Remove 'create_rule_default'

This is a simple wrapper for an oslo.policy function, so remove it.

Also fixes the alignment in the agents policy module to be like
all the others.

Change-Id: I8a45cff3b1abea98bf04f111bdd6a9ace91a9980
Implements: blueprint policy-docs

nova/policies/admin_actions.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-admin-actions:%s'
 
 
 admin_actions_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'reset_state',
         base.RULE_ADMIN_API,
         "Reset the state of a given server",
@@ -30,7 +32,7 @@ admin_actions_policies = [
                 'path': '/servers/{server_id}/action (os-resetState)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'inject_network_info',
         base.RULE_ADMIN_API,
         "Inject network information into the server",
@@ -40,7 +42,7 @@ admin_actions_policies = [
                 'path': '/servers/{server_id}/action (injectNetworkInfo)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'reset_network',
         base.RULE_ADMIN_API,
         "Reset networking on a server",

nova/policies/admin_password.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-admin-password'
 
 
 admin_password_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Change the administrative password for a server",

nova/policies/agents.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-agents'
 
 
 agents_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Create, list, update, and delete guest agent builds
@@ -28,10 +30,24 @@ agents_policies = [
 This is XenAPI driver specific. It is used to force the upgrade of the
 XenAPI guest agent on instance boot.
 """,
-        [{'path': '/os-agents', 'method': 'GET'},
+        [
-         {'path': '/os-agents', 'method': 'POST'},
+            {
-         {'path': '/os-agents/{agent_build_id}', 'method': 'PUT'},
+                'path': '/os-agents',
-         {'path': '/os-agents/{agent_build_id}', 'method': 'DELETE'}]),
+                'method': 'GET'
+            },
+            {
+                'path': '/os-agents',
+                'method': 'POST'
+            },
+            {
+                'path': '/os-agents/{agent_build_id}',
+                'method': 'PUT'
+            },
+            {
+                'path': '/os-agents/{agent_build_id}',
+                'method': 'DELETE'
+            }
+        ]),
 ]
 
 

nova/policies/aggregates.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-aggregates:%s'
 
 
 aggregates_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'set_metadata',
         base.RULE_ADMIN_API,
         "Create or replace metadata for an aggregate",
@@ -30,7 +32,7 @@ aggregates_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'add_host',
         base.RULE_ADMIN_API,
         "Add a host to an aggregate.",
@@ -40,7 +42,7 @@ aggregates_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_API,
         "Create an aggregate",
@@ -50,7 +52,7 @@ aggregates_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'remove_host',
         base.RULE_ADMIN_API,
         "Remove a host from an aggregate",
@@ -60,7 +62,7 @@ aggregates_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         "Update name and/or availability zone for an aggregate",
@@ -70,7 +72,7 @@ aggregates_policies = [
                 'method': 'PUT'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_API,
         "List all aggregates",
@@ -80,7 +82,7 @@ aggregates_policies = [
                 'method': 'GET'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         "Delete an aggregate",
@@ -90,7 +92,7 @@ aggregates_policies = [
                 'method': 'DELETE'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_API,
         "Show details for an aggregate.",

nova/policies/assisted_volume_snapshots.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-assisted-volume-snapshots:%s'
 
 
 assisted_volume_snapshots_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_API,
         "Create an assisted volume snapshot",
@@ -30,7 +32,7 @@ assisted_volume_snapshots_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         "Delete an assisted volume snapshot",

nova/policies/attach_interfaces.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s'
 
 
 attach_interfaces_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "List port interfaces or show details of a port \
@@ -36,7 +38,7 @@ interface attached to a server",
                 'path': '/servers/{server_id}/os-interface/{port_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_OR_OWNER,
         'Attach an interface to a server',
@@ -46,7 +48,7 @@ interface attached to a server",
                 'path': '/servers/{server_id}/os-interface'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_OR_OWNER,
         'Detach an interface from a server',

nova/policies/availability_zone.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-availability-zone:%s'
 
 
 availability_zone_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'list',
         base.RULE_ADMIN_OR_OWNER,
         "Lists availability zone information without host information",
@@ -30,7 +32,7 @@ availability_zone_policies = [
                 'path': 'os-availability-zone'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'detail',
         base.RULE_ADMIN_API,
         "Lists detailed availability zone information with host information",

nova/policies/baremetal_nodes.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-baremetal-nodes'
 
 
 baremetal_nodes_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """List and show details of bare metal nodes.

nova/policies/base.py

@@ -28,11 +28,5 @@ rules = [
 ]
 
 
-# TODO(johngarbutt) we can remove this now
-def create_rule_default(name, check_str, description, operations):
-    return policy.DocumentedRuleDefault(name, check_str,
-                                        description, operations)
-
-
 def list_rules():
     return rules

nova/policies/cells.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-cells:%s'
 
 
 cells_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         'Update an existing cell',
@@ -31,7 +33,7 @@ cells_policies = [
                 'path': '/os-cells/{cell_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_API,
         'Create a new cell',
@@ -41,7 +43,7 @@ cells_policies = [
                 'path': '/os-cells'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         'List and get detailed info of a given cell or all cells',
@@ -67,7 +69,7 @@ cells_policies = [
                 'path': '/os-cells/{cell_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'sync_instances',
         base.RULE_ADMIN_API,
         'Sync instances info in all cells',
@@ -77,7 +79,7 @@ cells_policies = [
                 'path': '/os-cells/sync_instances'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         'Remove a cell',

nova/policies/config_drive.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-config-drive'
 
 
 config_drive_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Add 'config_drive' attribute in the server response.""",

nova/policies/console_auth_tokens.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-auth-tokens'
 
 
 console_auth_tokens_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         'Show console connection information for a given console \

nova/policies/console_output.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-console-output'
 
 
 console_output_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         'Show console output for a server',

nova/policies/consoles.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-consoles:%s'
 
 
 consoles_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_OR_OWNER,
         'Create a console for a server instance',
@@ -30,7 +32,7 @@ consoles_policies = [
                 'path': '/servers/{server_id}/consoles'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         'Show console details for a server instance',
@@ -40,7 +42,7 @@ consoles_policies = [
                 'path': '/servers/{server_id}/consoles/{console_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_OR_OWNER,
         'Delete a console for a server instance',
@@ -50,7 +52,7 @@ consoles_policies = [
                 'path': '/servers/{server_id}/consoles/{console_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         'List all consoles for a server instance',

nova/policies/create_backup.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-create-backup'
 
 
 create_backup_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         'Create a back up of a server',

nova/policies/deferred_delete.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-deferred-delete'
 
 
 deferred_delete_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         'Restore a soft deleted server or force delete a server before \

nova/policies/evacuate.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-evacuate'
 
 
 evacuate_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         "Evacuate a server from a failed host to a new host",

nova/policies/extended_availability_zone.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-availability-zone'
 
 
 extended_availability_zone_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Add `OS-EXT-AZ:availability_zone` into the server response.",

nova/policies/extended_server_attributes.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-server-attributes'
 
 
 extended_server_attributes_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Return extended attributes for server.

nova/policies/extended_status.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-status'
 
 
 extended_status_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Return extended status in the response of server.

nova/policies/extended_volumes.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-extended-volumes'
 
 
 extended_volumes_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Return 'os-extended-volumes:volumes_attached' in the response of "

nova/policies/extensions.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:extensions'
 
 
 extensions_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Lists available extensions and shows information for an extension "

nova/policies/fixed_ips.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-fixed-ips'
 
 
 fixed_ips_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Shows details for, reserve and unreserve a fixed IP address.

nova/policies/flavor_access.py

@@ -14,6 +14,8 @@
 #    under the License.
 
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -22,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-access:%s'
 
 
 flavor_access_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'add_tenant_access',
         base.RULE_ADMIN_API,
         "Add flavor access to a tenant",
@@ -32,7 +34,7 @@ flavor_access_policies = [
                 'path': '/flavors/{flavor_id}/action (addTenantAccess)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'remove_tenant_access',
         base.RULE_ADMIN_API,
         "Remove flavor access from a tenant",
@@ -42,7 +44,7 @@ flavor_access_policies = [
                 'path': '/flavors/{flavor_id}/action (removeTenantAccess)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Allow the listing of flavor access information

nova/policies/flavor_extra_specs.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-flavor-extra-specs:%s'
 
 
 flavor_extra_specs_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Show an extra spec for a flavor",
@@ -32,7 +34,7 @@ flavor_extra_specs_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_API,
         "Create extra specs for a flavor",
@@ -43,7 +45,7 @@ flavor_extra_specs_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         "Update an extra spec for a flavor",
@@ -55,7 +57,7 @@ flavor_extra_specs_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         "Delete an extra spec for a flavor",
@@ -67,7 +69,7 @@ flavor_extra_specs_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         "List extra specs for a flavor",

nova/policies/flavor_manage.py

@@ -14,6 +14,8 @@
 #    under the License.
 
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-manage'
 
 
 flavor_manage_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         "Create and delete Flavors",

nova/policies/flavor_rxtx.py

@@ -14,6 +14,8 @@
 #    under the License.
 
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-flavor-rxtx'
 
 
 flavor_rxtx_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Adds the rxtx_factor key into some Flavor APIs",

nova/policies/floating_ip_dns.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-floating-ip-dns:%s'
 
 
 floating_ip_dns_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """List registered DNS domains, and CRUD actions on domain names.
@@ -49,7 +51,7 @@ Note this only works with nova-network and this API is deprecated.""",
                 'path': '/os-floating-ip-dns/{domain}/entries/{name}'
             },
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'domain:update',
         base.RULE_ADMIN_API,
         "Create or update a DNS domain.",
@@ -59,7 +61,7 @@ Note this only works with nova-network and this API is deprecated.""",
                 'path': '/os-floating-ip-dns/{domain}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'domain:delete',
         base.RULE_ADMIN_API,
         "Delete a DNS domain.",

nova/policies/floating_ip_pools.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools'
 
 
 floating_ip_pools_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "List floating IP pools. This API is deprecated.",

nova/policies/floating_ips.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips'
 
 
 floating_ips_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Manage a project's floating IPs. These APIs are all deprecated.",

nova/policies/floating_ips_bulk.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips-bulk'
 
 
 floating_ips_bulk_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         "Bulk-create, delete, and list floating IPs. API is deprecated.",

nova/policies/fping.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-fping:%s'
 
 
 fping_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'all_tenants',
         base.RULE_ADMIN_API,
         """Pings instances for all projects and reports which instances
@@ -35,7 +37,7 @@ which itself is deprecated.""",
                 'path': '/os-fping?all_tenants=true'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Pings instances, particular instance and reports which instances

nova/policies/hide_server_addresses.py

@@ -13,13 +13,13 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from nova.policies import base
+from oslo_policy import policy
 
 BASE_POLICY_NAME = 'os_compute_api:os-hide-server-addresses'
 
 
 hide_server_addresses_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         'is_admin:False',
         """Hide server's 'addresses' key in the server response.

nova/policies/hosts.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hosts'
 
 
 hosts_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """List, Show and Manage physical hosts.

nova/policies/hypervisors.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-hypervisors'
 
 
 hypervisors_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Policy rule for hypervisor related APIs.

nova/policies/image_size.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:image-size'
 
 
 image_size_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Add 'OS-EXT-IMG-SIZE:size' attribute in the image response.""",

nova/policies/instance_actions.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-instance-actions:%s'
 
 
 instance_actions_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'events',
         base.RULE_ADMIN_API,
         """Add events details in action details for a server.
@@ -34,7 +36,7 @@ os_compute_api:os-instance-actions passes""",
                 'path': '/servers/{server_id}/os-instance-actions/{request_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """List actions and show action details for a server.""",

nova/policies/instance_usage_audit_log.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-instance-usage-audit-log'
 
 
 instance_usage_audit_log_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Lists all usage audits and that occurred before a specified time

nova/policies/ips.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:ips:%s'
 
 
 ips_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         """Shows IP addresses details for a network label of a server.""",
@@ -30,7 +32,7 @@ ips_policies = [
                 'path': '/servers/{server_id}/ips/{network_label}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         """Lists IP addresses that are assigned to a server.""",

nova/policies/keypairs.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-keypairs:%s'
 
 
 keypairs_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         'rule:admin_api or user_id:%(user_id)s',
         "List all keypairs",
@@ -31,7 +33,7 @@ keypairs_policies = [
                 'method': 'GET'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         'rule:admin_api or user_id:%(user_id)s',
         "Create a keypair",
@@ -41,7 +43,7 @@ keypairs_policies = [
                 'method': 'POST'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         'rule:admin_api or user_id:%(user_id)s',
         "Delete a keypair",
@@ -51,7 +53,7 @@ keypairs_policies = [
                 'method': 'DELETE'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         'rule:admin_api or user_id:%(user_id)s',
         "Show details of a keypair",
@@ -61,7 +63,7 @@ keypairs_policies = [
                 'method': 'GET'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Return 'key_name' in the response of server.",

nova/policies/limits.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:limits'
 
 
 limits_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Shows rate and absolute limits for the project.""",

nova/policies/lock_server.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-lock-server:%s'
 
 
 lock_server_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'lock',
         base.RULE_ADMIN_OR_OWNER,
         "Lock a server",
@@ -31,7 +33,7 @@ lock_server_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'unlock',
         base.RULE_ADMIN_OR_OWNER,
         "Unlock a server",
@@ -42,7 +44,7 @@ lock_server_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'unlock:unlock_override',
         base.RULE_ADMIN_API,
         """Unlock a server, regardless who locked the server.

nova/policies/migrate_server.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrate-server:%s'
 
 
 migrate_server_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'migrate',
         base.RULE_ADMIN_API,
         "Cold migrate a server to a host",
@@ -30,7 +32,7 @@ migrate_server_policies = [
                 'path': '/servers/{server_id}/action (migrate)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'migrate_live',
         base.RULE_ADMIN_API,
         "Live migrate a server to a new host without a reboot",

nova/policies/migrations.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-migrations:%s'
 
 
 migrations_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_API,
         "List migrations",

nova/policies/multinic.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-multinic'
 
 
 multinic_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Adds or Removes a fixed IP address from a server.

nova/policies/networks.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -21,7 +23,7 @@ POLICY_ROOT = 'os_compute_api:os-networks:%s'
 
 
 networks_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Create and delete a network, add and disassociate a network
@@ -46,7 +48,7 @@ These APIs are only available with nova-network which is deprecated.""",
                 'path': '/os-networks/{network_id}/action (disassociate)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'view',
         base.RULE_ADMIN_OR_OWNER,
         """List networks for the project and show details for a network.

nova/policies/networks_associate.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-networks-associate'
 
 
 networks_associate_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Associates and Disassociates a network from a host or project.

nova/policies/pause_server.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-pause-server:%s'
 
 
 pause_server_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'pause',
         base.RULE_ADMIN_OR_OWNER,
         "Pause a server.",
@@ -31,7 +33,7 @@ pause_server_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'unpause',
         base.RULE_ADMIN_OR_OWNER,
         "Unpause a paused server.",

nova/policies/quota_class_sets.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-class-sets:%s'
 
 
 quota_class_sets_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         'is_admin:True or quota_class:%(quota_class)s',
         "List quotas for specific quota classs",
@@ -30,7 +32,7 @@ quota_class_sets_policies = [
                 'path': '/os-quota-class-sets/{quota_class}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         'Update quotas for specific quota class',

nova/policies/quota_sets.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-quota-sets:%s'
 
 
 quota_sets_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         "Update the quotas",
@@ -30,7 +32,7 @@ quota_sets_policies = [
                 'path': '/os-quota-sets/{tenant_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'defaults',
         base.RULE_ANY,
         "List default quotas",
@@ -40,7 +42,7 @@ quota_sets_policies = [
                 'path': '/os-quota-sets/{tenant_id}/defaults'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Show a quota",
@@ -50,7 +52,7 @@ quota_sets_policies = [
                 'path': '/os-quota-sets/{tenant_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         "Revert quotas to defaults",
@@ -60,7 +62,7 @@ quota_sets_policies = [
                 'path': '/os-quota-sets/{tenant_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'detail',
         base.RULE_ADMIN_API,
         "Show the detail of quota",

nova/policies/remote_consoles.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-remote-consoles'
 
 
 remote_consoles_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Generates a URL to access remove server console",

nova/policies/rescue.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-rescue'
 
 
 rescue_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Rescue/unrescue a server",

nova/policies/security_group_default_rules.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-group-default-rules'
 
 
 security_group_default_rules_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Lists, shows information for, creates and deletes default security

nova/policies/security_groups.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-security-groups'
 
 
 security_groups_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """This policy checks permission on security groups related APIs.

nova/policies/server_diagnostics.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-diagnostics'
 
 
 server_diagnostics_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         "Shows the usage data for a server",

nova/policies/server_external_events.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-external-events:%s'
 
 
 server_external_events_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_API,
         "Creates one or more external events",

nova/policies/server_groups.py

@@ -29,7 +29,7 @@ server_groups_policies = [
         name=BASE_POLICY_NAME,
         check_str=base.RULE_ADMIN_OR_OWNER,
         description='Deprecated in Pike and will be removed in next release'),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         BASE_POLICY_RULE,
         "Create a new server group",
@@ -40,7 +40,7 @@ server_groups_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         BASE_POLICY_RULE,
         "Delete a server group",
@@ -51,7 +51,7 @@ server_groups_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         BASE_POLICY_RULE,
         "List all server groups",
@@ -62,7 +62,7 @@ server_groups_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         BASE_POLICY_RULE,
         "Show details of a server group",

nova/policies/server_metadata.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:server-metadata:%s'
 
 
 server_metadata_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         "List all metadata of a server",
@@ -31,7 +33,7 @@ server_metadata_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Show metadata for a server",
@@ -42,7 +44,7 @@ server_metadata_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_OR_OWNER,
         "Create metadata for a server",
@@ -53,7 +55,7 @@ server_metadata_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update_all',
         base.RULE_ADMIN_OR_OWNER,
         "Replace metadata for a server",
@@ -64,7 +66,7 @@ server_metadata_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_OR_OWNER,
         "Update metadata from a server",
@@ -75,7 +77,7 @@ server_metadata_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_OR_OWNER,
         "Delete metadata from a server",

nova/policies/server_password.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-password'
 
 
 server_password_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         "Show and clear the encrypted administrative password of a server",

nova/policies/server_tags.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-server-tags:%s'
 
 
 server_tags_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete_all',
         base.RULE_ADMIN_OR_OWNER,
         "Delete all the server tags",
@@ -30,7 +32,7 @@ server_tags_policies = [
                 'path': '/servers/{server_id}/tags'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         "List all tags for given server",
@@ -40,7 +42,7 @@ server_tags_policies = [
                 'path': '/servers/{server_id}/tags'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update_all',
         base.RULE_ADMIN_OR_OWNER,
         "Replace all tags on specified server with the new set of tags.",
@@ -51,7 +53,7 @@ server_tags_policies = [
 
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_OR_OWNER,
         "Delete a single tag from the specified server",
@@ -62,7 +64,7 @@ server_tags_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_OR_OWNER,
         "Add a single tag to the server if server has no specified tag",
@@ -73,7 +75,7 @@ server_tags_policies = [
             }
         ]
     ),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Check tag existence on the server.",

nova/policies/server_usage.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-server-usage'
 
 
 server_usage_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Add 'OS-SRV-USG:launched_at' & 'OS-SRV-USG:terminated_at' attribute

nova/policies/servers.py

@@ -11,6 +11,8 @@
 #    under the License.
 
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -18,7 +20,7 @@ RULE_AOO = base.RULE_ADMIN_OR_OWNER
 SERVERS = 'os_compute_api:servers:%s'
 
 rules = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'index',
         RULE_AOO,
         "List all servers",
@@ -28,7 +30,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'detail',
         RULE_AOO,
         "List all servers with detailed information",
@@ -38,7 +40,7 @@ rules = [
                 'path': '/servers/detail'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'index:get_all_tenants',
         base.RULE_ADMIN_API,
         "List all servers for all projects",
@@ -48,7 +50,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'detail:get_all_tenants',
         base.RULE_ADMIN_API,
         "List all servers with detailed information for all projects",
@@ -58,7 +60,7 @@ rules = [
                 'path': '/servers/detail'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'show',
         RULE_AOO,
         "Show a server",
@@ -70,7 +72,7 @@ rules = [
         ]),
     # the details in host_status are pretty sensitive, only admins
     # should do that by default.
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'show:host_status',
         base.RULE_ADMIN_API,
         "Show a server with additional host status information",
@@ -84,7 +86,7 @@ rules = [
                 'path': '/servers/detail'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create',
         RULE_AOO,
         "Create a server",
@@ -94,7 +96,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create:forced_host',
         base.RULE_ADMIN_API,
         "Create a server on the specified host",
@@ -104,7 +106,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create:attach_volume',
         RULE_AOO,
         "Create a server with the requested volume attached to it",
@@ -114,7 +116,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create:attach_network',
         RULE_AOO,
         "Create a server with the requested network attached to it",
@@ -124,7 +126,7 @@ rules = [
                 'path': '/servers'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'delete',
         RULE_AOO,
         "Delete a server",
@@ -134,7 +136,7 @@ rules = [
                 'path': '/servers/{server_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'update',
         RULE_AOO,
         "Update a server",
@@ -144,7 +146,7 @@ rules = [
                 'path': '/servers/{server_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'confirm_resize',
         RULE_AOO,
         "Confirm a server resize",
@@ -154,7 +156,7 @@ rules = [
                 'path': '/servers/{server_id}/action (confirmResize)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'revert_resize',
         RULE_AOO,
         "Revert a server resize",
@@ -164,7 +166,7 @@ rules = [
                 'path': '/servers/{server_id}/action (revertResize)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'reboot',
         RULE_AOO,
         "Reboot a server",
@@ -174,7 +176,7 @@ rules = [
                 'path': '/servers/{server_id}/action (reboot)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'resize',
         RULE_AOO,
         "Resize a server",
@@ -184,7 +186,7 @@ rules = [
                 'path': '/servers/{server_id}/action (resize)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'rebuild',
         RULE_AOO,
         "Rebuild a server",
@@ -194,7 +196,7 @@ rules = [
                 'path': '/servers/{server_id}/action (rebuild)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create_image',
         RULE_AOO,
         "Create an image from a server",
@@ -204,7 +206,7 @@ rules = [
                 'path': '/servers/{server_id}/action (createImage)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'create_image:allow_volume_backed',
         RULE_AOO,
         "Create an image from a volume backed server",
@@ -214,7 +216,7 @@ rules = [
                 'path': '/servers/{server_id}/action (createImage)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'start',
         RULE_AOO,
         "Start a server",
@@ -224,7 +226,7 @@ rules = [
                 'path': '/servers/{server_id}/action (os-start)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'stop',
         RULE_AOO,
         "Stop a server",
@@ -234,7 +236,7 @@ rules = [
                 'path': '/servers/{server_id}/action (os-stop)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         SERVERS % 'trigger_crash_dump',
         RULE_AOO,
         "Trigger crash dump in a server",

nova/policies/servers_migrations.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:servers:migrations:%s'
 
 
 servers_migrations_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_API,
         "Show details for an in-progress live migration for a given server",
@@ -30,7 +32,7 @@ servers_migrations_policies = [
                 'path': '/servers/{server_id}/migrations/{migration_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'force_complete',
         base.RULE_ADMIN_API,
         "Force an in-progress live migration for a given server to complete",
@@ -41,7 +43,7 @@ servers_migrations_policies = [
                         '/action (force_complete)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_API,
         "Delete(Abort) an in-progress live migration",
@@ -51,7 +53,7 @@ servers_migrations_policies = [
                 'path': '/servers/{server_id}/migrations/{migration_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_API,
         "Lists in-progress live migrations for a given server",

nova/policies/services.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-services'
 
 
 services_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Lists all running Compute services in a region, enables \

nova/policies/shelve.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-shelve:%s'
 
 
 shelve_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'shelve',
         base.RULE_ADMIN_OR_OWNER,
         "Shelve Server",
@@ -30,7 +32,7 @@ shelve_policies = [
                 'path': '/servers/{server_id}/action (shelve)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'unshelve',
         base.RULE_ADMIN_OR_OWNER,
         "Unshelve (Restore) Shelved Server",
@@ -40,7 +42,7 @@ shelve_policies = [
                 'path': '/servers/{server_id}/action (unshelve)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'shelve_offload',
         base.RULE_ADMIN_API,
         "Shelf-Offload (Remove) Server",

nova/policies/simple_tenant_usage.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-simple-tenant-usage:%s'
 
 
 simple_tenant_usage_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Show usage statistics for a specific tenant.",
@@ -30,7 +32,7 @@ simple_tenant_usage_policies = [
                 'path': '/os-simple-tenant-usage/{tenant_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'list',
         base.RULE_ADMIN_API,
         "List per tenant usage statistics for all tenants.",

nova/policies/suspend_server.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-suspend-server:%s'
 
 
 suspend_server_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'resume',
         base.RULE_ADMIN_OR_OWNER,
         "Resume suspended server",
@@ -30,7 +32,7 @@ suspend_server_policies = [
                 'path': '/servers/{server_id}/action (resume)'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'suspend',
         base.RULE_ADMIN_OR_OWNER,
         "Suspend server",

nova/policies/tenant_networks.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-tenant-networks'
 
 
 tenant_networks_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Creates, lists, shows information for, and deletes

nova/policies/used_limits.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -22,7 +24,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-used-limits'
 used_limits_policies = [
     # TODO(aunnam): Remove this rule after we seperate the scope check from
     # policies, as this is only checking the scope.
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_API,
         """Shows rate and absolute limits for the project.

nova/policies/virtual_interfaces.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-virtual-interfaces'
 
 
 virtual_interfaces_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """List Virtual Interfaces.

nova/policies/volumes.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ BASE_POLICY_NAME = 'os_compute_api:os-volumes'
 
 
 volumes_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         BASE_POLICY_NAME,
         base.RULE_ADMIN_OR_OWNER,
         """Manages volumes for use with the Compute API.

nova/policies/volumes_attachments.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo_policy import policy
+
 from nova.policies import base
 
 
@@ -20,7 +22,7 @@ POLICY_ROOT = 'os_compute_api:os-volumes-attachments:%s'
 
 
 volumes_attachments_policies = [
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'index',
         base.RULE_ADMIN_OR_OWNER,
         "List volume attachments for an instance",
@@ -29,7 +31,7 @@ volumes_attachments_policies = [
              'path': '/servers/{server_id}/os-volume_attachments'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'create',
         base.RULE_ADMIN_OR_OWNER,
         "Attach a volume to an instance",
@@ -39,7 +41,7 @@ volumes_attachments_policies = [
                 'path': '/servers/{server_id}/os-volume_attachments'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'show',
         base.RULE_ADMIN_OR_OWNER,
         "Show details of a volume attachment",
@@ -50,7 +52,7 @@ volumes_attachments_policies = [
                  '/servers/{server_id}/os-volume_attachments/{attachment_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'update',
         base.RULE_ADMIN_API,
         "Update a volume attachment",
@@ -61,7 +63,7 @@ volumes_attachments_policies = [
                  '/servers/{server_id}/os-volume_attachments/{attachment_id}'
             }
         ]),
-    base.create_rule_default(
+    policy.DocumentedRuleDefault(
         POLICY_ROOT % 'delete',
         base.RULE_ADMIN_OR_OWNER,
         "Detach a volume from an instance",