Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add explicit scope types for all policies #1391

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Add explicit scope types for all policies #1391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions gnocchi/rest/auth_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,8 @@ def get_auth_info(self, request):
roles.append("admin")
return {
"user": user,
"roles": roles
"roles": roles,
"system": 'all',
}

@staticmethod
Expand Down Expand Up @@ -176,7 +177,8 @@ def get_auth_info(self, request):
roles.append("admin")
return {
"user": user,
"roles": roles
"roles": roles,
"system": 'all',
}

@staticmethod
Expand Down
30 changes: 30 additions & 0 deletions gnocchi/rest/policies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
policy.DocumentedRuleDefault(
name="get status",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Get status of Gnocchi service.',
operations=[
{
Expand All @@ -66,6 +67,7 @@
policy.DocumentedRuleDefault(
name="create resource",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='Create a new resource.',
operations=[
{
Expand All @@ -77,6 +79,7 @@
policy.DocumentedRuleDefault(
name="get resource",
check_str=RULE_ADMIN_OR_CREATOR_OR_RESOURCE_OWNER,
scope_types=['system', 'domain', 'project'],
description='Get a resource.',
operations=[
{
Expand All @@ -88,6 +91,7 @@
policy.DocumentedRuleDefault(
name="update resource",
check_str=RULE_ADMIN_OR_CREATOR,
scope_types=['system', 'domain', 'project'],
description='Update a resource.',
operations=[
{
Expand All @@ -99,6 +103,7 @@
policy.DocumentedRuleDefault(
name="delete resource",
check_str=RULE_ADMIN_OR_CREATOR,
scope_types=['system', 'domain', 'project'],
description='Delete a resource.',
operations=[
{
Expand All @@ -110,6 +115,7 @@
policy.DocumentedRuleDefault(
name="delete resources",
check_str=RULE_ADMIN_OR_CREATOR,
scope_types=['system', 'domain', 'project'],
description='Delete multiple resources.',
operations=[
{
Expand All @@ -121,6 +127,7 @@
policy.DocumentedRuleDefault(
name="list resource",
check_str=RULE_ADMIN_OR_CREATOR_OR_RESOURCE_OWNER,
scope_types=['system', 'domain', 'project'],
description='List all resources.',
operations=[
{
Expand All @@ -132,6 +139,7 @@
policy.DocumentedRuleDefault(
name="search resource",
check_str=RULE_ADMIN_OR_CREATOR_OR_RESOURCE_OWNER,
scope_types=['system', 'domain', 'project'],
description='Search resources.',
operations=[
{
Expand All @@ -146,6 +154,7 @@
policy.DocumentedRuleDefault(
name="create resource type",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Create a new resource type.',
operations=[
{
Expand All @@ -157,6 +166,7 @@
policy.DocumentedRuleDefault(
name="get resource type",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='Get a resource type.',
operations=[
{
Expand All @@ -168,6 +178,7 @@
policy.DocumentedRuleDefault(
name="update resource type",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Update a resource type.',
operations=[
{
Expand All @@ -179,6 +190,7 @@
policy.DocumentedRuleDefault(
name="delete resource type",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Delete a resource type.',
operations=[
{
Expand All @@ -190,6 +202,7 @@
policy.DocumentedRuleDefault(
name="list resource type",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='List all resource types.',
operations=[
{
Expand All @@ -204,6 +217,7 @@
policy.DocumentedRuleDefault(
name="create archive policy",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Create a new archive policy',
operations=[
{
Expand All @@ -215,6 +229,7 @@
policy.DocumentedRuleDefault(
name="get archive policy",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='Get an archive policy',
operations=[
{
Expand All @@ -226,6 +241,7 @@
policy.DocumentedRuleDefault(
name="update archive policy",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Update an archive policy',
operations=[
{
Expand All @@ -237,6 +253,7 @@
policy.DocumentedRuleDefault(
name="delete archive policy",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Delete an archive policy',
operations=[
{
Expand All @@ -248,6 +265,7 @@
policy.DocumentedRuleDefault(
name="list archive policy",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='List all archive policies',
operations=[
{
Expand All @@ -262,6 +280,7 @@
policy.DocumentedRuleDefault(
name="create archive policy rule",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Create a new archive policy rule',
operations=[
{
Expand All @@ -273,6 +292,7 @@
policy.DocumentedRuleDefault(
name="get archive policy rule",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='Get an archive policy rule',
operations=[
{
Expand All @@ -284,6 +304,7 @@
policy.DocumentedRuleDefault(
name="update archive policy rule",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Update an archive policy rule',
operations=[
{
Expand All @@ -295,6 +316,7 @@
policy.DocumentedRuleDefault(
name="delete archive policy rule",
check_str=ADMIN,
scope_types=['system', 'domain', 'project'],
description='Delete an archive policy rule',
operations=[
{
Expand All @@ -306,6 +328,7 @@
policy.DocumentedRuleDefault(
name="list archive policy rule",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='List all archive policy rules',
operations=[
{
Expand All @@ -320,6 +343,7 @@
policy.DocumentedRuleDefault(
name="create metric",
check_str=UNPROTECTED,
scope_types=['system', 'domain', 'project'],
description='Create a new metric',
operations=[
{
Expand All @@ -331,6 +355,7 @@
policy.DocumentedRuleDefault(
name="get metric",
check_str=RULE_ADMIN_OR_CREATOR_OR_METRIC_OWNER,
scope_types=['system', 'domain', 'project'],
description='Get a metric',
operations=[
{
Expand All @@ -342,6 +367,7 @@
policy.DocumentedRuleDefault(
name="delete metric",
check_str=RULE_ADMIN_OR_CREATOR,
scope_types=['system', 'domain', 'project'],
description='Delete a metric',
operations=[
{
Expand All @@ -353,6 +379,7 @@
policy.DocumentedRuleDefault(
name="list metric",
check_str=RULE_ADMIN_OR_CREATOR_OR_METRIC_OWNER,
scope_types=['system', 'domain', 'project'],
description='List all metrics',
operations=[
{
Expand All @@ -364,6 +391,7 @@
policy.DocumentedRuleDefault(
name="search metric",
check_str=RULE_ADMIN_OR_CREATOR_OR_METRIC_OWNER,
scope_types=['system', 'domain', 'project'],
description='Search metrics',
operations=[
{
Expand All @@ -378,6 +406,7 @@
policy.DocumentedRuleDefault(
name="post measures",
check_str=RULE_ADMIN_OR_CREATOR,
scope_types=['system', 'domain', 'project'],
description='Post measures',
operations=[
{
Expand All @@ -397,6 +426,7 @@
policy.DocumentedRuleDefault(
name="get measures",
check_str=RULE_ADMIN_OR_CREATOR_OR_METRIC_OWNER,
scope_types=['system', 'domain', 'project'],
description='Get measures',
operations=[
{
Expand Down
Loading