openstack/tricircle
Code Issues Proposed changes

Use DocumentedRuleDefault instead of RuleDefault

Browse Source 
The policy-and-docs-in-code Queens goal outlines the work required
for projects to move policy into code and document the operations
and defaults.
This commit replaces occurrences of RuleDefault with
DocumentedRuleDefault where appropriate, which requires additional
attributes when used that supply more documentation in rendered
policy files.
Using DocumentedRuleDefault produces more descriptive generated
policy descriptons in 'configuration' section of tricircle docs.

Change-Id: I5be169e996066ff66d165731cf2bf12aaff38fd4
This commit is contained in:
Hieu LE 2017-10-16 11:51:21 +07:00
parent f1055bd70c
commit 9de95f6199
5 changed files with 137 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -34,6 +34,7 @@ nosetests.xml
.mr.developer.cfg .mr.developer.cfg
.project .project
.pydevproject .pydevproject
.idea
# Complexity # Complexity
output/*.html output/*.html

3
etc/policy-generator.conf Normal file
View File

@ -0,0 +1,3 @@
[DEFAULT]
output_file = etc/tricircle-policy.yaml.sample
namespace = tricircle

2
setup.cfg
View File

@ -57,6 +57,8 @@ oslo.config.opts =
tricircle.db = tricircle.db.opts:list_opts tricircle.db = tricircle.db.opts:list_opts
tricircle.network = tricircle.network.opts:list_opts tricircle.network = tricircle.network.opts:list_opts
tricircle.xjob = tricircle.xjob.opts:list_opts tricircle.xjob = tricircle.xjob.opts:list_opts
oslo.policy.policies =
tricircle = tricircle.common.policy:list_policies
tricircle.network.type_drivers = tricircle.network.type_drivers =
local = tricircle.network.drivers.type_local:LocalTypeDriver local = tricircle.network.drivers.type_local:LocalTypeDriver
vlan = tricircle.network.drivers.type_vlan:VLANTypeDriver vlan = tricircle.network.drivers.type_vlan:VLANTypeDriver

5
tox.ini
View File

@ -42,6 +42,11 @@ deps =
commands = oslo-config-generator --config-file=etc/api-cfg-gen.conf commands = oslo-config-generator --config-file=etc/api-cfg-gen.conf
oslo-config-generator --config-file=etc/xjob-cfg-gen.conf oslo-config-generator --config-file=etc/xjob-cfg-gen.conf
[testenv:genpolicy]
deps =
-r{toxinidir}/test-requirements.txt
commands = oslopolicy-sample-generator --config-file=etc/policy-generator.conf
[testenv:docs] [testenv:docs]
deps = deps =
-r{toxinidir}/test-requirements.txt -r{toxinidir}/test-requirements.txt

170
tricircle/common/policy.py
View File

@ -65,50 +65,132 @@ ADMIN_API_JOB_DELETE = 'admin_api:jobs:delete'
tricircle_admin_api_policies = [ tricircle_admin_api_policies = [
policy.RuleDefault(ADMIN_API_PODS_CREATE, policy.DocumentedRuleDefault(ADMIN_API_PODS_CREATE,
'rule:admin_api', 'rule:admin_api',
description='Create pod'), description='Create pod.',
policy.RuleDefault(ADMIN_API_PODS_DELETE, operations=[
'rule:admin_api', {
description='Delete pod'), 'path': '/pods',
policy.RuleDefault(ADMIN_API_PODS_SHOW, 'method': 'POST'
'rule:admin_api', }
description='Show pod detail'), ]),
policy.RuleDefault(ADMIN_API_PODS_LIST, policy.DocumentedRuleDefault(ADMIN_API_PODS_DELETE,
'rule:admin_api', 'rule:admin_api',
description='List pods'), description='Delete specified pod.',
operations=[
policy.RuleDefault(ADMIN_API_ROUTINGS_CREATE, {
'rule:admin_api', 'path': '/pods/{pod_id}',
description='Create resource routing'), 'method': 'DELETE'
policy.RuleDefault(ADMIN_API_ROUTINGS_DELETE, }
'rule:admin_api', ]),
description='Delete resource routing'), policy.DocumentedRuleDefault(ADMIN_API_PODS_SHOW,
policy.RuleDefault(ADMIN_API_ROUTINGS_PUT, 'rule:admin_api',
'rule:admin_api', description='Show pod details.',
description='Update resource routing'), operations=[
policy.RuleDefault(ADMIN_API_ROUTINGS_SHOW, {
'rule:admin_api', 'path': '/pods/{pod_id}',
description='Show resource routing detail'), 'method': 'GET'
policy.RuleDefault(ADMIN_API_ROUTINGS_LIST, }
'rule:admin_api', ]),
description='List resource routings'), policy.DocumentedRuleDefault(ADMIN_API_PODS_LIST,
'rule:admin_api',
policy.RuleDefault(ADMIN_API_JOB_CREATE, description='List pods.',
'rule:admin_api', operations=[
description='Create job'), {
policy.RuleDefault(ADMIN_API_JOB_LIST, 'path': '/pods',
'rule:admin_api', 'method': 'GET'
description='List jobs'), }
policy.RuleDefault(ADMIN_API_JOB_SCHEMA_LIST, ]),
'rule:admin_api', policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_CREATE,
description='List job schemas'), 'rule:admin_api',
policy.RuleDefault(ADMIN_API_JOB_REDO, description='Create resource routing',
'rule:admin_api', operations=[
description='Redo job'), {
policy.RuleDefault(ADMIN_API_JOB_DELETE, 'path': '/routings',
'rule:admin_api', 'method': 'POST'
description='Delete job') }
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_DELETE,
'rule:admin_api',
description='Delete resource routing',
operations=[
{
'path': '/routings/{id}',
'method': 'DELETE'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_PUT,
'rule:admin_api',
description='Update resource routing',
operations=[
{
'path': '/routings/{id}',
'method': 'PUT'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_SHOW,
'rule:admin_api',
description='Show resource routing detail',
operations=[
{
'path': '/routings/{id}',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_ROUTINGS_LIST,
'rule:admin_api',
description='List resource routings',
operations=[
{
'path': '/routings',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_CREATE,
'rule:admin_api',
description='Create job',
operations=[
{
'path': '/jobs',
'method': 'POST'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_LIST,
'rule:admin_api',
description='List jobs',
operations=[
{
'path': '/jobs',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_SCHEMA_LIST,
'rule:admin_api',
description='List job schemas',
operations=[
{
'path': '/jobs/schemas',
'method': 'GET'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_REDO,
'rule:admin_api',
description='Redo job',
operations=[
{
'path': '/jobs/{id}',
'method': 'PUT'
}
]),
policy.DocumentedRuleDefault(ADMIN_API_JOB_DELETE,
'rule:admin_api',
description='Delete job',
operations=[
{
'path': '/jobs/{id}',
'method': 'DELETE'
}
])
] ]