Policy in code[9]
Add policy for component Partially Implements: blueprint policy-in-code Change-Id: I622a8a447cb843e86d1874cc35cb5209cbcdd038
This commit is contained in:
parent
b4bd63deee
commit
edaafde320
@ -17,6 +17,7 @@ import wsmeext.pecan as wsme_pecan
|
||||
from solum.api.controllers.v1.datamodel import component
|
||||
from solum.api.handlers import component_handler
|
||||
from solum.common import exception
|
||||
from solum.common import policy
|
||||
from solum import objects
|
||||
|
||||
|
||||
@ -31,6 +32,8 @@ class ComponentController(rest.RestController):
|
||||
@wsme_pecan.wsexpose(component.Component)
|
||||
def get(self):
|
||||
"""Return this component."""
|
||||
policy.check('show_component',
|
||||
pecan.request.security_context)
|
||||
handler = component_handler.ComponentHandler(
|
||||
pecan.request.security_context)
|
||||
return component.Component.from_db_model(handler.get(self._id),
|
||||
@ -40,6 +43,8 @@ class ComponentController(rest.RestController):
|
||||
@wsme_pecan.wsexpose(component.Component, body=component.Component)
|
||||
def put(self, data):
|
||||
"""Modify this component."""
|
||||
policy.check('update_component',
|
||||
pecan.request.security_context)
|
||||
handler = component_handler.ComponentHandler(
|
||||
pecan.request.security_context)
|
||||
res = handler.update(self._id,
|
||||
@ -50,6 +55,8 @@ class ComponentController(rest.RestController):
|
||||
@wsme_pecan.wsexpose(None, status_code=204)
|
||||
def delete(self):
|
||||
"""Delete this component."""
|
||||
policy.check('delete_component',
|
||||
pecan.request.security_context)
|
||||
handler = component_handler.ComponentHandler(
|
||||
pecan.request.security_context)
|
||||
return handler.delete(self._id)
|
||||
@ -69,6 +76,8 @@ class ComponentsController(rest.RestController):
|
||||
status_code=201)
|
||||
def post(self, data):
|
||||
"""Create a new component."""
|
||||
policy.check('create_component',
|
||||
pecan.request.security_context)
|
||||
handler = component_handler.ComponentHandler(
|
||||
pecan.request.security_context)
|
||||
return component.Component.from_db_model(
|
||||
@ -79,6 +88,8 @@ class ComponentsController(rest.RestController):
|
||||
@wsme_pecan.wsexpose([component.Component])
|
||||
def get_all(self):
|
||||
"""Return all components, based on the query provided."""
|
||||
policy.check('get_components',
|
||||
pecan.request.security_context)
|
||||
handler = component_handler.ComponentHandler(
|
||||
pecan.request.security_context)
|
||||
return [component.Component.from_db_model(ser, pecan.request.host_url)
|
||||
|
@ -17,6 +17,7 @@ import itertools
|
||||
|
||||
from solum.common.policies import assembly
|
||||
from solum.common.policies import base
|
||||
from solum.common.policies import component
|
||||
from solum.common.policies import languagepack
|
||||
from solum.common.policies import operation
|
||||
from solum.common.policies import pipeline
|
||||
@ -29,6 +30,7 @@ def list_rules():
|
||||
return itertools.chain(
|
||||
assembly.list_rules(),
|
||||
base.list_rules(),
|
||||
component.list_rules(),
|
||||
languagepack.list_rules(),
|
||||
operation.list_rules(),
|
||||
pipeline.list_rules(),
|
||||
|
55
solum/common/policies/component.py
Normal file
55
solum/common/policies/component.py
Normal file
@ -0,0 +1,55 @@
|
||||
# Copyright 2018 ZTE Corporation.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from oslo_policy import policy
|
||||
|
||||
from solum.common.policies import base
|
||||
|
||||
component_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='get_components',
|
||||
check_str=base.RULE_DEFAULT,
|
||||
description='Return all components, based on the query provided.',
|
||||
operations=[{'path': '/v1/components',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='show_component',
|
||||
check_str=base.RULE_DEFAULT,
|
||||
description='Return a component.',
|
||||
operations=[{'path': '/v1/components/{component_id}',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='update_component',
|
||||
check_str=base.RULE_DEFAULT,
|
||||
description='Modify this component.',
|
||||
operations=[{'path': '/v1/components/{component_id}',
|
||||
'method': 'PUT'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_component',
|
||||
check_str=base.RULE_DEFAULT,
|
||||
description='Create a new component.',
|
||||
operations=[{'path': '/v1/components',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='delete_component',
|
||||
check_str=base.RULE_DEFAULT,
|
||||
description='Delete a component.',
|
||||
operations=[{'path': '/v1/components/{component_id}',
|
||||
'method': 'DELETE'}])
|
||||
]
|
||||
|
||||
|
||||
def list_rules():
|
||||
return component_policies
|
@ -33,6 +33,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
objects.load()
|
||||
|
||||
def test_component_get(self, ComponentHandler, resp_mock, request_mock):
|
||||
self.policy({'show_component': '@'})
|
||||
hand_get = ComponentHandler.return_value.get
|
||||
fake_component = fakes.FakeComponent()
|
||||
hand_get.return_value = fake_component
|
||||
@ -47,6 +48,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
|
||||
def test_component_get_not_found(self, ComponentHandler,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'show_component': '@'})
|
||||
hand_get = ComponentHandler.return_value.get
|
||||
hand_get.side_effect = exception.ResourceNotFound(
|
||||
name='component', component_id='test_id')
|
||||
@ -57,6 +59,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
|
||||
def test_component_put_none(self, ComponentHandler,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'update_component': '@'})
|
||||
request_mock.body = None
|
||||
request_mock.content_type = 'application/json'
|
||||
hand_put = ComponentHandler.return_value.put
|
||||
@ -66,6 +69,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
|
||||
def test_component_put_not_found(self, ComponentHandler,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'update_component': '@'})
|
||||
json_update = {'user_id': 'foo', 'name': 'appy'}
|
||||
request_mock.body = json.dumps(json_update)
|
||||
request_mock.content_type = 'application/json'
|
||||
@ -77,6 +81,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
self.assertEqual(404, resp_mock.status)
|
||||
|
||||
def test_component_put_ok(self, ComponentHandler, resp_mock, request_mock):
|
||||
self.policy({'update_component': '@'})
|
||||
json_update = {'name': 'update_foo',
|
||||
'description': 'update_desc_component',
|
||||
'user_id': 'user_id_test',
|
||||
@ -91,6 +96,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
|
||||
def test_component_delete_not_found(self, ComponentHandler,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'delete_component': '@'})
|
||||
hand_delete = ComponentHandler.return_value.delete
|
||||
hand_delete.side_effect = exception.ResourceNotFound(
|
||||
name='component', component_id='test_id')
|
||||
@ -101,6 +107,7 @@ class TestComponentController(base.BaseTestCase):
|
||||
|
||||
def test_component_delete_ok(self, ComponentHandler,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'delete_component': '@'})
|
||||
hand_delete = ComponentHandler.return_value.delete
|
||||
hand_delete.return_value = None
|
||||
obj = component.ComponentController('test_id')
|
||||
@ -118,6 +125,7 @@ class TestComponentsController(base.BaseTestCase):
|
||||
objects.load()
|
||||
|
||||
def test_components_get_all(self, handler_mock, resp_mock, request_mock):
|
||||
self.policy({'get_components': '@'})
|
||||
hand_get_all = handler_mock.return_value.get_all
|
||||
fake_component = fakes.FakeComponent()
|
||||
hand_get_all.return_value = [fake_component]
|
||||
@ -131,6 +139,7 @@ class TestComponentsController(base.BaseTestCase):
|
||||
self.assertEqual(200, resp_mock.status)
|
||||
|
||||
def test_components_post(self, handler_mock, resp_mock, request_mock):
|
||||
self.policy({'create_component': '@'})
|
||||
json_create = {'name': 'foo',
|
||||
'description': 'test_desc_component',
|
||||
'user_id': 'user_id_test',
|
||||
@ -146,6 +155,7 @@ class TestComponentsController(base.BaseTestCase):
|
||||
|
||||
def test_components_post_nodata(self, handler_mock,
|
||||
resp_mock, request_mock):
|
||||
self.policy({'create_component': '@'})
|
||||
request_mock.body = ''
|
||||
request_mock.content_type = 'application/json'
|
||||
handler_create = handler_mock.return_value.create
|
||||
|
Loading…
Reference in New Issue
Block a user