From d6a3a98d851078fe1c2ab882f434185ba5c39f05 Mon Sep 17 00:00:00 2001
From: Anthony Washington <anthony.washington@intel.com>
Date: Thu, 23 Mar 2017 17:25:50 +0000
Subject: [PATCH] Move ec2 credential policies to DocumentedRuleDefault

A new policy class was introduced that requires
additional parameters when defining policy objects.

This patch switches our ec2 credential policy object to
the policy.DocumentedRuleDefault and fills the
required policy parameters as needed.

Change-Id: I80f47137a8dd2d2399a873caae2075da576f336a
Partially-Implements: bp policy-docs
---
 keystone/common/policies/ec2_credential.py | 30 ++++++++++++++++------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/keystone/common/policies/ec2_credential.py b/keystone/common/policies/ec2_credential.py
index 409906194f..c3a7c2deca 100644
--- a/keystone/common/policies/ec2_credential.py
+++ b/keystone/common/policies/ec2_credential.py
@@ -15,18 +15,32 @@ from oslo_policy import policy
 from keystone.common.policies import base
 
 ec2_credential_policies = [
-    policy.RuleDefault(
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'ec2_get_credential',
-        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
+        description='Show ec2 credential details.',
+        operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
+                              '{credential_id}'),
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'ec2_list_credentials',
-        check_str=base.RULE_ADMIN_OR_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description='List ec2 credentials.',
+        operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
+                     'method': 'GET'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'ec2_create_credential',
-        check_str=base.RULE_ADMIN_OR_OWNER),
-    policy.RuleDefault(
+        check_str=base.RULE_ADMIN_OR_OWNER,
+        description='Create ec2 credential.',
+        operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
+                     'method': 'POST'}]),
+    policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'ec2_delete_credential',
-        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
+        check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
+        description='Delete ec2 credential.',
+        operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
+                              '{credential_id}'),
+                     'method': 'DELETE'}])
 ]