From 3a9dc30de9aaa27d6713947862835cd5af466bc4 Mon Sep 17 00:00:00 2001
From: Mitsuhiro Tanino <mitsuhiro.tanino@hds.com>
Date: Thu, 5 May 2016 19:06:48 -0400
Subject: [PATCH] Add upload_image API role-based access policy

This patch adds role-based access policy for
upload_image API to etc/cinder/policy.json file.

"volume_extension:volume_actions:upload_image": "rule:admin_or_owner",

cinder/tests/unit/policy.json file already has
policy for this API.

Change-Id: I6ef30f870fe6bf1bcb818d254697ead8dc461ab6
Closes-Bug: #1578856
---
 etc/cinder/policy.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json
index 461ba7be548..1969f53613b 100644
--- a/etc/cinder/policy.json
+++ b/etc/cinder/policy.json
@@ -53,6 +53,7 @@
     "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",
 
     "volume_extension:volume_actions:upload_public": "rule:admin_api",
+    "volume_extension:volume_actions:upload_image": "rule:admin_or_owner",
 
     "volume_extension:volume_host_attribute": "rule:admin_api",
     "volume_extension:volume_tenant_attribute": "rule:admin_or_owner",