Move ec2 credential policies to DocumentedRuleDefault
A new policy class was introduced that requires additional parameters when defining policy objects. This patch switches our ec2 credential policy object to the policy.DocumentedRuleDefault and fills the required policy parameters as needed. Change-Id: I80f47137a8dd2d2399a873caae2075da576f336a Partially-Implements: bp policy-docs
This commit is contained in:
parent
459f078d0c
commit
d6a3a98d85
@ -15,18 +15,32 @@ from oslo_policy import policy
|
|||||||
from keystone.common.policies import base
|
from keystone.common.policies import base
|
||||||
|
|
||||||
ec2_credential_policies = [
|
ec2_credential_policies = [
|
||||||
policy.RuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'ec2_get_credential',
|
name=base.IDENTITY % 'ec2_get_credential',
|
||||||
check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
|
check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
|
||||||
policy.RuleDefault(
|
description='Show ec2 credential details.',
|
||||||
|
operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
|
||||||
|
'{credential_id}'),
|
||||||
|
'method': 'GET'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'ec2_list_credentials',
|
name=base.IDENTITY % 'ec2_list_credentials',
|
||||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
policy.RuleDefault(
|
description='List ec2 credentials.',
|
||||||
|
operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
|
||||||
|
'method': 'GET'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'ec2_create_credential',
|
name=base.IDENTITY % 'ec2_create_credential',
|
||||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
policy.RuleDefault(
|
description='Create ec2 credential.',
|
||||||
|
operations=[{'path': '/v3/users/{user_id}/credentials/OS-EC2',
|
||||||
|
'method': 'POST'}]),
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
name=base.IDENTITY % 'ec2_delete_credential',
|
name=base.IDENTITY % 'ec2_delete_credential',
|
||||||
check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER),
|
check_str=base.RULE_ADMIN_OR_CREDENTIAL_OWNER,
|
||||||
|
description='Delete ec2 credential.',
|
||||||
|
operations=[{'path': ('/v3/users/{user_id}/credentials/OS-EC2/'
|
||||||
|
'{credential_id}'),
|
||||||
|
'method': 'DELETE'}])
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user