From 9de95f61998a7395c0cba1aad1ae7356b86cc700 Mon Sep 17 00:00:00 2001 From: Hieu LE Date: Mon, 16 Oct 2017 11:51:21 +0700 Subject: [PATCH] Use DocumentedRuleDefault instead of RuleDefault The policy-and-docs-in-code Queens goal outlines the work required for projects to move policy into code and document the operations and defaults. This commit replaces occurrences of RuleDefault with DocumentedRuleDefault where appropriate, which requires additional attributes when used that supply more documentation in rendered policy files. Using DocumentedRuleDefault produces more descriptive generated policy descriptons in 'configuration' section of tricircle docs. Change-Id: I5be169e996066ff66d165731cf2bf12aaff38fd4 --- .gitignore | 1 + etc/policy-generator.conf | 3 + setup.cfg | 2 + tox.ini | 5 ++ tricircle/common/policy.py | 170 +++++++++++++++++++++++++++---------- 5 files changed, 137 insertions(+), 44 deletions(-) create mode 100644 etc/policy-generator.conf diff --git a/.gitignore b/.gitignore index 26c75d8c..fa5f3239 100644 --- a/.gitignore +++ b/.gitignore @@ -34,6 +34,7 @@ nosetests.xml .mr.developer.cfg .project .pydevproject +.idea # Complexity output/*.html diff --git a/etc/policy-generator.conf b/etc/policy-generator.conf new file mode 100644 index 00000000..040ca211 --- /dev/null +++ b/etc/policy-generator.conf @@ -0,0 +1,3 @@ +[DEFAULT] +output_file = etc/tricircle-policy.yaml.sample +namespace = tricircle diff --git a/setup.cfg b/setup.cfg index 3bbff1f9..f59343c4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -57,6 +57,8 @@ oslo.config.opts = tricircle.db = tricircle.db.opts:list_opts tricircle.network = tricircle.network.opts:list_opts tricircle.xjob = tricircle.xjob.opts:list_opts +oslo.policy.policies = + tricircle = tricircle.common.policy:list_policies tricircle.network.type_drivers = local = tricircle.network.drivers.type_local:LocalTypeDriver vlan = tricircle.network.drivers.type_vlan:VLANTypeDriver diff --git a/tox.ini b/tox.ini index 392ff650..3649cb71 100644 --- a/tox.ini +++ b/tox.ini @@ -42,6 +42,11 @@ deps = commands = oslo-config-generator --config-file=etc/api-cfg-gen.conf oslo-config-generator --config-file=etc/xjob-cfg-gen.conf +[testenv:genpolicy] +deps = + -r{toxinidir}/test-requirements.txt +commands = oslopolicy-sample-generator --config-file=etc/policy-generator.conf + [testenv:docs] deps = -r{toxinidir}/test-requirements.txt diff --git a/tricircle/common/policy.py b/tricircle/common/policy.py index ece40174..c91a3056 100644 --- a/tricircle/common/policy.py +++ b/tricircle/common/policy.py @@ -65,50 +65,132 @@ ADMIN_API_JOB_DELETE = 'admin_api:jobs:delete' tricircle_admin_api_policies = [ - policy.RuleDefault(ADMIN_API_PODS_CREATE, - 'rule:admin_api', - description='Create pod'), - policy.RuleDefault(ADMIN_API_PODS_DELETE, - 'rule:admin_api', - description='Delete pod'), - policy.RuleDefault(ADMIN_API_PODS_SHOW, - 'rule:admin_api', - description='Show pod detail'), - policy.RuleDefault(ADMIN_API_PODS_LIST, - 'rule:admin_api', - description='List pods'), - - policy.RuleDefault(ADMIN_API_ROUTINGS_CREATE, - 'rule:admin_api', - description='Create resource routing'), - policy.RuleDefault(ADMIN_API_ROUTINGS_DELETE, - 'rule:admin_api', - description='Delete resource routing'), - policy.RuleDefault(ADMIN_API_ROUTINGS_PUT, - 'rule:admin_api', - description='Update resource routing'), - policy.RuleDefault(ADMIN_API_ROUTINGS_SHOW, - 'rule:admin_api', - description='Show resource routing detail'), - policy.RuleDefault(ADMIN_API_ROUTINGS_LIST, - 'rule:admin_api', - description='List resource routings'), - - policy.RuleDefault(ADMIN_API_JOB_CREATE, - 'rule:admin_api', - description='Create job'), - policy.RuleDefault(ADMIN_API_JOB_LIST, - 'rule:admin_api', - description='List jobs'), - policy.RuleDefault(ADMIN_API_JOB_SCHEMA_LIST, - 'rule:admin_api', - description='List job schemas'), - policy.RuleDefault(ADMIN_API_JOB_REDO, - 'rule:admin_api', - description='Redo job'), - policy.RuleDefault(ADMIN_API_JOB_DELETE, - 'rule:admin_api', - description='Delete job') + policy.DocumentedRuleDefault(ADMIN_API_PODS_CREATE, + 'rule:admin_api', + description='Create pod.', + operations=[ + { + 'path': '/pods', + 'method': 'POST' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_PODS_DELETE, + 'rule:admin_api', + description='Delete specified pod.', + operations=[ + { + 'path': '/pods/{pod_id}', + 'method': 'DELETE' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_PODS_SHOW, + 'rule:admin_api', + description='Show pod details.', + operations=[ + { + 'path': '/pods/{pod_id}', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_PODS_LIST, + 'rule:admin_api', + description='List pods.', + operations=[ + { + 'path': '/pods', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_CREATE, + 'rule:admin_api', + description='Create resource routing', + operations=[ + { + 'path': '/routings', + 'method': 'POST' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_DELETE, + 'rule:admin_api', + description='Delete resource routing', + operations=[ + { + 'path': '/routings/{id}', + 'method': 'DELETE' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_PUT, + 'rule:admin_api', + description='Update resource routing', + operations=[ + { + 'path': '/routings/{id}', + 'method': 'PUT' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_SHOW, + 'rule:admin_api', + description='Show resource routing detail', + operations=[ + { + 'path': '/routings/{id}', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_LIST, + 'rule:admin_api', + description='List resource routings', + operations=[ + { + 'path': '/routings', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_JOB_CREATE, + 'rule:admin_api', + description='Create job', + operations=[ + { + 'path': '/jobs', + 'method': 'POST' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_JOB_LIST, + 'rule:admin_api', + description='List jobs', + operations=[ + { + 'path': '/jobs', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_JOB_SCHEMA_LIST, + 'rule:admin_api', + description='List job schemas', + operations=[ + { + 'path': '/jobs/schemas', + 'method': 'GET' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_JOB_REDO, + 'rule:admin_api', + description='Redo job', + operations=[ + { + 'path': '/jobs/{id}', + 'method': 'PUT' + } + ]), + policy.DocumentedRuleDefault(ADMIN_API_JOB_DELETE, + 'rule:admin_api', + description='Delete job', + operations=[ + { + 'path': '/jobs/{id}', + 'method': 'DELETE' + } + ]) ]