From 38eecf71c7077c2507949990d00284fd3b3e81e3 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Thu, 8 Sep 2016 18:03:30 +0100
Subject: [PATCH] Update paste, policy and rootwrap configurations 2016-09-08

Change-Id: Ib2c0b9c44b2dfda01ebfd691026902a75d5cce1e
---
 files/rootwrap.d/volume.filters |  4 ----
 templates/policy.json.j2        | 13 +++++++++++++
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/files/rootwrap.d/volume.filters b/files/rootwrap.d/volume.filters
index 925df2d4..db642f3a 100644
--- a/files/rootwrap.d/volume.filters
+++ b/files/rootwrap.d/volume.filters
@@ -65,10 +65,6 @@ lvconvert: CommandFilter, lvconvert, root
 # cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
 iscsiadm: CommandFilter, iscsiadm, root
 
-# cinder/volume/drivers/lvm.py: 'shred', '-n3'
-# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB'
-shred: CommandFilter, shred, root
-
 # cinder/volume/utils.py: utils.temporary_chown(path, 0)
 chown: CommandFilter, chown, root
 
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 69d638d0..88183720 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -10,6 +10,7 @@
     "volume:get": "rule:admin_or_owner",
     "volume:get_all": "rule:admin_or_owner",
     "volume:get_volume_metadata": "rule:admin_or_owner",
+    "volume:create_volume_metadata": "rule:admin_or_owner",
     "volume:delete_volume_metadata": "rule:admin_or_owner",
     "volume:update_volume_metadata": "rule:admin_or_owner",
     "volume:get_volume_admin_metadata": "rule:admin_api",
@@ -114,6 +115,18 @@
     "group:access_group_types_specs": "rule:admin_api",
     "group:group_type_access": "rule:admin_or_owner",
 
+    "group:create" : "",
+    "group:delete": "rule:admin_or_owner",
+    "group:update": "rule:admin_or_owner",
+    "group:get": "rule:admin_or_owner",
+    "group:get_all": "rule:admin_or_owner",
+
+    "group:create_group_snapshot": "",
+    "group:delete_group_snapshot": "rule:admin_or_owner",
+    "group:update_group_snapshot": "rule:admin_or_owner",
+    "group:get_group_snapshot": "rule:admin_or_owner",
+    "group:get_all_group_snapshots": "rule:admin_or_owner",
+
     "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api",
     "message:delete": "rule:admin_or_owner",
     "message:get": "rule:admin_or_owner",