From 498ddaa81801954c7c75068ffa3baa28a8ca0f83 Mon Sep 17 00:00:00 2001 From: Anthony Washington Date: Thu, 23 Mar 2017 16:32:47 +0000 Subject: [PATCH] Move credential policies to DocumentedRuleDefault A new policy class was introduce that requires additional parameters when defining policy objects. This patch switches our credential policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: I52215694a753dcb4761421d8306700cf35491342 Partially-Implements: bp policy-docs --- keystone/common/policies/credential.py | 35 ++++++++++++++++++-------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/keystone/common/policies/credential.py b/keystone/common/policies/credential.py index 819129f640..d70c5975f9 100644 --- a/keystone/common/policies/credential.py +++ b/keystone/common/policies/credential.py @@ -15,21 +15,36 @@ from oslo_policy import policy from keystone.common.policies import base credential_policies = [ - policy.RuleDefault( + policy.DocumentedRuleDefault( name=base.IDENTITY % 'get_credential', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='Show credentials details.', + operations=[{'path': '/v3/credentials/{credential_id}', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'list_credentials', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='List credentials.', + operations=[{'path': '/v3/credentials', + 'method': 'GET'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'create_credential', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='Create credential.', + operations=[{'path': '/v3/credentials', + 'method': 'POST'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'update_credential', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='Update credential.', + operations=[{'path': '/v3/credentials/{credential_id}', + 'method': 'PATCH'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'delete_credential', - check_str=base.RULE_ADMIN_REQUIRED) + check_str=base.RULE_ADMIN_REQUIRED, + description='Delete credential.', + operations=[{'path': '/v3/credentials/{credential_id}', + 'method': 'DELETE'}]) ]