From: Salvatore Orlando Date: Fri, 31 May 2013 15:28:35 +0000 (+0200) Subject: Enable attribute-based policy on router:external_gateway_info X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=a9098d218836aa82dc07ba94156f0d553f2f87a7;p=openstack-build%2Fneutron-build.git Enable attribute-based policy on router:external_gateway_info Bug 1186081 This patch also removes a check on is_write in policy.py since the code block where that check is placed assumed already that is_write == True Change-Id: I21c54f63e1948675f67afb088c262dc5316c230d --- diff --git a/quantum/extensions/l3.py b/quantum/extensions/l3.py index 29379a10e..2fc27c68b 100644 --- a/quantum/extensions/l3.py +++ b/quantum/extensions/l3.py @@ -110,7 +110,8 @@ RESOURCE_ATTRIBUTE_MAP = { 'validate': {'type:string': None}, 'is_visible': True}, EXTERNAL_GW_INFO: {'allow_post': True, 'allow_put': True, - 'is_visible': True, 'default': None} + 'is_visible': True, 'default': None, + 'enforce_policy': True} }, 'floatingips': { 'id': {'allow_post': False, 'allow_put': False, diff --git a/quantum/extensions/l3_ext_gw_mode.py b/quantum/extensions/l3_ext_gw_mode.py index 1e53c473b..5c4311060 100644 --- a/quantum/extensions/l3_ext_gw_mode.py +++ b/quantum/extensions/l3_ext_gw_mode.py @@ -33,6 +33,7 @@ EXTENDED_ATTRIBUTES_2_0 = { 'allow_put': True, 'is_visible': True, 'default': None, + 'enforce_policy': True, 'validate': {'type:dict_or_nodata': {'network_id': {'type:uuid': None, 'required': True}, diff --git a/quantum/policy.py b/quantum/policy.py index 610e4c5b8..f20b63db5 100644 --- a/quantum/policy.py +++ b/quantum/policy.py @@ -167,7 +167,7 @@ def _build_match_rule(action, target): res_map[resource], target): attribute = res_map[resource][attribute_name] - if 'enforce_policy' in attribute and is_write: + if 'enforce_policy' in attribute: attr_rule = policy.RuleCheck('rule', '%s:%s' % (action, attribute_name)) match_rule = policy.AndCheck([match_rule, attr_rule])