]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 7dc3849)
Enable attribute-based policy on router:external_gateway_info
authorSalvatore Orlando <salv.orlando@gmail.com>
Fri, 31 May 2013 15:28:35 +0000 (17:28 +0200)
committerSalvatore Orlando <salv.orlando@gmail.com>
Fri, 14 Jun 2013 15:20:01 +0000 (17:20 +0200)
Bug 1186081

This patch also removes a check on is_write in policy.py since
the code block where that check is placed assumed already that
is_write == True

Change-Id: I21c54f63e1948675f67afb088c262dc5316c230d

quantum/extensions/l3.py patch | blob | history
quantum/extensions/l3_ext_gw_mode.py patch | blob | history
quantum/policy.py patch | blob | history

diff --git a/quantum/extensions/l3.py b/quantum/extensions/l3.py
index 29379a10e0acfbb952ddc64c62e4c3ace83289d7..2fc27c68bf96e5bc87c92838f14c920c4f27740f 100644 (file)
--- a/quantum/extensions/l3.py
+++ b/quantum/extensions/l3.py
@@ -110,7 +110,8 @@ RESOURCE_ATTRIBUTE_MAP = {
                       'validate': {'type:string': None},
                       'is_visible': True},
         EXTERNAL_GW_INFO: {'allow_post': True, 'allow_put': True,
-                           'is_visible': True, 'default': None}
+                           'is_visible': True, 'default': None,
+                           'enforce_policy': True}
     },
     'floatingips': {
         'id': {'allow_post': False, 'allow_put': False,
diff --git a/quantum/extensions/l3_ext_gw_mode.py b/quantum/extensions/l3_ext_gw_mode.py
index 1e53c473b5b38eae3ff097284065f29787ba337c..5c4311060481f5f3ceebb19e1af14ce48c1e5f3b 100644 (file)
--- a/quantum/extensions/l3_ext_gw_mode.py
+++ b/quantum/extensions/l3_ext_gw_mode.py
@@ -33,6 +33,7 @@ EXTENDED_ATTRIBUTES_2_0 = {
                  'allow_put': True,
                  'is_visible': True,
                  'default': None,
+                 'enforce_policy': True,
                  'validate':
                  {'type:dict_or_nodata':
                   {'network_id': {'type:uuid': None, 'required': True},
diff --git a/quantum/policy.py b/quantum/policy.py
index 610e4c5b8581669d35c8b09c209fe2a0797391a9..f20b63db555234f79f3409df4e30dfe6f7f34ef7 100644 (file)
--- a/quantum/policy.py
+++ b/quantum/policy.py
@@ -167,7 +167,7 @@ def _build_match_rule(action, target):
                                                 res_map[resource],
                                                 target):
                     attribute = res_map[resource][attribute_name]
-                    if 'enforce_policy' in attribute and is_write:
+                    if 'enforce_policy' in attribute:
                         attr_rule = policy.RuleCheck('rule', '%s:%s' %
                                                      (action, attribute_name))
                         match_rule = policy.AndCheck([match_rule, attr_rule])