Add policy files specific to NSX plugins

This patch simply adds a 'policy' directory with a few json
files into ./etc/neutron/plugins/vmware to provide default
policies specific to the VMware NSX plugin family.

These policy files can be loaded leveraging the policy_dirs
configuration option.

Change-Id: Icce41a6ee63715bc145694f27a2166a7fa884dba

diff --git a/etc/neutron/plugins/vmware/policy/network-gateways.json b/etc/neutron/plugins/vmware/policy/network-gateways.json
new file mode 100644 (file)
index 0000000..4857507
--- /dev/null
+++ b/etc/neutron/plugins/vmware/policy/network-gateways.json
@@ -0,0 +1,10 @@
+{
+    "create_network_gateway": "rule:admin_or_owner",
+    "update_network_gateway": "rule:admin_or_owner",
+    "delete_network_gateway": "rule:admin_or_owner",
+    "connect_network": "rule:admin_or_owner",
+    "disconnect_network": "rule:admin_or_owner",
+    "create_gateway_device": "rule:admin_or_owner",
+    "update_gateway_device": "rule:admin_or_owner",
+    "delete_gateway_device": "rule_admin_or_owner"
+}

diff --git a/etc/neutron/plugins/vmware/policy/routers.json b/etc/neutron/plugins/vmware/policy/routers.json
new file mode 100644 (file)
index 0000000..48665db
--- /dev/null
+++ b/etc/neutron/plugins/vmware/policy/routers.json
@@ -0,0 +1,7 @@
+{
+    "create_router:external_gateway_info:enable_snat": "rule:admin_or_owner",
+    "create_router:distributed": "rule:admin_or_owner",
+    "get_router:distributed": "rule:admin_or_owner",
+    "update_router:external_gateway_info:enable_snat": "rule:admin_or_owner",
+    "update_router:distributed": "rule:admin_or_owner"
+}