def test_roles_list_to_check_str(self):
self.assertEqual(roles_list_to_check_str(['test_role']),
'role:test_role')
self.assertEqual(roles_list_to_check_str(['role1', 'role2', 'role3']),
'role:role1 or role:role2 or role:role3')
self.assertEqual(roles_list_to_check_str(['@']), '@')
self.assertEqual(roles_list_to_check_str(['role1', '@', 'role2']),
'role:role1 or @ or role:role2')
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.delegate_authorized_roles)
rules = [
policy.RuleDefault(
name='api:delegate',
check_str=DELEGATE_AUTHORIZED_ROLES,
description='The rules which allow to access the API on'
' behalf of another tenant.',
)
]
def list_rules():
return rules
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.delegate_authorized_roles)
rules = [
policy.RuleDefault(
name='api:delegate',
check_str=DELEGATE_AUTHORIZED_ROLES,
description='The rules which allow to access the API on'
' behalf of another tenant.',
)
]
def list_rules():
return rules
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.default_authorized_roles)
READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.read_only_authorized_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:notifications:put',
check_str=DEFAULT_AUTHORIZED_ROLES,
description='Update the specified notification method.',
operations=[
{
'path': '/v2.0/notification-methods/{notification_method_id}',
'method': 'PUT'
},
]),
policy.DocumentedRuleDefault(
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
HEALTHCHECK_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.healthcheck_roles)
rules = [
policy.DocumentedRuleDefault(name='api:healthcheck',
check_str=HEALTHCHECK_ROLES,
description='Check healthiness.',
operations=[{
'path': '/healthcheck',
'method': 'GET'
}]),
policy.DocumentedRuleDefault(name='api:healthcheck:head',
check_str=HEALTHCHECK_ROLES,
description='Healthcheck head rule',
operations=[{
'path': '/healthcheck',
'method': 'HEAD'
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
VERSIONS_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.versions_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:versions',
check_str=VERSIONS_ROLES,
description='List supported versions '
'or get the details about the specified version of Monasca API.',
operations=[{
'path': '/',
'method': 'GET'
}, {
'path': '/v2.0',
'method': 'GET'
}]),
]
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
HEALTHCHECK_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.healthcheck_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:healthcheck',
check_str=HEALTHCHECK_ROLES,
description='Check healthiness.',
operations=[
{'path': '/healthcheck', 'method': 'GET'}
]
),
]
def list_rules():
return rules
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from monasca_api import policies
from oslo_config import cfg
from oslo_policy import policy
DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.default_authorized_roles)
AGENT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.agent_authorized_roles)
DELEGATE_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.delegate_authorized_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:logs:post',
check_str=' or '.join(
filter(None, [
AGENT_AUTHORIZED_ROLES, DEFAULT_AUTHORIZED_ROLES,
DELEGATE_AUTHORIZED_ROLES
])),
description='Logs post rule',
operations=[
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
DEFAULT_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.default_authorized_roles)
READ_ONLY_AUTHORIZED_ROLES = policies.roles_list_to_check_str(
cfg.CONF.security.read_only_authorized_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:alarms:definition:post',
check_str=DEFAULT_AUTHORIZED_ROLES,
description='Create an alarm definition.',
operations=[
{
'path': '/v2.0/alarm-definitions/',
'method': 'POST'
}
]
),
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_policy import policy
from monasca_api import policies
CONF = cfg.CONF
VERSIONS_ROLES = policies.roles_list_to_check_str(cfg.CONF.security.versions_roles)
rules = [
policy.DocumentedRuleDefault(
name='api:versions',
check_str=VERSIONS_ROLES,
description='List supported versions '
'or get the details about the specified version of Monasca API.',
operations=[
{'path': '/', 'method': 'GET'},
{'path': '/v2.0', 'method': 'GET'}
]
),
]