Policy in code[9]

Add policy for component

Partially Implements: blueprint policy-in-code

Change-Id: I622a8a447cb843e86d1874cc35cb5209cbcdd038

solum/api/controllers/v1/component.py

@@ -17,6 +17,7 @@ import wsmeext.pecan as wsme_pecan
 from solum.api.controllers.v1.datamodel import component
 from solum.api.handlers import component_handler
 from solum.common import exception
+from solum.common import policy
 from solum import objects
 
 
@@ -31,6 +32,8 @@ class ComponentController(rest.RestController):
     @wsme_pecan.wsexpose(component.Component)
     def get(self):
         """Return this component."""
+        policy.check('show_component',
+                     pecan.request.security_context)
         handler = component_handler.ComponentHandler(
             pecan.request.security_context)
         return component.Component.from_db_model(handler.get(self._id),
@@ -40,6 +43,8 @@ class ComponentController(rest.RestController):
     @wsme_pecan.wsexpose(component.Component, body=component.Component)
     def put(self, data):
         """Modify this component."""
+        policy.check('update_component',
+                     pecan.request.security_context)
         handler = component_handler.ComponentHandler(
             pecan.request.security_context)
         res = handler.update(self._id,
@@ -50,6 +55,8 @@ class ComponentController(rest.RestController):
     @wsme_pecan.wsexpose(None, status_code=204)
     def delete(self):
         """Delete this component."""
+        policy.check('delete_component',
+                     pecan.request.security_context)
         handler = component_handler.ComponentHandler(
             pecan.request.security_context)
         return handler.delete(self._id)
@@ -69,6 +76,8 @@ class ComponentsController(rest.RestController):
                          status_code=201)
     def post(self, data):
         """Create a new component."""
+        policy.check('create_component',
+                     pecan.request.security_context)
         handler = component_handler.ComponentHandler(
             pecan.request.security_context)
         return component.Component.from_db_model(
@@ -79,6 +88,8 @@ class ComponentsController(rest.RestController):
     @wsme_pecan.wsexpose([component.Component])
     def get_all(self):
         """Return all components, based on the query provided."""
+        policy.check('get_components',
+                     pecan.request.security_context)
         handler = component_handler.ComponentHandler(
             pecan.request.security_context)
         return [component.Component.from_db_model(ser, pecan.request.host_url)

solum/common/policies/__init__.py

@@ -17,6 +17,7 @@ import itertools
 
 from solum.common.policies import assembly
 from solum.common.policies import base
+from solum.common.policies import component
 from solum.common.policies import languagepack
 from solum.common.policies import operation
 from solum.common.policies import pipeline
@@ -29,6 +30,7 @@ def list_rules():
     return itertools.chain(
         assembly.list_rules(),
         base.list_rules(),
+        component.list_rules(),
         languagepack.list_rules(),
         operation.list_rules(),
         pipeline.list_rules(),

solum/common/policies/component.py

@@ -0,0 +1,55 @@
+# Copyright 2018 ZTE Corporation.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from solum.common.policies import base
+
+component_policies = [
+    policy.DocumentedRuleDefault(
+        name='get_components',
+        check_str=base.RULE_DEFAULT,
+        description='Return all components, based on the query provided.',
+        operations=[{'path': '/v1/components',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
+        name='show_component',
+        check_str=base.RULE_DEFAULT,
+        description='Return a component.',
+        operations=[{'path': '/v1/components/{component_id}',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
+        name='update_component',
+        check_str=base.RULE_DEFAULT,
+        description='Modify this component.',
+        operations=[{'path': '/v1/components/{component_id}',
+                     'method': 'PUT'}]),
+    policy.DocumentedRuleDefault(
+        name='create_component',
+        check_str=base.RULE_DEFAULT,
+        description='Create a new component.',
+        operations=[{'path': '/v1/components',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
+        name='delete_component',
+        check_str=base.RULE_DEFAULT,
+        description='Delete a component.',
+        operations=[{'path': '/v1/components/{component_id}',
+                     'method': 'DELETE'}])
+]
+
+
+def list_rules():
+    return component_policies

solum/tests/api/controllers/v1/test_component.py

@@ -33,6 +33,7 @@ class TestComponentController(base.BaseTestCase):
         objects.load()
 
     def test_component_get(self, ComponentHandler, resp_mock, request_mock):
+        self.policy({'show_component': '@'})
         hand_get = ComponentHandler.return_value.get
         fake_component = fakes.FakeComponent()
         hand_get.return_value = fake_component
@@ -47,6 +48,7 @@ class TestComponentController(base.BaseTestCase):
 
     def test_component_get_not_found(self, ComponentHandler,
                                      resp_mock, request_mock):
+        self.policy({'show_component': '@'})
         hand_get = ComponentHandler.return_value.get
         hand_get.side_effect = exception.ResourceNotFound(
             name='component', component_id='test_id')
@@ -57,6 +59,7 @@ class TestComponentController(base.BaseTestCase):
 
     def test_component_put_none(self, ComponentHandler,
                                 resp_mock, request_mock):
+        self.policy({'update_component': '@'})
         request_mock.body = None
         request_mock.content_type = 'application/json'
         hand_put = ComponentHandler.return_value.put
@@ -66,6 +69,7 @@ class TestComponentController(base.BaseTestCase):
 
     def test_component_put_not_found(self, ComponentHandler,
                                      resp_mock, request_mock):
+        self.policy({'update_component': '@'})
         json_update = {'user_id': 'foo', 'name': 'appy'}
         request_mock.body = json.dumps(json_update)
         request_mock.content_type = 'application/json'
@@ -77,6 +81,7 @@ class TestComponentController(base.BaseTestCase):
         self.assertEqual(404, resp_mock.status)
 
     def test_component_put_ok(self, ComponentHandler, resp_mock, request_mock):
+        self.policy({'update_component': '@'})
         json_update = {'name': 'update_foo',
                        'description': 'update_desc_component',
                        'user_id': 'user_id_test',
@@ -91,6 +96,7 @@ class TestComponentController(base.BaseTestCase):
 
     def test_component_delete_not_found(self, ComponentHandler,
                                         resp_mock, request_mock):
+        self.policy({'delete_component': '@'})
         hand_delete = ComponentHandler.return_value.delete
         hand_delete.side_effect = exception.ResourceNotFound(
             name='component', component_id='test_id')
@@ -101,6 +107,7 @@ class TestComponentController(base.BaseTestCase):
 
     def test_component_delete_ok(self, ComponentHandler,
                                  resp_mock, request_mock):
+        self.policy({'delete_component': '@'})
         hand_delete = ComponentHandler.return_value.delete
         hand_delete.return_value = None
         obj = component.ComponentController('test_id')
@@ -118,6 +125,7 @@ class TestComponentsController(base.BaseTestCase):
         objects.load()
 
     def test_components_get_all(self, handler_mock, resp_mock, request_mock):
+        self.policy({'get_components': '@'})
         hand_get_all = handler_mock.return_value.get_all
         fake_component = fakes.FakeComponent()
         hand_get_all.return_value = [fake_component]
@@ -131,6 +139,7 @@ class TestComponentsController(base.BaseTestCase):
         self.assertEqual(200, resp_mock.status)
 
     def test_components_post(self, handler_mock, resp_mock, request_mock):
+        self.policy({'create_component': '@'})
         json_create = {'name': 'foo',
                        'description': 'test_desc_component',
                        'user_id': 'user_id_test',
@@ -146,6 +155,7 @@ class TestComponentsController(base.BaseTestCase):
 
     def test_components_post_nodata(self, handler_mock,
                                     resp_mock, request_mock):
+        self.policy({'create_component': '@'})
         request_mock.body = ''
         request_mock.content_type = 'application/json'
         handler_create = handler_mock.return_value.create