Move ec2 credential policies to DocumentedRuleDefault

A new policy class was introduced that requires additional parameters when defining policy objects. This patch switches our ec2 credential policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: I80f47137a8dd2d2399a873caae2075da576f336a Partially-Implements: bp policy-docs
2017-03-23 17:25:50 +00:00 · 2017-03-23 17:25:50 +00:00 · d6a3a98d85
parent 459f078d0c
commit d6a3a98d85
1 changed files with 22 additions and 8 deletions
--- a/keystone/common/policies/ec2_credential.py
+++ b/keystone/common/policies/ec2_credential.py
@ -15,18 +15,32 @@ from oslo_policy import policy
 from keystone.common.policies import base

 ec2_credential_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'ec2_get_credential',
-        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
+        description='Show ec2 credential details.',
+        operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
+                              '{credential_id}'),
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'ec2_list_credentials',
-        check_str=base.RULE_ADMIN_OR_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description='List ec2 credentials.',
+        operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'ec2_create_credential',
-        check_str=base.RULE_ADMIN_OR_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description='Create ec2 credential.',
+        operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'ec2_delete_credential',
-        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
+        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
+        description='Delete ec2 credential.',
+        operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
+                              '{credential_id}'),
+                     'method': 'DELETE'}])
 ]