delete_extension',
|
||||||
|
pecan.request.security_context)
|
||||||
handler = extension_handler.ExtensionHandler(
|
handler = extension_handler.ExtensionHandler(
|
||||||
pecan.request.security_context)
|
pecan.request.security_context)
|
||||||
handler.delete(self._id)
|
handler.delete(self._id)
|
||||||
@ -71,6 +78,8 @@ class ExtensionsController(rest.RestController):
|
|||||||
status_code=201)
|
status_code=201)
|
||||||
def post(self, data):
|
def post(self, data):
|
||||||
"""Create a new extension."""
|
"""Create a new extension."""
|
||||||
|
policy.check('create_extension',
|
||||||
|
pecan.request.security_context)
|
||||||
handler = extension_handler.ExtensionHandler(
|
handler = extension_handler.ExtensionHandler(
|
||||||
pecan.request.security_context)
|
pecan.request.security_context)
|
||||||
obj = handler.create(data.as_dict(objects.registry.Extension))
|
obj = handler.create(data.as_dict(objects.registry.Extension))
|
||||||
@ -80,6 +89,8 @@ class ExtensionsController(rest.RestController):
|
|||||||
@wsme_pecan.wsexpose([extension.Extension])
|
@wsme_pecan.wsexpose([extension.Extension])
|
||||||
def get_all(self):
|
def get_all(self):
|
||||||
"""Return all extensions, based on the query provided."""
|
"""Return all extensions, based on the query provided."""
|
||||||
|
policy.check('get_extensions',
|
||||||
|
pecan.request.security_context)
|
||||||
handler = extension_handler.ExtensionHandler(
|
handler = extension_handler.ExtensionHandler(
|
||||||
pecan.request.security_context)
|
pecan.request.security_context)
|
||||||
return [extension.Extension.from_db_model(obj, pecan.request.host_url)
|
return [extension.Extension.from_db_model(obj, pecan.request.host_url)
|
||||||
|
@ -18,6 +18,7 @@ import itertools
|
|||||||
from solum.common.policies import assembly
|
from solum.common.policies import assembly
|
||||||
from solum.common.policies import base
|
from solum.common.policies import base
|
||||||
from solum.common.policies import component
|
from solum.common.policies import component
|
||||||
|
from solum.common.policies import extension
|
||||||
from solum.common.policies import languagepack
|
from solum.common.policies import languagepack
|
||||||
from solum.common.policies import operation
|
from solum.common.policies import operation
|
||||||
from solum.common.policies import pipeline
|
from solum.common.policies import pipeline
|
||||||
@ -31,6 +32,7 @@ def list_rules():
|
|||||||
assembly.list_rules(),
|
assembly.list_rules(),
|
||||||
base.list_rules(),
|
base.list_rules(),
|
||||||
component.list_rules(),
|
component.list_rules(),
|
||||||
|
extension.list_rules(),
|
||||||
languagepack.list_rules(),
|
languagepack.list_rules(),
|
||||||
operation.list_rules(),
|
operation.list_rules(),
|
||||||
pipeline.list_rules(),
|
pipeline.list_rules(),
|
||||||
|
55
solum/common/policies/extension.py
Normal file
55
solum/common/policies/extension.py
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
# Copyright 2018 ZTE Corporation.
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from oslo_policy import policy
|
||||||
|
|
||||||
|
from solum.common.policies import base
|
||||||
|
|
||||||
|
extension_policies = [
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name='get_extensions',
|
||||||
|
check_str=base.RULE_DEFAULT,
|
||||||
|
description='Return all extensions, based on the query provided.',
|
||||||
|
operations=[{'path': '/v1/extensions',
|
||||||
|
'method': 'GET'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name='show_extension',
|
||||||
|
check_str=base.RULE_DEFAULT,
|
||||||
|
description='Return a extension.',
|
||||||
|
operations=[{'path': '/v1/extensions/{extension_id}',
|
||||||
|
'method': 'GET'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name='update_extension',
|
||||||
|
check_str=base.RULE_DEFAULT,
|
||||||
|
description='Modify this extension.',
|
||||||
|
operations=[{'path': '/v1/extensions/{extension_id}',
|
||||||
|
'method': 'PUT'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name='create_extension',
|
||||||
|
check_str=base.RULE_DEFAULT,
|
||||||
|
description='Create a new extension.',
|
||||||
|
operations=[{'path': '/v1/extensions',
|
||||||
|
'method': 'POST'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
name='delete_extension',
|
||||||
|
check_str=base.RULE_DEFAULT,
|
||||||
|
description='Delete a extension.',
|
||||||
|
operations=[{'path': '/v1/extensions/{extension_id}',
|
||||||
|
'method': 'DELETE'}])
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def list_rules():
|
||||||
|
return extension_policies
|
@ -34,6 +34,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
objects.load()
|
objects.load()
|
||||||
|
|
||||||
def test_extension_get(self, handler_mock, resp_mock, request_mock):
|
def test_extension_get(self, handler_mock, resp_mock, request_mock):
|
||||||
|
self.policy({'show_extension': '@'})
|
||||||
handler_get = handler_mock.return_value.get
|
handler_get = handler_mock.return_value.get
|
||||||
fake_extension = fakes.FakeExtension()
|
fake_extension = fakes.FakeExtension()
|
||||||
handler_get.return_value = fake_extension
|
handler_get.return_value = fake_extension
|
||||||
@ -55,6 +56,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
|
|
||||||
def test_extension_get_not_found(self, handler_mock, resp_mock,
|
def test_extension_get_not_found(self, handler_mock, resp_mock,
|
||||||
request_mock):
|
request_mock):
|
||||||
|
self.policy({'show_extension': '@'})
|
||||||
handler_get = handler_mock.return_value.get
|
handler_get = handler_mock.return_value.get
|
||||||
handler_get.side_effect = exception.ResourceNotFound(
|
handler_get.side_effect = exception.ResourceNotFound(
|
||||||
name='extension', extension_id='test_id')
|
name='extension', extension_id='test_id')
|
||||||
@ -64,6 +66,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
handler_get.assert_called_once_with('test_id')
|
handler_get.assert_called_once_with('test_id')
|
||||||
|
|
||||||
def test_extension_put(self, handler_mock, resp_mock, request_mock):
|
def test_extension_put(self, handler_mock, resp_mock, request_mock):
|
||||||
|
self.policy({'update_extension': '@'})
|
||||||
json_update = {'description': 'foo_updated',
|
json_update = {'description': 'foo_updated',
|
||||||
'user_id': 'user_id_changed',
|
'user_id': 'user_id_changed',
|
||||||
'project_id': 'project_id_changed',
|
'project_id': 'project_id_changed',
|
||||||
@ -79,6 +82,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
handler_update.assert_called_once_with('test_id', json_update)
|
handler_update.assert_called_once_with('test_id', json_update)
|
||||||
|
|
||||||
def test_extension_put_none(self, handler_mock, resp_mock, request_mock):
|
def test_extension_put_none(self, handler_mock, resp_mock, request_mock):
|
||||||
|
self.policy({'update_extension': '@'})
|
||||||
request_mock.body = None
|
request_mock.body = None
|
||||||
request_mock.content_type = 'application/json'
|
request_mock.content_type = 'application/json'
|
||||||
handler_put = handler_mock.return_value.put
|
handler_put = handler_mock.return_value.put
|
||||||
@ -88,6 +92,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
|
|
||||||
def test_extension_put_not_found(self, handler_mock, resp_mock,
|
def test_extension_put_not_found(self, handler_mock, resp_mock,
|
||||||
request_mock):
|
request_mock):
|
||||||
|
self.policy({'update_extension': '@'})
|
||||||
json_update = {'name': 'test_not_found'}
|
json_update = {'name': 'test_not_found'}
|
||||||
request_mock.body = json.dumps(json_update)
|
request_mock.body = json.dumps(json_update)
|
||||||
request_mock.content_type = 'application/json'
|
request_mock.content_type = 'application/json'
|
||||||
@ -99,6 +104,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
self.assertEqual(404, resp_mock.status)
|
self.assertEqual(404, resp_mock.status)
|
||||||
|
|
||||||
def test_extension_delete(self, mock_handler, resp_mock, request_mock):
|
def test_extension_delete(self, mock_handler, resp_mock, request_mock):
|
||||||
|
self.policy({'delete_extension': '@'})
|
||||||
handler_delete = mock_handler.return_value.delete
|
handler_delete = mock_handler.return_value.delete
|
||||||
handler_delete.return_value = None
|
handler_delete.return_value = None
|
||||||
obj = controller.ExtensionController('test_id')
|
obj = controller.ExtensionController('test_id')
|
||||||
@ -108,6 +114,7 @@ class TestExtensionController(base.BaseTestCase):
|
|||||||
|
|
||||||
def test_extension_delete_not_found(self, mock_handler, resp_mock,
|
def test_extension_delete_not_found(self, mock_handler, resp_mock,
|
||||||
request_mock):
|
request_mock):
|
||||||
|
self.policy({'delete_extension': '@'})
|
||||||
handler_delete = mock_handler.return_value.delete
|
handler_delete = mock_handler.return_value.delete
|
||||||
handler_delete.side_effect = exception.ResourceNotFound(
|
handler_delete.side_effect = exception.ResourceNotFound(
|
||||||
name='extension', extension_id='test_id')
|
name='extension', extension_id='test_id')
|
||||||
@ -127,6 +134,7 @@ class TestExtensionsController(base.BaseTestCase):
|
|||||||
objects.load()
|
objects.load()
|
||||||
|
|
||||||
def test_extensions_get_all(self, handler_mock, resp_mock, request_mock):
|
def test_extensions_get_all(self, handler_mock, resp_mock, request_mock):
|
||||||
|
self.policy({'get_extensions': '@'})
|
||||||
hand_get_all = handler_mock.return_value.get_all
|
hand_get_all = handler_mock.return_value.get_all
|
||||||
fake_extension = fakes.FakeExtension()
|
fake_extension = fakes.FakeExtension()
|
||||||
hand_get_all.return_value = [fake_extension]
|
hand_get_all.return_value = [fake_extension]
|
||||||
@ -146,6 +154,7 @@ class TestExtensionsController(base.BaseTestCase):
|
|||||||
self.assertEqual(200, resp_mock.status)
|
self.assertEqual(200, resp_mock.status)
|
||||||
|
|
||||||
def test_extensions_post(self, handler_mock, resp_mock, request_mock):
|
def test_extensions_post(self, handler_mock, resp_mock, request_mock):
|
||||||
|
self.policy({'create_extension': '@'})
|
||||||
json_update = {'name': 'foo',
|
json_update = {'name': 'foo',
|
||||||
'description': 'foofoo',
|
'description': 'foofoo',
|
||||||
'user_id': 'user_id_test',
|
'user_id': 'user_id_test',
|
||||||
@ -162,6 +171,7 @@ class TestExtensionsController(base.BaseTestCase):
|
|||||||
|
|
||||||
def test_extensions_post_nodata(self, handler_mock,
|
def test_extensions_post_nodata(self, handler_mock,
|
||||||
resp_mock, request_mock):
|
resp_mock, request_mock):
|
||||||
|
self.policy({'create_extension': '@'})
|
||||||
request_mock.body = ''
|
request_mock.body = ''
|
||||||
request_mock.content_type = 'application/json'
|
request_mock.content_type = 'application/json'
|
||||||
handler_create = handler_mock.return_value.create
|
handler_create = handler_mock.return_value.create
|
||||||
|
Loading…
Reference in New Issue
Block a user