Move group policies to DocumentedRuleDefault
A new policy class was introduce that requires additional parameters when defining policy objects. This patch switches our group policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: Ia20c966f0828b4fbc5335a4811893c025d7aab2e Partially-Implements: bp policy-docs
This commit is contained in:
parent
39c6b0ff53
commit
086dfc3ba6
|
@ -15,36 +15,76 @@ from oslo_policy import policy
|
|||
from keystone.common.policies import base
|
||||
|
||||
group_policies = [
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Show group details.',
|
||||
operations=[{'path': '/v3/groups/{group_id}',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/groups/{group_id}',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_groups',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List groups.',
|
||||
operations=[{'path': '/v3/groups',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/groups',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_groups_for_user',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='List groups to which a user belongs.',
|
||||
operations=[{'path': '/v3/users/{user_id}/groups',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/users/{user_id}/groups',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'create_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Create group.',
|
||||
operations=[{'path': '/v3/groups',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'update_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Update group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}',
|
||||
'method': 'PATCH'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Delete group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}',
|
||||
'method': 'DELETE'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_users_in_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List members of a specific group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}/users',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/groups/{group_id}/users',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'remove_user_from_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Remove user from group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}/users/{user_id}',
|
||||
'method': 'DELETE'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'check_user_in_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Check whether a user is a member of a group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}/users/{user_id}',
|
||||
'method': 'HEAD'},
|
||||
{'path': '/v3/groups/{group_id}/users/{user_id}',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'add_user_to_group',
|
||||
check_str=base.RULE_ADMIN_REQUIRED)
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Add user to group.',
|
||||
operations=[{'path': '/v3/groups/{group_id}/users/{user_id}',
|
||||
'method': 'PUT'}])
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue