Register default subscription policies in code

This commit uses the existing policy-in-code module to move all default policies for subscription into code. This commit also adds helpful documetation about each API those policies protect, which will be generated in sample policy files. Change-Id: I2c061cd9df440a19391dbd678df57036e03eaad4 Implement: blueprint policy-and-docs-in-code
2017-10-17 01:27:49 -07:00 · 2017-10-17 01:27:49 -07:00 · 2caa94d583
commit 2caa94d583
parent b72620dd4d
4 changed files with 100 additions and 17 deletions
--- a/etc/policy.json.sample
+++ b/etc/policy.json.sample
@ -1,10 +1,3 @@
 {
-    "default": "rule:admin_or_owner",
-
-    "subscription:get_all": "",
-    "subscription:create": "",
-    "subscription:get": "",
-    "subscription:delete": "",
-    "subscription:update": "",
-    "subscription:confirm": ""
+    "default": "rule:admin_or_owner"
 }
--- a/zaqar/common/policies/init.py
+++ b/zaqar/common/policies/init.py
@ -19,6 +19,7 @@ from zaqar.common.policies import health
 from zaqar.common.policies import messages
 from zaqar.common.policies import pools
 from zaqar.common.policies import queues
+from zaqar.common.policies import subscription


 def list_rules():
@ -29,5 +30,6 @@ def list_rules():
        health.list_rules(),
        messages.list_rules(),
        pools.list_rules(),
-        queues.list_rules()
+        queues.list_rules(),
+        subscription.list_rules()
    )
--- a/zaqar/common/policies/subscription.py
+++ b/zaqar/common/policies/subscription.py
@ -0,0 +1,95 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from zaqar.common.policies import base
+
+SUBSCRIPTIONS = 'subscription:%s'
+
+
+rules = [
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'get_all',
+        check_str=base.UNPROTECTED,
+        description='Lists a queue subscriptions.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'create',
+        check_str=base.UNPROTECTED,
+        description='Creates a subscription.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions',
+                'method': 'POST'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'get',
+        check_str=base.UNPROTECTED,
+        description='Shows details for a subscription.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions'
+                        '/{subscription_id}',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'delete',
+        check_str=base.UNPROTECTED,
+        description='Deletes the specified subscription.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions'
+                        '/{subscription_id}',
+                'method': 'DELETE'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'update',
+        check_str=base.UNPROTECTED,
+        description='Updates a subscription.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions'
+                        '/{subscription_id}',
+                'method': 'PATCH'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=SUBSCRIPTIONS % 'confirm',
+        check_str=base.UNPROTECTED,
+        description='Confirms a subscription.',
+        operations=[
+            {
+                'path': '/v2/queues/{queue_name}/subscriptions'
+                        '/{subscription_id}/confirm',
+                'method': 'PUT'
+            }
+        ]
+    )
+]
+
+
+def list_rules():
+    return rules
--- a/zaqar/tests/etc/policy.json
+++ b/zaqar/tests/etc/policy.json
@ -1,10 +1,3 @@
 {
-    "default": "rule:admin_or_owner",
-
-    "subscription:get_all": "",
-    "subscription:create": "",
-    "subscription:get": "",
-    "subscription:delete": "",
-    "subscription:update": "",
-    "subscription:confirm": ""
+    "default": "rule:admin_or_owner"
 }