Define missing policies for attributes with enforce_policy
Some attributes defined with enforce_policy True in the API definitions are missing in the in-code policy definiton. This commit adds them. Partially Implements: blueprint neutron-policy-in-code Change-Id: I820d6c95e9af7959b4edfc6557862a5b2c236ee7
This commit is contained in:
parent
15c782b5a1
commit
b0ed6bb04e
|
@ -37,6 +37,11 @@ rules = [
|
|||
'create_network:is_default',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
description='Access rule for creating network with is_default'),
|
||||
policy.RuleDefault(
|
||||
'create_network:port_security_enabled',
|
||||
base.RULE_ANY,
|
||||
description=('Access rule for creating network '
|
||||
'with port_security_enabled')),
|
||||
policy.RuleDefault(
|
||||
'create_network:segments',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
|
@ -120,6 +125,16 @@ rules = [
|
|||
base.RULE_ADMIN_ONLY,
|
||||
description=('Access rule for updating router:external attribute '
|
||||
'of network')),
|
||||
policy.RuleDefault(
|
||||
'update_network:is_default',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
description=('Access rule for updating is_default attribute '
|
||||
'of network')),
|
||||
policy.RuleDefault(
|
||||
'update_network:port_security_enabled',
|
||||
base.RULE_ADMIN_OR_OWNER,
|
||||
description=('Access rule for updating port_security_enabled '
|
||||
'attribute of network')),
|
||||
|
||||
policy.RuleDefault(
|
||||
'delete_network',
|
||||
|
|
|
@ -75,7 +75,11 @@ rules = [
|
|||
base.RULE_ADMIN_ONLY,
|
||||
description=('Access rule for creating '
|
||||
'port with binding profile')),
|
||||
# TODO(amotoki): Add create_port:binding:vnic_type
|
||||
policy.RuleDefault(
|
||||
'create_port:binding:vnic_type',
|
||||
base.RULE_ANY,
|
||||
description=('Access rule for creating '
|
||||
'port with binding vnic_type')),
|
||||
policy.RuleDefault(
|
||||
'create_port:allowed_address_pairs',
|
||||
base.RULE_ADMIN_OR_NET_OWNER,
|
||||
|
@ -157,7 +161,11 @@ rules = [
|
|||
'update_port:binding:profile',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
description='Access rule for updating binding profile of port'),
|
||||
# TODO(amotoki): Add update_port:binding:vnic_type
|
||||
policy.RuleDefault(
|
||||
'update_port:binding:vnic_type',
|
||||
base.policy_or(base.RULE_ADMIN_OR_OWNER,
|
||||
base.RULE_ADVSVC),
|
||||
description='Access rule for updating binding vnic_type of port'),
|
||||
policy.RuleDefault(
|
||||
'update_port:allowed_address_pairs',
|
||||
base.RULE_ADMIN_OR_NET_OWNER,
|
||||
|
|
|
@ -38,6 +38,10 @@ rules = [
|
|||
policy.RuleDefault('update_subnet',
|
||||
base.RULE_ADMIN_OR_NET_OWNER,
|
||||
description='Access rule for updating subnet'),
|
||||
policy.RuleDefault('update_subnet:segment_id',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
description=('Access rule for updating segment_id '
|
||||
'attribute of subnet')),
|
||||
policy.RuleDefault('update_subnet:service_types',
|
||||
base.RULE_ADMIN_ONLY,
|
||||
description=('Access rule for updating '
|
||||
|
|
Loading…
Reference in New Issue