Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Work on a generic policy component. #567

Closed
wants to merge 3 commits into from
Closed

Work on a generic policy component. #567

wants to merge 3 commits into from

Conversation

terjekv
Copy link
Collaborator

@terjekv terjekv commented Dec 1, 2024
edited
Loading

Allow policies generically across models in mreg.

Policies allow for roles and atoms to be associated with objects in a given model. This PR aims to allow of such components to be defined by the users of mreg and not be hard-coded into the system on a per-model basis. The constraints are:

  • Policies will only be applicable to concrete (non-abstract) model in mreg.
  • Roles and atoms may be created against models that have been approved for policies. Doing this requires adding an entry into an approval model (ApprovedModelForPolicy) via POSTing {"content_type": "modelname"} to the endpoint /policy/approvals/.
  • Model names for ApprovedModelForPolicy are case insensitive (they are stored in lowercase by Django), and the application label (mreg. is implied) so one does not use mreg.Host.
  • A list of supported models should be made available in the documentation, especially as they are deeply tied to the current database schema.

PR status:

ApprovedModelForPolicy:

  • Implement the model.
  • Set up views/serializers/etc for CRUD operations
  • Set up endpoints
  • Test endpoints, with a specific eye towards permissions (only super + policy admins are allowed write, everyone else read)

Roles:

  • Implement a generic role model
  • Set up views/serializers/etc for CRUD operations into the role model.
  • Set up endpoints
  • Test the role model
  • Test permissions of roles. Note that permissions on models that have hosts may want to utilize NetGroupRegexPermission.

Atoms:

  • Implement a generic atom model
  • Set up views/serializers/etc for CRUD operations into the atom model.
  • Set up endpoints
  • Test the atom model
  • Test permissions of atoms. Note that permissions on models that have hosts may want to utilize NetGroupRegexPermission.

Assignments:

  • Implement a generic model for assigning policies to objects.
  • Set up views/serializers/etc for CRUD operation for assigning policies
  • Set up endpoints
  • Test the policies model
  • Test permissions of policies. Note that permissions on models that have hosts may want to utilize NetGroupRegexPermission.

@terjekv terjekv self-assigned this Dec 1, 2024
@coveralls
Copy link
Collaborator

coveralls commented Dec 1, 2024
edited
Loading

Coverage Status

coverage: 98.48% (-0.5%) from 99.013%
when pulling 6c4b342 on generic_policy_support
into cee5c16 on master.

@terjekv
Work on a generic policy component.
fb6ca71 
  - This component aims to allow policies to be applied to any concrete model in mreg.
  - Policies will allow for roles, atoms, and labels to be applied to models of ones choice, determined by the models membership in ApprovedModelForPolicy.
@terjekv
Fix migration. :(
c66c7a6
@terjekv
Inherit from BaseModel to get correct created_at/updated_at.
6c4b342
@terjekv terjekv force-pushed the generic_policy_support branch from 11bbb8d to 6c4b342 Compare December 6, 2024 11:05
@terjekv terjekv closed this Jan 22, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees

@terjekv terjekv

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@terjekv @coveralls