diff --git a/etc/policy.json.sample b/etc/policy.json.sample index bad9e9655..28819cc19 100644 --- a/etc/policy.json.sample +++ b/etc/policy.json.sample @@ -1,12 +1,6 @@ { "default": "rule:admin_or_owner", - "claims:get_all": "", - "claims:create": "", - "claims:get": "", - "claims:delete": "", - "claims:update": "", - "subscription:get_all": "", "subscription:create": "", "subscription:get": "", @@ -20,12 +14,6 @@ "pools:delete": "rule:context_is_admin", "pools:update": "rule:context_is_admin", - "flavors:get_all": "", - "flavors:create": "rule:context_is_admin", - "flavors:get": "", - "flavors:delete": "rule:context_is_admin", - "flavors:update": "rule:context_is_admin", - "ping:get": "", "health:get": "rule:context_is_admin" } diff --git a/zaqar/common/policies/__init__.py b/zaqar/common/policies/__init__.py index af1633409..30030f6f7 100644 --- a/zaqar/common/policies/__init__.py +++ b/zaqar/common/policies/__init__.py @@ -13,6 +13,8 @@ import itertools from zaqar.common.policies import base +from zaqar.common.policies import claims +from zaqar.common.policies import flavors from zaqar.common.policies import messages from zaqar.common.policies import queues @@ -20,6 +22,8 @@ from zaqar.common.policies import queues def list_rules(): return itertools.chain( base.list_rules(), + claims.list_rules(), + flavors.list_rules(), messages.list_rules(), queues.list_rules() ) diff --git a/zaqar/common/policies/claims.py b/zaqar/common/policies/claims.py new file mode 100644 index 000000000..b582f1040 --- /dev/null +++ b/zaqar/common/policies/claims.py @@ -0,0 +1,69 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_policy import policy + +from zaqar.common.policies import base + +CLAIMS = 'claims:%s' + + +rules = [ + policy.DocumentedRuleDefault( + name=CLAIMS % 'create', + check_str=base.UNPROTECTED, + description='Claims a set of messages from the specified queue.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/claims', + 'method': 'POST' + } + ] + ), + policy.DocumentedRuleDefault( + name=CLAIMS % 'get', + check_str=base.UNPROTECTED, + description='Queries the specified claim for the specified queue.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/claims/{claim_id}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=CLAIMS % 'delete', + check_str=base.UNPROTECTED, + description='Releases the specified claim for the specified queue.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/claims/{claim_id}', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=CLAIMS % 'update', + check_str=base.UNPROTECTED, + description='Updates the specified claim for the specified queue.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/claims/{claim_id}', + 'method': 'PATCH' + } + ] + ) +] + + +def list_rules(): + return rules diff --git a/zaqar/common/policies/flavors.py b/zaqar/common/policies/flavors.py new file mode 100644 index 000000000..ac4d61ccb --- /dev/null +++ b/zaqar/common/policies/flavors.py @@ -0,0 +1,80 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_policy import policy + +from zaqar.common.policies import base + +FLAVORS = 'flavors:%s' + + +rules = [ + policy.DocumentedRuleDefault( + name=FLAVORS % 'get_all', + check_str=base.UNPROTECTED, + description='Lists flavors.', + operations=[ + { + 'path': '/v2/flavors', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=FLAVORS % 'create', + check_str=base.ROLE_ADMIN, + description='Creates a new flavor.', + operations=[ + { + 'path': '/v2/flavors/{flavor_name}', + 'method': 'PUT' + } + ] + ), + policy.DocumentedRuleDefault( + name=FLAVORS % 'get', + check_str=base.UNPROTECTED, + description='Shows details for a flavor.', + operations=[ + { + 'path': '/v2/flavors/{flavor_name}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=FLAVORS % 'delete', + check_str=base.ROLE_ADMIN, + description='Deletes the specified flavor.', + operations=[ + { + 'path': '/v2/flavors/{flavor_name}', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=FLAVORS % 'update', + check_str=base.ROLE_ADMIN, + description='Update flavor.', + operations=[ + { + 'path': '/v2/flavors/{flavor_name}', + 'method': 'PATCH' + } + ] + ) +] + + +def list_rules(): + return rules diff --git a/zaqar/tests/etc/policy.json b/zaqar/tests/etc/policy.json index bad9e9655..28819cc19 100644 --- a/zaqar/tests/etc/policy.json +++ b/zaqar/tests/etc/policy.json @@ -1,12 +1,6 @@ { "default": "rule:admin_or_owner", - "claims:get_all": "", - "claims:create": "", - "claims:get": "", - "claims:delete": "", - "claims:update": "", - "subscription:get_all": "", "subscription:create": "", "subscription:get": "", @@ -20,12 +14,6 @@ "pools:delete": "rule:context_is_admin", "pools:update": "rule:context_is_admin", - "flavors:get_all": "", - "flavors:create": "rule:context_is_admin", - "flavors:get": "", - "flavors:delete": "rule:context_is_admin", - "flavors:update": "rule:context_is_admin", - "ping:get": "", "health:get": "rule:context_is_admin" }