Merge "Add description to policies in security_groups.py"

2017-04-21 12:44:38 +00:00 · 2017-04-21 12:44:38 +00:00 · f817b5feca
parent be7f40c92b d10af69cb0
commit f817b5feca
1 changed files with 60 additions and 3 deletions
--- a/nova/policies/security_groups.py
+++ b/nova/policies/security_groups.py
@ -23,9 +23,66 @@ POLICY_ROOT = 'os_compute_api:os-security-groups:%s'


 security_groups_policies = [
-    policy.RuleDefault(
-        name=BASE_POLICY_NAME,
-        check_str=base.RULE_ADMIN_OR_OWNER),
+    base.create_rule_default(
+        BASE_POLICY_NAME,
+        base.RULE_ADMIN_OR_OWNER,
+        """This policy checks permission on security groups related APIs.
+
+APIs which are directly related to security groups resource are deprecated:
+Lists, shows information for, creates, updates and deletes
+security groups. Creates and deletes security group rules. All these
+API's are deprecated.
+
+APIs which are related to server resource are not deprecated:
+Lists Security Groups for a server. Add Security Group to a server
+and remove security group from a server. Expand security_groups in
+server representation""",
+    [
+        {
+            'method': 'GET',
+            'path': '/os-security-groups'
+        },
+        {
+            'method': 'GET',
+            'path': '/os-security-groups/{security_group_id}'
+        },
+        {
+            'method': 'POST',
+            'path': '/os-security-groups'
+        },
+        {
+            'method': 'PUT',
+            'path': '/os-security-groups/{security_group_id}'
+        },
+        {
+            'method': 'DELETE',
+            'path': '/os-security-groups/{security_group_id}'
+        },
+        {
+            'method': 'GET',
+            'path': '/servers/{server_id}/os-security-groups'
+        },
+        {
+            'method': 'POST',
+            'path': '/servers/{server_id}/action (addSecurityGroup)'
+        },
+        {
+            'method': 'POST',
+            'path': '/servers/{server_id}/action (removeSecurityGroup)'
+        },
+        {
+            'method': 'POST',
+            'path': '/servers'
+        },
+        {
+            'method': 'GET',
+            'path': '/servers/{server_id}'
+        },
+        {
+            'method': 'GET',
+            'path': '/servers/detail'
+        }
+    ]),
    policy.RuleDefault(
        name=POLICY_ROOT % 'discoverable',
        check_str=base.RULE_ANY),