Coverage for manila/policies/security_service.py: 100%

15 statements  

« prev     ^ index     » next       coverage.py v7.11.0, created at 2026-02-18 22:19 +0000

1# Licensed under the Apache License, Version 2.0 (the "License"); you may 

2# not use this file except in compliance with the License. You may obtain 

3# a copy of the License at 

4# 

5# http://www.apache.org/licenses/LICENSE-2.0 

6# 

7# Unless required by applicable law or agreed to in writing, software 

8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 

9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 

10# License for the specific language governing permissions and limitations 

11# under the License. 

12 

13from oslo_log import versionutils 

14from oslo_policy import policy 

15 

16from manila.policies import base 

17 

18 

19BASE_POLICY_NAME = 'security_service:%s' 

20 

21DEPRECATED_REASON = """ 

22The security service API now supports scope and default roles. 

23""" 

24 

25deprecated_security_service_create = policy.DeprecatedRule( 

26 name=BASE_POLICY_NAME % 'create', 

27 check_str=base.RULE_DEFAULT, 

28 deprecated_reason=DEPRECATED_REASON, 

29 deprecated_since=versionutils.deprecated.WALLABY 

30) 

31deprecated_security_service_show = policy.DeprecatedRule( 

32 name=BASE_POLICY_NAME % 'show', 

33 check_str=base.RULE_DEFAULT, 

34 deprecated_reason=DEPRECATED_REASON, 

35 deprecated_since=versionutils.deprecated.WALLABY 

36) 

37deprecated_security_service_detail = policy.DeprecatedRule( 

38 name=BASE_POLICY_NAME % 'detail', 

39 check_str=base.RULE_DEFAULT, 

40 deprecated_reason=DEPRECATED_REASON, 

41 deprecated_since=versionutils.deprecated.WALLABY 

42) 

43deprecated_security_service_index = policy.DeprecatedRule( 

44 name=BASE_POLICY_NAME % 'index', 

45 check_str=base.RULE_DEFAULT, 

46 deprecated_reason=DEPRECATED_REASON, 

47 deprecated_since=versionutils.deprecated.WALLABY 

48) 

49deprecated_security_service_update = policy.DeprecatedRule( 

50 name=BASE_POLICY_NAME % 'update', 

51 check_str=base.RULE_DEFAULT, 

52 deprecated_reason=DEPRECATED_REASON, 

53 deprecated_since=versionutils.deprecated.WALLABY 

54) 

55deprecated_security_service_delete = policy.DeprecatedRule( 

56 name=BASE_POLICY_NAME % 'delete', 

57 check_str=base.RULE_DEFAULT, 

58 deprecated_reason=DEPRECATED_REASON, 

59 deprecated_since=versionutils.deprecated.WALLABY 

60) 

61deprecated_security_service_get_all = policy.DeprecatedRule( 

62 name=BASE_POLICY_NAME % 'get_all_security_services', 

63 check_str=base.RULE_ADMIN_API, 

64 deprecated_reason=DEPRECATED_REASON, 

65 deprecated_since=versionutils.deprecated.WALLABY 

66) 

67 

68 

69security_service_policies = [ 

70 policy.DocumentedRuleDefault( 

71 name=BASE_POLICY_NAME % 'create', 

72 check_str=base.ADMIN_OR_PROJECT_MEMBER, 

73 scope_types=['project'], 

74 description="Create security service.", 

75 operations=[ 

76 { 

77 'method': 'POST', 

78 'path': '/security-services' 

79 } 

80 ], 

81 deprecated_rule=deprecated_security_service_create 

82 ), 

83 policy.DocumentedRuleDefault( 

84 name=BASE_POLICY_NAME % 'show', 

85 check_str=base.ADMIN_OR_PROJECT_READER, 

86 scope_types=['project'], 

87 description="Get details of a security service.", 

88 operations=[ 

89 { 

90 'method': 'GET', 

91 'path': '/security-services/{security_service_id}' 

92 } 

93 ], 

94 deprecated_rule=deprecated_security_service_show 

95 ), 

96 policy.DocumentedRuleDefault( 

97 name=BASE_POLICY_NAME % 'detail', 

98 check_str=base.ADMIN_OR_PROJECT_READER, 

99 scope_types=['project'], 

100 description="Get details of all security services.", 

101 operations=[ 

102 { 

103 'method': 'GET', 

104 'path': '/security-services/detail?{query}' 

105 }, 

106 ], 

107 deprecated_rule=deprecated_security_service_detail 

108 ), 

109 policy.DocumentedRuleDefault( 

110 name=BASE_POLICY_NAME % 'index', 

111 check_str=base.ADMIN_OR_PROJECT_READER, 

112 scope_types=['project'], 

113 description="Get all security services under a project.", 

114 operations=[ 

115 { 

116 'method': 'GET', 

117 'path': '/security-services?{query}' 

118 } 

119 ], 

120 deprecated_rule=deprecated_security_service_index 

121 ), 

122 policy.DocumentedRuleDefault( 

123 name=BASE_POLICY_NAME % 'update', 

124 check_str=base.ADMIN_OR_PROJECT_MEMBER, 

125 scope_types=['project'], 

126 description="Update a security service.", 

127 operations=[ 

128 { 

129 'method': 'PUT', 

130 'path': '/security-services/{security_service_id}', 

131 } 

132 ], 

133 deprecated_rule=deprecated_security_service_update 

134 ), 

135 policy.DocumentedRuleDefault( 

136 name=BASE_POLICY_NAME % 'delete', 

137 check_str=base.ADMIN_OR_PROJECT_MEMBER, 

138 scope_types=['project'], 

139 description="Delete a security service.", 

140 operations=[ 

141 { 

142 'method': 'DELETE', 

143 'path': '/security-services/{security_service_id}' 

144 } 

145 ], 

146 deprecated_rule=deprecated_security_service_delete 

147 ), 

148 policy.DocumentedRuleDefault( 

149 name=BASE_POLICY_NAME % 'get_all_security_services', 

150 check_str=base.ADMIN, 

151 scope_types=['project'], 

152 description="Get security services of all projects.", 

153 operations=[ 

154 { 

155 'method': 'GET', 

156 'path': '/security-services?all_tenants=1' 

157 }, 

158 { 

159 'method': 'GET', 

160 'path': '/security-services/detail?all_tenants=1' 

161 } 

162 ], 

163 deprecated_rule=deprecated_security_service_get_all 

164 ), 

165] 

166 

167 

168def list_rules(): 

169 return security_service_policies