diff --git a/etc/nova/policy.json b/etc/nova/policy.json index 1603cfde45..2f63cd90ea 100644 --- a/etc/nova/policy.json +++ b/etc/nova/policy.json @@ -312,6 +312,7 @@ "os_compute_api:os-cloudpipe": "rule:admin_api", "os_compute_api:os-cloudpipe:discoverable": "@", "os_compute_api:os-config-drive": "rule:admin_or_owner", + "os_compute_api:os-config-drive:discoverable": "@", "os_compute_api:os-consoles:discoverable": "@", "os_compute_api:os-consoles:create": "rule:admin_or_owner", "os_compute_api:os-consoles:delete": "rule:admin_or_owner", @@ -493,5 +494,7 @@ "os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api", "os_compute_api:os-assisted-volume-snapshots:discoverable": "@", "os_compute_api:os-console-auth-tokens": "rule:admin_api", - "os_compute_api:os-server-external-events:create": "rule:admin_api" + "os_compute_api:os-console-auth-tokens:discoverable": "@", + "os_compute_api:os-server-external-events:create": "rule:admin_api", + "os_compute_api:os-server-external-events:discoverable": "@" } diff --git a/nova/tests/unit/test_policy.py b/nova/tests/unit/test_policy.py index 0c56d22fbb..2c08b53bb0 100644 --- a/nova/tests/unit/test_policy.py +++ b/nova/tests/unit/test_policy.py @@ -643,6 +643,7 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "os_compute_api:os-cells:discoverable", "os_compute_api:os-certificates:discoverable", "os_compute_api:os-cloudpipe:discoverable", +"os_compute_api:os-config-drive:discoverable", "os_compute_api:os-consoles:discoverable", "os_compute_api:os-console-output:discoverable", "os_compute_api:os-remote-consoles:discoverable", @@ -716,6 +717,8 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "os_compute_api:os-used-limits:discoverable", "os_compute_api:os-migrations:discoverable", "os_compute_api:os-assisted-volume-snapshots:discoverable", +"os_compute_api:os-console-auth-tokens:discoverable", +"os_compute_api:os-server-external-events:discoverable", ) def test_all_rules_in_sample_file(self):