Adds default policy rule for resources limited to administrator

Adds default policy rule for resources which are limited to administrator, to forbid non-admin to create these resources at the very start. Change-Id: I9e1ef86f0c44bce5bde3f9e26e1f2b9cb3aef06d Closes-Bug: #1582187
2016-05-17 16:55:45 +08:00
parent c9aff2fc73
commit a52b821857
2 changed files with 72 additions and 12 deletions
--- a/etc/heat/policy.json
+++ b/etc/heat/policy.json
@@ -82,5 +82,11 @@

    "service:index": "rule:context_is_admin",

-    "resource_types:OS::Nova::Flavor": "rule:context_is_admin"
+    "resource_types:OS::Nova::Flavor": "rule:context_is_admin",
+    "resource_types:OS::Cinder::EncryptedVolumeType": "rule:context_is_admin",
+    "resource_types:OS::Cinder::VolumeType": "rule:context_is_admin",
+    "resource_types:OS::Manila::ShareType": "rule:context_is_admin",
+    "resource_types:OS::Neutron::QoSPolicy": "rule:context_is_admin",
+    "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:context_is_admin",
+    "resource_types:OS::Nova::HostAggregate": "rule:context_is_admin"
 }