From 67cb0d7b2ca9742b3b2f7ae042d114e3b9b2bf9c Mon Sep 17 00:00:00 2001
From: Anthony Washington <anthony.washington@intel.com>
Date: Thu, 23 Mar 2017 16:18:13 +0000
Subject: [PATCH] Move region policies to DocumentedRuleDefault

A new policy class was introduce that requires
additional parameters when defining policy objects.

This patch switches our region policy object to
the policy.DocumentedRuleDefault and fills the
required policy parameters as needed.

Change-Id: I43c581607b0d0207a27f475b4f4cf8c5c8302e8e
Partially-Implements: bp policy-docs
---
 keystone/common/policies/region.py | 41 ++++++++++++++++++++++--------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/keystone/common/policies/region.py b/keystone/common/policies/region.py
index f600b1083e..436f324720 100644
--- a/keystone/common/policies/region.py
+++ b/keystone/common/policies/region.py
@@ -15,21 +15,42 @@ from oslo_policy import policy
 from keystone.common.policies import base
 
 region_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'get_region',
-        check_str=''),
-    policy.RuleDefault(
+        check_str='',
+        description='Show region details.',
+        operations=[{'path': '/v3/regions/{region_id}',
+                     'method': 'GET'},
+                    {'path': '/v3/regions/{region_id}',
+                     'method': 'HEAD'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'list_regions',
-        check_str=''),
-    policy.RuleDefault(
+        check_str='',
+        description='List regions.',
+        operations=[{'path': '/v3/regions',
+                     'method': 'GET'},
+                    {'path': '/v3/regions',
+                     'method': 'HEAD'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'create_region',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Create region.',
+        operations=[{'path': '/v3/regions',
+                     'method': 'POST'},
+                    {'path': '/v3/regions/{region_id}',
+                     'method': 'PUT'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'update_region',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Update region.',
+        operations=[{'path': '/v3/regions/{region_id}',
+                     'method': 'PATCH'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'delete_region',
-        check_str=base.RULE_ADMIN_REQUIRED),
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Delete region.',
+        operations=[{'path': '/v3/regions/{region_id}',
+                     'method': 'DELETE'}])
 ]