Move role assignment to DocumentedRuleDefault

A new policy class was introduce that requires additional parameters when defining policy objects. This patch switches our role assignment policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: I6923a191f1c7f5856eee0b282309332895abb3ee Partially-Implements: bp policy-docs
2017-03-23 17:55:22 +00:00 · 2017-03-23 17:55:22 +00:00 · b8121af17d
parent 9034755743
commit b8121af17d
1 changed files with 15 additions and 4 deletions
--- a/keystone/common/policies/role_assignment.py
+++ b/keystone/common/policies/role_assignment.py
@ -15,12 +15,23 @@ from oslo_policy import policy
 from keystone.common.policies import base

 role_assignment_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_role_assignments',
-        check_str=base.RULE_ADMIN_REQUIRED),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description='List role assignments.',
+        operations=[{'path': '/v3/role_assignments',
+                     'method': 'GET'},
+                    {'path': '/v3/role_assignments',
+                     'method': 'HEAD'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_role_assignments_for_tree',
-        check_str=base.RULE_ADMIN_REQUIRED),
+        check_str=base.RULE_ADMIN_REQUIRED,
+        description=('List all role assignments for a given tree of '
+                     'hierarchical projects.'),
+        operations=[{'path': '/v3/role_assignments?include_subtree',
+                     'method': 'GET'},
+                    {'path': '/v3/role_assignments?include_subtree',
+                     'method': 'HEAD'}])
 ]