diff --git a/etc/policy.json.sample b/etc/policy.json.sample index 2ac551e59..f5ff0c931 100644 --- a/etc/policy.json.sample +++ b/etc/policy.json.sample @@ -1,10 +1,3 @@ { - "default": "rule:admin_or_owner", - - "subscription:get_all": "", - "subscription:create": "", - "subscription:get": "", - "subscription:delete": "", - "subscription:update": "", - "subscription:confirm": "" + "default": "rule:admin_or_owner" } diff --git a/zaqar/common/policies/__init__.py b/zaqar/common/policies/__init__.py index ba1d78c2b..b13e8829f 100644 --- a/zaqar/common/policies/__init__.py +++ b/zaqar/common/policies/__init__.py @@ -19,6 +19,7 @@ from zaqar.common.policies import health from zaqar.common.policies import messages from zaqar.common.policies import pools from zaqar.common.policies import queues +from zaqar.common.policies import subscription def list_rules(): @@ -29,5 +30,6 @@ def list_rules(): health.list_rules(), messages.list_rules(), pools.list_rules(), - queues.list_rules() + queues.list_rules(), + subscription.list_rules() ) diff --git a/zaqar/common/policies/subscription.py b/zaqar/common/policies/subscription.py new file mode 100644 index 000000000..8e7300c50 --- /dev/null +++ b/zaqar/common/policies/subscription.py @@ -0,0 +1,95 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_policy import policy + +from zaqar.common.policies import base + +SUBSCRIPTIONS = 'subscription:%s' + + +rules = [ + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'get_all', + check_str=base.UNPROTECTED, + description='Lists a queue subscriptions.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'create', + check_str=base.UNPROTECTED, + description='Creates a subscription.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions', + 'method': 'POST' + } + ] + ), + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'get', + check_str=base.UNPROTECTED, + description='Shows details for a subscription.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions' + '/{subscription_id}', + 'method': 'GET' + } + ] + ), + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'delete', + check_str=base.UNPROTECTED, + description='Deletes the specified subscription.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions' + '/{subscription_id}', + 'method': 'DELETE' + } + ] + ), + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'update', + check_str=base.UNPROTECTED, + description='Updates a subscription.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions' + '/{subscription_id}', + 'method': 'PATCH' + } + ] + ), + policy.DocumentedRuleDefault( + name=SUBSCRIPTIONS % 'confirm', + check_str=base.UNPROTECTED, + description='Confirms a subscription.', + operations=[ + { + 'path': '/v2/queues/{queue_name}/subscriptions' + '/{subscription_id}/confirm', + 'method': 'PUT' + } + ] + ) +] + + +def list_rules(): + return rules diff --git a/zaqar/tests/etc/policy.json b/zaqar/tests/etc/policy.json index 2ac551e59..f5ff0c931 100644 --- a/zaqar/tests/etc/policy.json +++ b/zaqar/tests/etc/policy.json @@ -1,10 +1,3 @@ { - "default": "rule:admin_or_owner", - - "subscription:get_all": "", - "subscription:create": "", - "subscription:get": "", - "subscription:delete": "", - "subscription:update": "", - "subscription:confirm": "" + "default": "rule:admin_or_owner" }