Move project policies to DocumentedRuleDefault

A new policy class was introduced that requires additional parameters when defining policy objects. This patch switches our project policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: Id71099b83920100fa141b588af65dbfd925b8483 Partially-Implements: bp policy-docs
2017-03-23 17:34:07 +00:00 · 2017-03-23 17:34:07 +00:00 · 2966f6f7fd
parent 9034755743
commit 2966f6f7fd
1 changed files with 30 additions and 12 deletions
--- a/keystone/common/policies/project.py
+++ b/keystone/common/policies/project.py
@ -15,24 +15,42 @@ from oslo_policy import policy
 from keystone.common.policies import base

 project_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'get_project',
-        check_str=base.RULE_ADMIN_OR_TARGET_PROJECT),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_TARGET_PROJECT,
+        description='Show project details.',
+        operations=[{'path': '/v3/projects/{project_id}',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_projects',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='List projects.',
+        operations=[{'path': '/v3/projects',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_user_projects',
-        check_str=base.RULE_ADMIN_OR_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description='List projects for user.',
+        operations=[{'path': '/v3/users/{user_id}/projects',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'create_project',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Create project.',
+        operations=[{'path': '/v3/projects',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'update_project',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Update project.',
+        operations=[{'path': '/v3/projects/{project_id}',
+                     'method': 'PATCH'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'delete_project',
-        check_str=base.RULE_ADMIN_REQUIRED)
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Delete project.',
+        operations=[{'path': '/v3/projects/{project_id}',
+                     'method': 'DELETE'}])
 ]