Move project endpoint to DocumentedRuleDefault
A new policy class was introduce that requires additional parameters when defining policy objects This patch switches our project endpoint policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: Ifc43008837b82e4b99ada844daa85472481fa904 Partially-Implements: bp policy-docs
This commit is contained in:
parent
9034755743
commit
273e8417d4
|
@ -16,21 +16,45 @@ from keystone.common.policies import base
|
|||
|
||||
project_endpoint_policies = [
|
||||
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_projects_for_endpoint',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List projects allowed to access an endpoint.',
|
||||
operations=[{'path': ('/v3/OS-EP-FILTER/endpoints/{endpoint_id}/'
|
||||
'projects'),
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'add_endpoint_to_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Allow project to access an endpoint.',
|
||||
operations=[{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
|
||||
'endpoints/{endpoint_id}'),
|
||||
'method': 'PUT'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'check_endpoint_in_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Check if a project is allowed to access an endpoint.',
|
||||
operations=[{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
|
||||
'endpoints/{endpoint_id}'),
|
||||
'method': 'GET'},
|
||||
{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
|
||||
'endpoints/{endpoint_id}'),
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_endpoints_for_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List the endpoints a project is allowed to access.',
|
||||
operations=[{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
|
||||
'endpoints'),
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'remove_endpoint_from_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED)
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description=('Remove access to an endpoint from a project that has '
|
||||
'previously been given explicit access.'),
|
||||
operations=[{'path': ('/v3/OS-EP-FILTER/projects/{project_id}/'
|
||||
'endpoints/{endpoint_id}'),
|
||||
'method': 'DELETE'}])
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue