From 4b6092fb395d46eea654b77e02c8b98aab72c6b8 Mon Sep 17 00:00:00 2001 From: Kevin_Zheng Date: Wed, 22 Mar 2017 17:29:06 +0800 Subject: [PATCH] Add description to policies in lock_server.py blueprint policy-docs Change-Id: I85a6ddee3c398bd6f8c40b8aabd85b31a4492dec --- nova/policies/lock_server.py | 45 ++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/nova/policies/lock_server.py b/nova/policies/lock_server.py index 5efbcf45f4..877113f945 100644 --- a/nova/policies/lock_server.py +++ b/nova/policies/lock_server.py @@ -25,15 +25,42 @@ lock_server_policies = [ policy.RuleDefault( name=POLICY_ROOT % 'discoverable', check_str=base.RULE_ANY), - policy.RuleDefault( - name=POLICY_ROOT % 'lock', - check_str=base.RULE_ADMIN_OR_OWNER), - policy.RuleDefault( - name=POLICY_ROOT % 'unlock:unlock_override', - check_str=base.RULE_ADMIN_API), - policy.RuleDefault( - name=POLICY_ROOT % 'unlock', - check_str=base.RULE_ADMIN_OR_OWNER), + base.create_rule_default( + POLICY_ROOT % 'lock', + base.RULE_ADMIN_OR_OWNER, + "Lock a server", + [ + { + 'path': '/servers/{server_id}/action (lock)', + 'method': 'POST' + } + ] + ), + base.create_rule_default( + POLICY_ROOT % 'unlock', + base.RULE_ADMIN_OR_OWNER, + "Unlock a server", + [ + { + 'path': '/servers/{server_id}/action (unlock)', + 'method': 'POST' + } + ] + ), + base.create_rule_default( + POLICY_ROOT % 'unlock:unlock_override', + base.RULE_ADMIN_API, + """Unlock a server, regardless who locked the server. + + This check is performed only after the check + os_compute_api:os-lock-server:unlock passes""", + [ + { + 'path': '/servers/{server_id}/action (unlock)', + 'method': 'POST' + } + ] + ), ]