diff --git a/nova/policies/floating_ip_dns.py b/nova/policies/floating_ip_dns.py index 7c0d32798d31..dbcdab3c17da 100644 --- a/nova/policies/floating_ip_dns.py +++ b/nova/policies/floating_ip_dns.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_policy import policy - from nova.policies import base @@ -23,15 +21,54 @@ POLICY_ROOT = 'os_compute_api:os-floating-ip-dns:%s' floating_ip_dns_policies = [ - policy.RuleDefault( - name=BASE_POLICY_NAME, - check_str=base.RULE_ADMIN_OR_OWNER), - policy.RuleDefault( - name=POLICY_ROOT % 'domain:update', - check_str=base.RULE_ADMIN_API), - policy.RuleDefault( - name=POLICY_ROOT % 'domain:delete', - check_str=base.RULE_ADMIN_API), + base.create_rule_default( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + """List registered DNS domains, and CRUD actions on domain names. + +Note this only works with nova-network and this API is deprecated.""", + [ + { + 'method': 'GET', + 'path': '/os-floating-ip-dns' + }, + { + 'method': 'GET', + 'path': '/os-floating-ip-dns/{domain}/entries/{ip}' + }, + { + 'method': 'GET', + 'path': '/os-floating-ip-dns/{domain}/entries/{name}' + }, + { + 'method': 'PUT', + 'path': '/os-floating-ip-dns/{domain}/entries/{name}' + }, + { + 'method': 'DELETE', + 'path': '/os-floating-ip-dns/{domain}/entries/{name}' + }, + ]), + base.create_rule_default( + POLICY_ROOT % 'domain:update', + base.RULE_ADMIN_API, + "Create or update a DNS domain.", + [ + { + 'method': 'PUT', + 'path': '/os-floating-ip-dns/{domain}' + } + ]), + base.create_rule_default( + POLICY_ROOT % 'domain:delete', + base.RULE_ADMIN_API, + "Delete a DNS domain.", + [ + { + 'method': 'DELETE', + 'path': '/os-floating-ip-dns/{domain}' + } + ]), ] diff --git a/nova/policies/floating_ip_pools.py b/nova/policies/floating_ip_pools.py index 2fd4b8afdee1..b825a924d641 100644 --- a/nova/policies/floating_ip_pools.py +++ b/nova/policies/floating_ip_pools.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_policy import policy - from nova.policies import base @@ -22,9 +20,16 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ip-pools' floating_ip_pools_policies = [ - policy.RuleDefault( - name=BASE_POLICY_NAME, - check_str=base.RULE_ADMIN_OR_OWNER), + base.create_rule_default( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + "List floating IP pools. This API is deprecated.", + [ + { + 'method': 'GET', + 'path': '/os-floating-ip-pools' + } + ]), ] diff --git a/nova/policies/floating_ips.py b/nova/policies/floating_ips.py index 8efb0d2f1698..42a0e4d7e32b 100644 --- a/nova/policies/floating_ips.py +++ b/nova/policies/floating_ips.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_policy import policy - from nova.policies import base @@ -22,9 +20,36 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips' floating_ips_policies = [ - policy.RuleDefault( - name=BASE_POLICY_NAME, - check_str=base.RULE_ADMIN_OR_OWNER), + base.create_rule_default( + BASE_POLICY_NAME, + base.RULE_ADMIN_OR_OWNER, + "Manage a project's floating IPs. These APIs are all deprecated.", + [ + { + 'method': 'POST', + 'path': '/servers/{server_id}/action (addFloatingIp)' + }, + { + 'method': 'POST', + 'path': '/servers/{server_id}/action (removeFloatingIp)' + }, + { + 'method': 'GET', + 'path': '/os-floating-ips' + }, + { + 'method': 'POST', + 'path': '/os-floating-ips' + }, + { + 'method': 'GET', + 'path': '/os-floating-ips/{floating_ip_id}' + }, + { + 'method': 'DELETE', + 'path': '/os-floating-ips/{floating_ip_id}' + }, + ]), ] diff --git a/nova/policies/floating_ips_bulk.py b/nova/policies/floating_ips_bulk.py index 66ad4a298332..c20abdee9ebf 100644 --- a/nova/policies/floating_ips_bulk.py +++ b/nova/policies/floating_ips_bulk.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -from oslo_policy import policy - from nova.policies import base @@ -22,9 +20,28 @@ BASE_POLICY_NAME = 'os_compute_api:os-floating-ips-bulk' floating_ips_bulk_policies = [ - policy.RuleDefault( - name=BASE_POLICY_NAME, - check_str=base.RULE_ADMIN_API), + base.create_rule_default( + BASE_POLICY_NAME, + base.RULE_ADMIN_API, + "Bulk-create, delete, and list floating IPs. API is deprecated.", + [ + { + 'method': 'GET', + 'path': '/os-floating-ips-bulk' + }, + { + 'method': 'POST', + 'path': '/os-floating-ips-bulk' + }, + { + 'method': 'PUT', + 'path': '/os-floating-ips-bulk/delete' + }, + { + 'method': 'GET', + 'path': '/os-floating-ips-bulk/{host_name}' + }, + ]), ]