diff --git a/nova/policies/attach_interfaces.py b/nova/policies/attach_interfaces.py index c9b6677d09..8b0cfd6a9d 100644 --- a/nova/policies/attach_interfaces.py +++ b/nova/policies/attach_interfaces.py @@ -24,11 +24,11 @@ POLICY_ROOT = 'os_compute_api:os-attach-interfaces:%s' attach_interfaces_policies = [ policy.DocumentedRuleDefault( - BASE_POLICY_NAME, - base.RULE_ADMIN_OR_OWNER, - "List port interfaces or show details of a port interface attached " - "to a server", - [ + name=BASE_POLICY_NAME, + check_str=base.RULE_ADMIN_OR_OWNER, + description="List port interfaces or show details of a port interface " + "attached to a server", + operations=[ { 'method': 'GET', 'path': '/servers/{server_id}/os-interface' @@ -37,27 +37,30 @@ attach_interfaces_policies = [ 'method': 'GET', 'path': '/servers/{server_id}/os-interface/{port_id}' } - ]), + ], + scope_types=['system', 'project']), policy.DocumentedRuleDefault( - POLICY_ROOT % 'create', - base.RULE_ADMIN_OR_OWNER, - "Attach an interface to a server", - [ + name=POLICY_ROOT % 'create', + check_str=base.RULE_ADMIN_OR_OWNER, + description="Attach an interface to a server", + operations=[ { 'method': 'POST', 'path': '/servers/{server_id}/os-interface' } - ]), + ], + scope_types=['system', 'project']), policy.DocumentedRuleDefault( - POLICY_ROOT % 'delete', - base.RULE_ADMIN_OR_OWNER, - "Detach an interface from a server", - [ + name=POLICY_ROOT % 'delete', + check_str=base.RULE_ADMIN_OR_OWNER, + description="Detach an interface from a server", + operations=[ { 'method': 'DELETE', 'path': '/servers/{server_id}/os-interface/{port_id}' } - ]) + ], + scope_types=['system', 'project']) ]