Consistently use utils functions for policy auth

The check_policy function exists in api utils, along with other more
complex policy utility functions. This change replaces direct calls to
authorize with calls to check_policy.

Having authorize calls consolidated in api utils may help with the
upcoming secure-rbac work.

Change-Id: If4779b08b9f360f4c2f4675c605aa519f6ea4778

1 files changed, 2 insertions, 5 deletions

diff --git a/ironic/api/controllers/v1/conductor.py b/ironic/api/controllers/v1/conductor.py
index c6e55a38f..61cbba78a 100644
--- a/ironic/api/controllers/v1/conductor.py
+++ b/ironic/api/controllers/v1/conductor.py
@@ -22,7 +22,6 @@ from ironic.api import method
 from ironic.common import args
 from ironic.common import exception
 from ironic.common.i18n import _
-from ironic.common import policy
 import ironic.conf
 from ironic import objects
 
@@ -122,8 +121,7 @@ class ConductorsController(rest.RestController):
         :param detail: Optional, boolean to indicate whether retrieve a list
                        of conductors with detail.
         """
-        cdict = api.request.context.to_policy_values()
-        policy.authorize('baremetal:conductor:get', cdict, cdict)
+        api_utils.check_policy('baremetal:conductor:get')
 
         if not api_utils.allow_expose_conductors():
             raise exception.NotFound()
@@ -149,8 +147,7 @@ class ConductorsController(rest.RestController):
         :param fields: Optional, a list with a specified set of fields
             of the resource to be returned.
         """
-        cdict = api.request.context.to_policy_values()
-        policy.authorize('baremetal:conductor:get', cdict, cdict)
+        api_utils.check_policy('baremetal:conductor:get')
 
         if not api_utils.allow_expose_conductors():
             raise exception.NotFound()