Add policy for limit model protection

We plan to expose the enforcement model a deployment is using via
the limit API. This commit prepares for that implementation by
introducing the policy for it.

Change-Id: I03c9cec3646ee354ebcdd4ddc1168e00d611171b
Related-Bug: 1765193
This commit is contained in:
Lance Bragstad 2018-04-19 15:17:04 +00:00 committed by wangxiyuan
parent c0b0b25e42
commit 0022adb6ae
3 changed files with 12 additions and 0 deletions

View File

@ -36,6 +36,8 @@ identity:list_limits GET /v3/limits
identity:create_limits POST /v3/limits
identity:update_limit PATCH /v3/limits/{limit_id}
identity:delete_limit DELETE /v3/limits/{limit_id}
identity:get_limit_model GET /v3/limits/model
HEAD /v3/limits/model
identity:get_domain GET /v3/domains/{domain_id}
identity:list_domains GET /v3/domains

View File

@ -34,6 +34,7 @@
"identity:update_registered_limit": "rule:admin_required",
"identity:delete_registered_limit": "rule:admin_required",
"identity:get_limit_model": "",
"identity:get_limit": "",
"identity:list_limits": "",
"identity:create_limits": "rule:admin_required",

View File

@ -15,6 +15,15 @@ from oslo_policy import policy
from keystone.common.policies import base
limit_policies = [
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_limit_model',
check_str='',
scope_types=['system', 'project'],
description='Get limit enforcement model.',
operations=[{'path': '/v3/limits/model',
'method': 'GET'},
{'path': '/v3/limits/model',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_limit',
check_str='',