diff --git a/keystone/common/policies/project.py b/keystone/common/policies/project.py index 923cd99659..433c31d38b 100644 --- a/keystone/common/policies/project.py +++ b/keystone/common/policies/project.py @@ -15,24 +15,42 @@ from oslo_policy import policy from keystone.common.policies import base project_policies = [ - policy.RuleDefault( + policy.DocumentedRuleDefault( name=base.IDENTITY % 'get_project', - check_str=base.RULE_ADMIN_OR_TARGET_PROJECT), - policy.RuleDefault( + check_str=base.RULE_ADMIN_OR_TARGET_PROJECT, + description='Show project details.', + operations=[{'path': '/v3/projects/{project_id}', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'list_projects', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='List projects.', + operations=[{'path': '/v3/projects', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'list_user_projects', - check_str=base.RULE_ADMIN_OR_OWNER), - policy.RuleDefault( + check_str=base.RULE_ADMIN_OR_OWNER, + description='List projects for user.', + operations=[{'path': '/v3/users/{user_id}/projects', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'create_project', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='Create project.', + operations=[{'path': '/v3/projects', + 'method': 'POST'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'update_project', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='Update project.', + operations=[{'path': '/v3/projects/{project_id}', + 'method': 'PATCH'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'delete_project', - check_str=base.RULE_ADMIN_REQUIRED) + check_str=base.RULE_ADMIN_REQUIRED, + description='Delete project.', + operations=[{'path': '/v3/projects/{project_id}', + 'method': 'DELETE'}]) ]