Coverage for manila/policies/resource_lock.py: 100%

14 statements  

« prev     ^ index     » next       coverage.py v7.11.0, created at 2026-02-18 22:19 +0000

1# Licensed under the Apache License, Version 2.0 (the "License"); you may 

2# not use this file except in compliance with the License. You may obtain 

3# a copy of the License at 

4# 

5# http://www.apache.org/licenses/LICENSE-2.0 

6# 

7# Unless required by applicable law or agreed to in writing, software 

8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

10# License for the specific language governing permissions and limitations 

11# under the License. 

12 

13from oslo_policy import policy 

14 

15from manila.policies import base 

16 

17 

18BASE_POLICY_NAME = 'resource_lock:%s' 

19 

20DEPRECATED_REASON = """ 

21The resource lock API now supports scope and default roles. 

22""" 

23 

24deprecated_lock_get = policy.DeprecatedRule( 

25 name=BASE_POLICY_NAME % 'get', 

26 check_str=base.RULE_DEFAULT, 

27 deprecated_reason=DEPRECATED_REASON, 

28 deprecated_since='2023.2/Bobcat', 

29) 

30deprecated_lock_get_all = policy.DeprecatedRule( 

31 name=BASE_POLICY_NAME % 'get_all', 

32 check_str=base.RULE_DEFAULT, 

33 deprecated_reason=DEPRECATED_REASON, 

34 deprecated_since='2023.2/Bobcat', 

35) 

36deprecated_lock_get_all_projects = policy.DeprecatedRule( 

37 name=BASE_POLICY_NAME % 'get_all_projects', 

38 check_str=base.RULE_ADMIN_API, 

39 deprecated_reason=DEPRECATED_REASON, 

40 deprecated_since='2023.2/Bobcat', 

41) 

42deprecated_lock_create = policy.DeprecatedRule( 

43 name=BASE_POLICY_NAME % 'create', 

44 check_str=base.RULE_DEFAULT, 

45 deprecated_reason=DEPRECATED_REASON, 

46 deprecated_since='2023.2/Bobcat' 

47) 

48deprecated_lock_update = policy.DeprecatedRule( 

49 name=BASE_POLICY_NAME % 'update', 

50 check_str=base.RULE_ADMIN_OR_OWNER_USER, 

51 deprecated_reason=DEPRECATED_REASON, 

52 deprecated_since='2023.2/Bobcat', 

53) 

54deprecated_lock_delete = policy.DeprecatedRule( 

55 name=BASE_POLICY_NAME % 'delete', 

56 check_str=base.RULE_ADMIN_OR_OWNER_USER, 

57 deprecated_reason=DEPRECATED_REASON, 

58 deprecated_since='2023.2/Bobcat', 

59) 

60deprecated_bypass_locked_show_action = policy.DeprecatedRule( 

61 name=BASE_POLICY_NAME % 'bypass_locked_show_action', 

62 check_str=base.RULE_ADMIN_OR_OWNER_USER, 

63 deprecated_reason=DEPRECATED_REASON, 

64 deprecated_since='2023.2/Bobcat', 

65) 

66 

67# We anticipate bypassing is desirable only for resource visibility locks. 

68# Without a bypass, the lock would have to be set aside each time the lock 

69# owner wants to view the resource. 

70 

71lock_policies = [ 

72 policy.DocumentedRuleDefault( 

73 name=BASE_POLICY_NAME % 'get', 

74 check_str=base.ADMIN_OR_SERVICE_OR_PROJECT_READER, 

75 scope_types=['project'], 

76 description="Get details of a given resource lock.", 

77 operations=[ 

78 { 

79 'method': 'GET', 

80 'path': '/resource-locks/{lock_id}' 

81 } 

82 ], 

83 deprecated_rule=deprecated_lock_get, 

84 ), 

85 policy.DocumentedRuleDefault( 

86 name=BASE_POLICY_NAME % 'get_all', 

87 check_str=base.ADMIN_OR_SERVICE_OR_PROJECT_READER, 

88 scope_types=['project'], 

89 description="Get all resource locks.", 

90 operations=[ 

91 { 

92 'method': 'GET', 

93 'path': '/resource-locks' 

94 }, 

95 { 

96 'method': 'GET', 

97 'path': '/resource-locks?{query}' 

98 } 

99 ], 

100 deprecated_rule=deprecated_lock_get_all, 

101 ), 

102 policy.DocumentedRuleDefault( 

103 name=BASE_POLICY_NAME % 'get_all_projects', 

104 check_str=base.ADMIN_OR_SERVICE, 

105 scope_types=['project'], 

106 description="Get resource locks from all project namespaces.", 

107 operations=[ 

108 { 

109 'method': 'GET', 

110 'path': '/resource-locks?all_projects=1' 

111 }, 

112 { 

113 'method': 'GET', 

114 'path': '/resource-locks?all_projects=1&' 

115 'project_id={project_id}' 

116 } 

117 ], 

118 deprecated_rule=deprecated_lock_get_all_projects, 

119 ), 

120 policy.DocumentedRuleDefault( 

121 name=BASE_POLICY_NAME % 'create', 

122 check_str=base.ADMIN_OR_SERVICE_OR_PROJECT_MEMBER, 

123 scope_types=['project'], 

124 description="Create a resource lock.", 

125 operations=[ 

126 { 

127 'method': 'POST', 

128 'path': '/resource-locks' 

129 } 

130 ], 

131 deprecated_rule=deprecated_lock_create, 

132 ), 

133 policy.DocumentedRuleDefault( 

134 name=BASE_POLICY_NAME % 'update', 

135 check_str=base.ADMIN_OR_SERVICE_OR_OWNER_USER, 

136 scope_types=['project'], 

137 description="Update a resource lock.", 

138 operations=[ 

139 { 

140 'method': 'PUT', 

141 'path': '/resource-locks/{lock_id}' 

142 } 

143 ], 

144 deprecated_rule=deprecated_lock_update, 

145 ), 

146 policy.DocumentedRuleDefault( 

147 name=BASE_POLICY_NAME % 'delete', 

148 check_str=base.ADMIN_OR_SERVICE_OR_OWNER_USER, 

149 scope_types=['project'], 

150 description="Delete a resource lock.", 

151 operations=[ 

152 { 

153 'method': 'DELETE', 

154 'path': '/resource-locks/{lock_id}' 

155 } 

156 ], 

157 deprecated_rule=deprecated_lock_delete, 

158 ), 

159 policy.DocumentedRuleDefault( 

160 name=BASE_POLICY_NAME % 'bypass_locked_show_action', 

161 check_str=base.ADMIN_OR_SERVICE_OR_OWNER_USER, 

162 scope_types=['project'], 

163 description="Bypass a visibility lock placed in a resource.", 

164 operations=[ 

165 { 

166 'method': 'GET', 

167 'path': '/share-access-rules/{share_access_id}' 

168 }, 

169 { 

170 'method': 'GET', 

171 'path': ('/share-access-rules?share_id={share_id}' 

172 '&key1=value1&key2=value2') 

173 }, 

174 ], 

175 deprecated_rule=deprecated_bypass_locked_show_action, 

176 ), 

177] 

178 

179 

180def list_rules(): 

181 return lock_policies