From: Aaron Rosen <arosen@nicira.com>
Date: Fri, 31 May 2013 02:33:55 +0000 (-0700)
Subject: Add L3 resources to policy.json
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=6f9fdcb3a152da3f2954589a1bd20064f2d7faea;p=openstack-build%2Fneutron-build.git

Add L3 resources to policy.json

This patch adds the l3 resources to policy.json. I tested changing the
rule to rule:admin_only for all the resources added and they were
enforced as expected.

Fixes bug 1186077

Change-Id: Ib5e2879165d9dc6416be4c96c62d6e49452d3be5
---

diff --git a/etc/policy.json b/etc/policy.json
index d62a724f7..6e31a33c5 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -73,5 +73,16 @@
     "delete_l3-router": "rule:admin_only",
     "get_l3-routers": "rule:admin_only",
     "get_dhcp-agents": "rule:admin_only",
-    "get_l3-agents": "rule:admin_only"
+    "get_l3-agents": "rule:admin_only",
+
+    "create_router": "rule:regular_user",
+    "get_router": "rule:admin_or_owner",
+    "update_router:add_router_interface": "rule:admin_or_owner",
+    "update_router:remove_router_interface": "rule:admin_or_owner",
+    "delete_router": "rule:admin_or_owner",
+
+    "create_floatingip": "rule:regular_user",
+    "update_floatingip": "rule:admin_or_owner",
+    "delete_floatingip": "rule:admin_or_owner",
+    "get_floatingip": "rule:admin_or_owner"
 }