Move project policies to DocumentedRuleDefault
A new policy class was introduced that requires additional parameters when defining policy objects. This patch switches our project policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: Id71099b83920100fa141b588af65dbfd925b8483 Partially-Implements: bp policy-docs
This commit is contained in:
parent
9034755743
commit
2966f6f7fd
|
@ -15,24 +15,42 @@ from oslo_policy import policy
|
|||
from keystone.common.policies import base
|
||||
|
||||
project_policies = [
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_project',
|
||||
check_str=base.RULE_ADMIN_OR_TARGET_PROJECT),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_OR_TARGET_PROJECT,
|
||||
description='Show project details.',
|
||||
operations=[{'path': '/v3/projects/{project_id}',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_projects',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List projects.',
|
||||
operations=[{'path': '/v3/projects',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_user_projects',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='List projects for user.',
|
||||
operations=[{'path': '/v3/users/{user_id}/projects',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'create_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Create project.',
|
||||
operations=[{'path': '/v3/projects',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'update_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Update project.',
|
||||
operations=[{'path': '/v3/projects/{project_id}',
|
||||
'method': 'PATCH'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_project',
|
||||
check_str=base.RULE_ADMIN_REQUIRED)
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Delete project.',
|
||||
operations=[{'path': '/v3/projects/{project_id}',
|
||||
'method': 'DELETE'}])
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue