From b8121af17d8b3030114aa4043c57fd0e62da8f22 Mon Sep 17 00:00:00 2001 From: Anthony Washington Date: Thu, 23 Mar 2017 17:55:22 +0000 Subject: [PATCH] Move role assignment to DocumentedRuleDefault A new policy class was introduce that requires additional parameters when defining policy objects. This patch switches our role assignment policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: I6923a191f1c7f5856eee0b282309332895abb3ee Partially-Implements: bp policy-docs --- keystone/common/policies/role_assignment.py | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/keystone/common/policies/role_assignment.py b/keystone/common/policies/role_assignment.py index c9f21c0b5e..efe31e8786 100644 --- a/keystone/common/policies/role_assignment.py +++ b/keystone/common/policies/role_assignment.py @@ -15,12 +15,23 @@ from oslo_policy import policy from keystone.common.policies import base role_assignment_policies = [ - policy.RuleDefault( + policy.DocumentedRuleDefault( name=base.IDENTITY % 'list_role_assignments', - check_str=base.RULE_ADMIN_REQUIRED), - policy.RuleDefault( + check_str=base.RULE_ADMIN_REQUIRED, + description='List role assignments.', + operations=[{'path': '/v3/role_assignments', + 'method': 'GET'}, + {'path': '/v3/role_assignments', + 'method': 'HEAD'}]), + policy.DocumentedRuleDefault( name=base.IDENTITY % 'list_role_assignments_for_tree', - check_str=base.RULE_ADMIN_REQUIRED), + check_str=base.RULE_ADMIN_REQUIRED, + description=('List all role assignments for a given tree of ' + 'hierarchical projects.'), + operations=[{'path': '/v3/role_assignments?include_subtree', + 'method': 'GET'}, + {'path': '/v3/role_assignments?include_subtree', + 'method': 'HEAD'}]) ]