Policy in code[11]

Add policy for trigger Partially Implements: blueprint policy-in-code Change-Id: Ice7b634ecd62cac9f6a6a12b5d3aa91719a8860a
2018-01-10 14:33:15 +08:00 · 2018-01-10 14:33:15 +08:00 · 59c00c6adc
parent 4047d4193e
commit 59c00c6adc
4 changed files with 46 additions and 0 deletions
--- a/solum/api/controllers/v1/trigger.py
+++ b/solum/api/controllers/v1/trigger.py
@ -21,6 +21,7 @@ from six.moves import urllib

 from solum.api.handlers import app_handler
 from solum.common import exception
+from solum.common import policy

 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
@ -75,6 +76,8 @@ class TriggerController(rest.RestController):
    @pecan.expose()
    def post(self, trigger_id):
        """Trigger a new event on Solum."""
+        policy.check('create_trigger',
+                     pecan.request.security_context)
        commit_sha = ''
        status_url = None
        collab_url = None
--- a/solum/common/policies/init.py
+++ b/solum/common/policies/init.py
@ -25,6 +25,7 @@ from solum.common.policies import pipeline
 from solum.common.policies import plan
 from solum.common.policies import sensor
 from solum.common.policies import service
+from solum.common.policies import trigger


 def list_rules():
@ -39,4 +40,5 @@ def list_rules():
        plan.list_rules(),
        sensor.list_rules(),
        service.list_rules(),
+        trigger.list_rules(),
    )
--- a/solum/common/policies/trigger.py
+++ b/solum/common/policies/trigger.py
@ -0,0 +1,31 @@
+# Copyright 2018 ZTE Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from solum.common.policies import base
+
+trigger_policies = [
+    policy.DocumentedRuleDefault(
+        name='create_trigger',
+        check_str=base.RULE_DEFAULT,
+        description='Trigger a new event on Solum.',
+        operations=[{'path': '/v1/triggers',
+                     'method': 'POST'}])
+]
+
+
+def list_rules():
+    return trigger_policies
--- a/solum/tests/api/controllers/v1/test_trigger.py
+++ b/solum/tests/api/controllers/v1/test_trigger.py
@ -102,6 +102,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_with_empty_body(self, assem_mock,
                                          resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        obj = trigger.TriggerController()
        obj.post('test_id')
        self.assertEqual(400, resp_mock.status)
@ -110,6 +111,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_on_github_webhook(self, assem_mock,
                                            resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        body_dict = {'sender': {'url': 'https://api.github.com'},
                     'action': 'opened',
@ -127,6 +129,7 @@ class TestTriggerController(base.BaseTestCase):
    def test_trigger_post_on_github_comment_webhook(self,
                                                    assem_mock, resp_mock,
                                                    request_mock):
+        self.policy({'create_trigger': '@'})
        cfg.CONF.api.rebuild_phrase = "solum retry tests"
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        collab_url = ('https://api.github.com/repos/u/r/' +
@ -152,6 +155,7 @@ class TestTriggerController(base.BaseTestCase):
    def test_trigger_post_on_mismatch_comment_pub_repo(self, http_mock,
                                                       assem_mock, resp_mock,
                                                       request_mock):
+        self.policy({'create_trigger': '@'})
        cfg.CONF.api.rebuild_phrase = "solum retry tests"
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        collab_url = ('https://api.github.com/repos/u/r/' +
@ -176,6 +180,7 @@ class TestTriggerController(base.BaseTestCase):
    def test_trigger_post_on_valid_comment_pub_repo(self, http_mock,
                                                    assem_mock, resp_mock,
                                                    request_mock):
+        self.policy({'create_trigger': '@'})
        cfg.CONF.api.rebuild_phrase = "solum retry tests"
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        collab_url = ('https://api.github.com/repos/u/r/' +
@ -202,6 +207,7 @@ class TestTriggerController(base.BaseTestCase):
    def test_trigger_post_on_comment_missing_login(self,
                                                   assem_mock, resp_mock,
                                                   request_mock):
+        self.policy({'create_trigger': '@'})
        cfg.CONF.api.rebuild_phrase = "solum retry tests"
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        collab_url = ('https://api.github.com/repos/u/r/' +
@ -222,6 +228,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_on_wrong_github_webhook(self, assem_mock,
                                                  resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        status_url = 'https://api.github.com/repos/u/r/statuses/{sha}'
        body_dict = {'sender': {'url': 'https://api.github.com'},
                     'pull_request': {'head': {'sha': 'asdf'}},
@ -235,6 +242,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_on_unknown_git_webhook(self, assem_mock,
                                                 resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        body_dict = {"pull_request": {"head": {"sha": "asdf"}}}
        request_mock.body = json.dumps(body_dict)
        obj = trigger.TriggerController()
@ -245,6 +253,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_on_non_github_webhook(self, assem_mock,
                                                resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        body_dict = {"sender": {"url": "https://non-github.com"},
                     "pull_request": {"head": {"sha": "asdf"}}}
        request_mock.body = json.dumps(body_dict)
@ -256,6 +265,7 @@ class TestTriggerController(base.BaseTestCase):

    def test_trigger_post_on_github_ping_webhook(self, assem_mock,
                                                 resp_mock, request_mock):
+        self.policy({'create_trigger': '@'})
        body_dict = {"sender": {"url": "https://api.github.com"},
                     "zen": "Keep it logically awesome."}
        request_mock.body = json.dumps(body_dict)