Move endpoint policies to DocumentedRuleDefault

A new policy class was introduce that requires additional parameters when defining policy objects. This patch switches our endpoint policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: If4807db929cc603354650b53e9e86114d225130b Partially-Implements: bp policy-docs
2017-03-23 16:12:30 +00:00 · 2017-03-23 16:12:30 +00:00 · 9f7f69b205
parent 9034755743
commit 9f7f69b205
1 changed files with 25 additions and 10 deletions
--- a/keystone/common/policies/endpoint.py
+++ b/keystone/common/policies/endpoint.py
@ -15,21 +15,36 @@ from oslo_policy import policy
 from keystone.common.policies import base

 endpoint_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'get_endpoint',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Show endpoint details.',
+        operations=[{'path': '/v3/endpoints/{endpoint_id}',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_endpoints',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='List endpoints.',
+        operations=[{'path': '/v3/endpoints',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'create_endpoint',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Create endpoint.',
+        operations=[{'path': '/v3/endpoints',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'update_endpoint',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Update endpoint.',
+        operations=[{'path': '/v3/endpoints/{endpoint_id}',
+                     'method': 'PATCH'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'delete_endpoint',
-        check_str=base.RULE_ADMIN_REQUIRED)
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='Delete endpoint.',
+        operations=[{'path': '/v3/endpoints/{endpoint_id}',
+                     'method': 'DELETE'}])
 ]