Merge "Move trust to DocumentedRuleDefault"

This commit is contained in:
Jenkins 2017-07-13 01:15:17 +00:00 committed by Gerrit Code Review
commit a43d5a6893
3 changed files with 41 additions and 10 deletions

View File

@ -112,6 +112,7 @@ identity:list_trusts GET /v3/OS-TRUST/trus
identity:list_roles_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles identity:list_roles_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles
identity:get_role_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id} identity:get_role_for_trust GET /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}
identity:delete_trust DELETE /v3/OS-TRUST/trusts/{trust_id} identity:delete_trust DELETE /v3/OS-TRUST/trusts/{trust_id}
identity:get_trust GET /v3/OS-TRUST/trusts/{trust_id}
identity:create_consumer POST /v3/OS-OAUTH1/consumers identity:create_consumer POST /v3/OS-OAUTH1/consumers
identity:get_consumer GET /v3/OS-OAUTH1/consumers/{consumer_id} identity:get_consumer GET /v3/OS-OAUTH1/consumers/{consumer_id}

View File

@ -140,6 +140,7 @@
"identity:list_roles_for_trust": "", "identity:list_roles_for_trust": "",
"identity:get_role_for_trust": "", "identity:get_role_for_trust": "",
"identity:delete_trust": "", "identity:delete_trust": "",
"identity:get_trust": "",
"identity:create_consumer": "rule:admin_required", "identity:create_consumer": "rule:admin_required",
"identity:get_consumer": "rule:admin_required", "identity:get_consumer": "rule:admin_required",

View File

@ -15,21 +15,50 @@ from oslo_policy import policy
from keystone.common.policies import base from keystone.common.policies import base
trust_policies = [ trust_policies = [
policy.RuleDefault( policy.DocumentedRuleDefault(
name=base.IDENTITY % 'create_trust', name=base.IDENTITY % 'create_trust',
check_str=base.RULE_TRUST_OWNER), check_str=base.RULE_TRUST_OWNER,
policy.RuleDefault( description='Create trust.',
operations=[{'path': '/v3/OS-TRUST/trusts',
'method': 'POST'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'list_trusts', name=base.IDENTITY % 'list_trusts',
check_str=''), check_str='',
policy.RuleDefault( description='List trusts.',
operations=[{'path': '/v3/OS-TRUST/trusts',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'list_roles_for_trust', name=base.IDENTITY % 'list_roles_for_trust',
check_str=''), check_str='',
policy.RuleDefault( description='List roles delegated by a trust.',
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_role_for_trust', name=base.IDENTITY % 'get_role_for_trust',
check_str=''), check_str='',
policy.RuleDefault( description='Check if trust delegates a particular role.',
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}',
'method': 'HEAD'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'delete_trust', name=base.IDENTITY % 'delete_trust',
check_str=''), check_str='',
description='Revoke trust.',
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
'method': 'DELETE'}]),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_trust',
check_str='',
description='Get trust.',
operations=[{'path': '/v3/OS-TRUST/trusts/{trust_id}',
'method': 'GET'},
{'path': '/v3/OS-TRUST/trusts/{trust_id}',
'method': 'HEAD'}])
] ]