Merge "Register default pools and health policies in code"

etc/policy.json.sample

@@ -6,14 +6,5 @@
     "subscription:get": "",
     "subscription:delete": "",
     "subscription:update": "",
-    "subscription:confirm": "",
-
-    "pools:get_all": "rule:context_is_admin",
-    "pools:create": "rule:context_is_admin",
-    "pools:get": "rule:context_is_admin",
-    "pools:delete": "rule:context_is_admin",
-    "pools:update": "rule:context_is_admin",
-
-    "ping:get": "",
-    "health:get": "rule:context_is_admin"
+    "subscription:confirm": ""
 }

zaqar/common/policies/__init__.py

@@ -15,7 +15,9 @@ import itertools
 from zaqar.common.policies import base
 from zaqar.common.policies import claims
 from zaqar.common.policies import flavors
+from zaqar.common.policies import health
 from zaqar.common.policies import messages
+from zaqar.common.policies import pools
 from zaqar.common.policies import queues
 
 
@@ -24,6 +26,8 @@ def list_rules():
         base.list_rules(),
         claims.list_rules(),
         flavors.list_rules(),
+        health.list_rules(),
         messages.list_rules(),
+        pools.list_rules(),
         queues.list_rules()
     )

zaqar/common/policies/health.py

@@ -0,0 +1,48 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from zaqar.common.policies import base
+
+PING = 'ping:%s'
+HEALTH = 'health:%s'
+
+rules = [
+
+    policy.DocumentedRuleDefault(
+        name=PING % 'get',
+        check_str=base.UNPROTECTED,
+        description='Simple health check for end user(ping).',
+        operations=[
+            {
+                'path': '/v2/ping',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=HEALTH % 'get',
+        check_str=base.ROLE_ADMIN,
+        description='Detailed health check for cloud operator/admin.',
+        operations=[
+            {
+                'path': '/v2/health',
+                'method': 'GET'
+            }
+        ]
+    )
+]
+
+
+def list_rules():
+    return rules

zaqar/common/policies/pools.py

@@ -0,0 +1,80 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from oslo_policy import policy
+
+from zaqar.common.policies import base
+
+POOLS = 'pools:%s'
+
+
+rules = [
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'get_all',
+        check_str=base.ROLE_ADMIN,
+        description='Lists pools.',
+        operations=[
+            {
+                'path': '/v2/pools',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'create',
+        check_str=base.ROLE_ADMIN,
+        description='Creates a pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'PUT'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'get',
+        check_str=base.ROLE_ADMIN,
+        description='Shows details for a pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'GET'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'delete',
+        check_str=base.ROLE_ADMIN,
+        description='Delete pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'DELETE'
+            }
+        ]
+    ),
+    policy.DocumentedRuleDefault(
+        name=POOLS % 'update',
+        check_str=base.ROLE_ADMIN,
+        description='Update pool.',
+        operations=[
+            {
+                'path': '/v2/pools/{pool_name}',
+                'method': 'PATCH'
+            }
+        ]
+    )
+]
+
+
+def list_rules():
+    return rules

zaqar/tests/etc/policy.json

@@ -6,14 +6,5 @@
     "subscription:get": "",
     "subscription:delete": "",
     "subscription:update": "",
-    "subscription:confirm": "",
-
-    "pools:get_all": "rule:context_is_admin",
-    "pools:create": "rule:context_is_admin",
-    "pools:get": "rule:context_is_admin",
-    "pools:delete": "rule:context_is_admin",
-    "pools:update": "rule:context_is_admin",
-
-    "ping:get": "",
-    "health:get": "rule:context_is_admin"
+    "subscription:confirm": ""
 }