diff options
Diffstat (limited to 'designate/common/policies/context.py')
-rw-r--r-- | designate/common/policies/context.py | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/designate/common/policies/context.py b/designate/common/policies/context.py index 08a528f3..81ab54d5 100644 --- a/designate/common/policies/context.py +++ b/designate/common/policies/context.py @@ -13,28 +13,62 @@ # under the License. +from oslo_log import versionutils from oslo_policy import policy from designate.common.policies import base +deprecated_all_tenants = policy.DeprecatedRule( + name="all_tenants", + check_str=base.RULE_ADMIN, + deprecated_reason=base.DEPRECATED_REASON, + deprecated_since=versionutils.deprecated.WALLABY +) +deprecated_edit_managed_records = policy.DeprecatedRule( + name="edit_managed_records", + check_str=base.RULE_ADMIN, + deprecated_reason=base.DEPRECATED_REASON, + deprecated_since=versionutils.deprecated.WALLABY +) +deprecated_use_low_ttl = policy.DeprecatedRule( + name="use_low_ttl", + check_str=base.RULE_ADMIN, + deprecated_reason=base.DEPRECATED_REASON, + deprecated_since=versionutils.deprecated.WALLABY +) +deprecated_use_sudo = policy.DeprecatedRule( + name="use_sudo", + check_str=base.RULE_ADMIN, + deprecated_reason=base.DEPRECATED_REASON, + deprecated_since=versionutils.deprecated.WALLABY +) + rules = [ policy.RuleDefault( name="all_tenants", - check_str=base.RULE_ADMIN, - description='Action on all tenants.'), + check_str=base.SYSTEM_ADMIN, + scope_types=['system'], + description='Action on all tenants.', + deprecated_rule=deprecated_all_tenants), policy.RuleDefault( name="edit_managed_records", - check_str=base.RULE_ADMIN, - description='Edit managed records.'), + check_str=base.SYSTEM_ADMIN, + scope_types=['system'], + description='Edit managed records.', + deprecated_rule=deprecated_edit_managed_records), policy.RuleDefault( name="use_low_ttl", - check_str=base.RULE_ADMIN, - description='Use low TTL.'), + check_str=base.SYSTEM_ADMIN, + scope_types=['system'], + description='Use low TTL.', + deprecated_rule=deprecated_use_low_ttl), policy.RuleDefault( name="use_sudo", - check_str=base.RULE_ADMIN, - description='Accept sudo from user to tenant.') + check_str=base.SYSTEM_ADMIN, + scope_types=['system'], + description='Accept sudo from user to tenant.', + deprecated_rule=deprecated_use_sudo) ] |