Move trust to DocumentedRuleDefault
A new policy class was introduced that requires additional parameters when defining policy objects. This patch switches our trust policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Implements: bp policy-docs Change-Id: I7d4bab14ff257ede59a1b49088e16842e5b59a64
This commit is contained in:
parent
9b3d99ea24
commit
8f09c9cf0b
|
@ -112,6 +112,7 @@ identity:list_trusts GET /v3/OS-TRUST/trus
|
|||
identity:list_roles_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles
|
||||
identity:get_role_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}
|
||||
identity:delete_trust DELETE /v3/OS-TRUST/trusts/{trust_id}
|
||||
identity:get_trust GET /v3/OS-TRUST/trusts/{trust_id}
|
||||
|
||||
identity:create_consumer POST /v3/OS-OAUTH1/consumers
|
||||
identity:get_consumer GET /v3/OS-OAUTH1/consumers/{consumer_id}
|
||||
|
|
|
@ -140,6 +140,7 @@
|
|||
"identity:list_roles_for_trust": "",
|
||||
"identity:get_role_for_trust": "",
|
||||
"identity:delete_trust": "",
|
||||
"identity:get_trust": "",
|
||||
|
||||
"identity:create_consumer": "rule:admin_required",
|
||||
"identity:get_consumer": "rule:admin_required",
|
||||
|
|
|
@ -15,21 +15,50 @@ from oslo_policy import policy
|
|||
from keystone.common.policies import base
|
||||
|
||||
trust_policies = [
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'create_trust',
|
||||
check_str=base.RULE_TRUST_OWNER),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_TRUST_OWNER,
|
||||
description='Create trust.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_trusts',
|
||||
check_str=''),
|
||||
policy.RuleDefault(
|
||||
check_str='',
|
||||
description='List trusts.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/OS-TRUST/trusts',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_roles_for_trust',
|
||||
check_str=''),
|
||||
policy.RuleDefault(
|
||||
check_str='',
|
||||
description='List roles delegated by a trust.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_role_for_trust',
|
||||
check_str=''),
|
||||
policy.RuleDefault(
|
||||
check_str='',
|
||||
description='Check if trust delegates a particular role.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_trust',
|
||||
check_str=''),
|
||||
check_str='',
|
||||
description='Revoke trust.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||
'method': 'DELETE'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_trust',
|
||||
check_str='',
|
||||
description='Get trust.',
|
||||
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/OS-TRUST/trusts/{trust_id}',
|
||||
'method': 'HEAD'}])
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue