Browse Source

Merge "Convert policy.json into policy-in-code"

Zuul 1 month ago
parent
commit
29ae6f64a7

+ 0
- 1
devstack/plugin.sh View File

@@ -14,7 +14,6 @@ elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
14 14
     if is_service_enabled neutron-api || is_service_enabled q-svc; then
15 15
         echo_summary "Configuring networking-bgpvpn"
16 16
         neutron_service_plugin_class_add bgpvpn
17
-        mkdir -v -p $NEUTRON_CONF_DIR/policy.d && cp -v $NETWORKING_BGPVPN_DIR/etc/neutron/policy.d/bgpvpn.conf $NEUTRON_CONF_DIR/policy.d
18 17
         mkdir -v -p $(dirname $NETWORKING_BGPVPN_CONF) && cp -v $NETWORKING_BGPVPN_DIR/etc/neutron/networking_bgpvpn.conf $NETWORKING_BGPVPN_CONF
19 18
         inicomment $NETWORKING_BGPVPN_CONF service_providers service_provider
20 19
         iniadd $NETWORKING_BGPVPN_CONF service_providers service_provider $NETWORKING_BGPVPN_DRIVER

+ 0
- 45
etc/neutron/policy.d/bgpvpn.conf View File

@@ -1,45 +0,0 @@
1
-{
2
-    "admin_only": "rule:context_is_admin",
3
-    "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
4
-
5
-    "create_bgpvpn": "rule:admin_only",
6
-
7
-    "get_bgpvpn": "rule:admin_or_owner",
8
-    "get_bgpvpn:tenant_id": "rule:admin_only",
9
-    "get_bgpvpn:route_targets": "rule:admin_only",
10
-    "get_bgpvpn:import_targets": "rule:admin_only",
11
-    "get_bgpvpn:export_targets": "rule:admin_only",
12
-    "get_bgpvpn:route_distinguishers": "rule:admin_only",
13
-    "get_bgpvpn:vni": "rule:admin_only",
14
-
15
-    "update_bgpvpn": "rule:admin_or_owner",
16
-    "update_bgpvpn:tenant_id": "rule:admin_only",
17
-    "update_bgpvpn:route_targets": "rule:admin_only",
18
-    "update_bgpvpn:import_targets": "rule:admin_only",
19
-    "update_bgpvpn:export_targets": "rule:admin_only",
20
-    "update_bgpvpn:route_distinguishers": "rule:admin_only",
21
-    "update_bgpvpn:vni": "rule:admin_only",
22
-
23
-    "delete_bgpvpn": "rule:admin_only",
24
-
25
-    "create_bgpvpn_network_association": "rule:admin_or_owner",
26
-    "get_bgpvpn_network_association": "rule:admin_or_owner",
27
-    "get_bgpvpn_network_association:tenant_id": "rule:admin_only",
28
-    "get_bgpvpn_network_associations": "rule:admin_or_owner",
29
-    "update_bgpvpn_network_association": "rule:admin_or_owner",
30
-    "delete_bgpvpn_network_association": "rule:admin_or_owner",
31
-
32
-    "create_bgpvpn_router_association": "rule:admin_or_owner",
33
-    "get_bgpvpn_router_association": "rule:admin_or_owner",
34
-    "get_bgpvpn_router_association:tenant_id": "rule:admin_only",
35
-    "get_bgpvpn_router_associations": "rule:admin_or_owner",
36
-    "update_bgpvpn_router_association": "rule:admin_or_owner",
37
-    "delete_bgpvpn_router_association": "rule:admin_or_owner",
38
-
39
-    "create_bgpvpn_port_association": "rule:admin_or_owner",
40
-    "get_bgpvpn_port_association": "rule:admin_or_owner",
41
-    "get_bgpvpn_port_association:tenant_id": "rule:admin_only",
42
-    "get_bgpvpn_port_associations": "rule:admin_or_owner",
43
-    "update_bgpvpn_port_association": "rule:admin_or_owner",
44
-    "delete_bgpvpn_port_association": "rule:admin_or_owner"
45
-}

+ 3
- 0
etc/oslo-policy-generator/policy.conf View File

@@ -0,0 +1,3 @@
1
+[DEFAULT]
2
+output_file = etc/policy.yaml.sample
3
+namespace = networking-bgpvpn

+ 27
- 0
networking_bgpvpn/policies/__init__.py View File

@@ -0,0 +1,27 @@
1
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#    not use this file except in compliance with the License. You may obtain
3
+#    a copy of the License at
4
+#
5
+#         http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#    Unless required by applicable law or agreed to in writing, software
8
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#    License for the specific language governing permissions and limitations
11
+#    under the License.
12
+
13
+import itertools
14
+
15
+from networking_bgpvpn.policies import bgpvpn
16
+from networking_bgpvpn.policies import network_association
17
+from networking_bgpvpn.policies import port_association
18
+from networking_bgpvpn.policies import router_association
19
+
20
+
21
+def list_rules():
22
+    return itertools.chain(
23
+        bgpvpn.list_rules(),
24
+        network_association.list_rules(),
25
+        router_association.list_rules(),
26
+        port_association.list_rules(),
27
+    )

+ 17
- 0
networking_bgpvpn/policies/base.py View File

@@ -0,0 +1,17 @@
1
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#  not use this file except in compliance with the License. You may obtain
3
+#  a copy of the License at
4
+#
5
+#       http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#  Unless required by applicable law or agreed to in writing, software
8
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#  License for the specific language governing permissions and limitations
11
+#  under the License.
12
+
13
+
14
+# TODO(amotoki): Define these in neutron or neutron-lib
15
+RULE_ADMIN_OR_OWNER = 'rule:admin_or_owner'
16
+RULE_ADMIN_ONLY = 'rule:admin_only'
17
+RULE_ANY = 'rule:regular_user'

+ 232
- 0
networking_bgpvpn/policies/bgpvpn.py View File

@@ -0,0 +1,232 @@
1
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#  not use this file except in compliance with the License. You may obtain
3
+#  a copy of the License at
4
+#
5
+#       http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#  Unless required by applicable law or agreed to in writing, software
8
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#  License for the specific language governing permissions and limitations
11
+#  under the License.
12
+
13
+from oslo_policy import policy
14
+
15
+from networking_bgpvpn.policies import base
16
+
17
+
18
+rules = [
19
+    policy.DocumentedRuleDefault(
20
+        'create_bgpvpn',
21
+        base.RULE_ADMIN_ONLY,
22
+        'Create a BGP VPN',
23
+        [
24
+            {
25
+                'method': 'POST',
26
+                'path': '/bgpvpn/bgpvpns',
27
+            },
28
+        ]
29
+    ),
30
+
31
+    policy.DocumentedRuleDefault(
32
+        'update_bgpvpn',
33
+        base.RULE_ADMIN_OR_OWNER,
34
+        'Update a BGP VPN',
35
+        [
36
+            {
37
+                'method': 'PUT',
38
+                'path': '/bgpvpn/bgpvpns/{id}',
39
+            },
40
+        ]
41
+    ),
42
+    # TODO(amotoki): tenant_id is not updatable, so perhaps this can be dropped
43
+    policy.DocumentedRuleDefault(
44
+        'update_bgpvpn:tenant_id',
45
+        base.RULE_ADMIN_ONLY,
46
+        'Update ``tenant_id`` attribute of a BGP VPN',
47
+        [
48
+            {
49
+                'method': 'PUT',
50
+                'path': '/bgpvpn/bgpvpns/{id}',
51
+            },
52
+        ]
53
+    ),
54
+    policy.DocumentedRuleDefault(
55
+        'update_bgpvpn:route_targets',
56
+        base.RULE_ADMIN_ONLY,
57
+        'Update ``route_targets`` attribute of a BGP VPN',
58
+        [
59
+            {
60
+                'method': 'PUT',
61
+                'path': '/bgpvpn/bgpvpns/{id}',
62
+            },
63
+        ]
64
+    ),
65
+    policy.DocumentedRuleDefault(
66
+        'update_bgpvpn:import_targets',
67
+        base.RULE_ADMIN_ONLY,
68
+        'Update ``import_targets`` attribute of a BGP VPN',
69
+        [
70
+            {
71
+                'method': 'PUT',
72
+                'path': '/bgpvpn/bgpvpns/{id}',
73
+            },
74
+        ]
75
+    ),
76
+    policy.DocumentedRuleDefault(
77
+        'update_bgpvpn:export_targets',
78
+        base.RULE_ADMIN_ONLY,
79
+        'Update ``export_targets`` attribute of a BGP VPN',
80
+        [
81
+            {
82
+                'method': 'PUT',
83
+                'path': '/bgpvpn/bgpvpns/{id}',
84
+            },
85
+        ]
86
+    ),
87
+    policy.DocumentedRuleDefault(
88
+        'update_bgpvpn:route_distinguishers',
89
+        base.RULE_ADMIN_ONLY,
90
+        'Update ``route_distinguishers`` attribute of a BGP VPN',
91
+        [
92
+            {
93
+                'method': 'PUT',
94
+                'path': '/bgpvpn/bgpvpns/{id}',
95
+            },
96
+        ]
97
+    ),
98
+    # TODO(amotoki): vni is not updatable, so perhaps this can be dropped
99
+    policy.DocumentedRuleDefault(
100
+        'update_bgpvpn:vni',
101
+        base.RULE_ADMIN_ONLY,
102
+        'Update ``vni`` attribute of a BGP VPN',
103
+        [
104
+            {
105
+                'method': 'PUT',
106
+                'path': '/bgpvpn/bgpvpns/{id}',
107
+            },
108
+        ]
109
+    ),
110
+
111
+    policy.DocumentedRuleDefault(
112
+        'delete_bgpvpn',
113
+        base.RULE_ADMIN_ONLY,
114
+        'Delete a BGP VPN',
115
+        [
116
+            {
117
+                'method': 'DELETE',
118
+                'path': '/bgpvpn/bgpvpns/{id}',
119
+            },
120
+        ]
121
+    ),
122
+    policy.DocumentedRuleDefault(
123
+        'get_bgpvpn',
124
+        base.RULE_ADMIN_OR_OWNER,
125
+        'Get BGP VPNs',
126
+        [
127
+            {
128
+                'method': 'GET',
129
+                'path': '/bgpvpn/bgpvpns',
130
+            },
131
+            {
132
+                'method': 'GET',
133
+                'path': '/bgpvpn/bgpvpns/{id}',
134
+            },
135
+        ]
136
+    ),
137
+
138
+    policy.DocumentedRuleDefault(
139
+        'get_bgpvpn:tenant_id',
140
+        base.RULE_ADMIN_ONLY,
141
+        'Get ``tenant_id`` attributes of BGP VPNs',
142
+        [
143
+            {
144
+                'method': 'GET',
145
+                'path': '/bgpvpn/bgpvpns',
146
+            },
147
+            {
148
+                'method': 'GET',
149
+                'path': '/bgpvpn/bgpvpns/{id}',
150
+            },
151
+        ]
152
+    ),
153
+    policy.DocumentedRuleDefault(
154
+        'get_bgpvpn:route_targets',
155
+        base.RULE_ADMIN_ONLY,
156
+        'Get ``route_targets`` attributes of BGP VPNs',
157
+        [
158
+            {
159
+                'method': 'GET',
160
+                'path': '/bgpvpn/bgpvpns',
161
+            },
162
+            {
163
+                'method': 'GET',
164
+                'path': '/bgpvpn/bgpvpns/{id}',
165
+            },
166
+        ]
167
+    ),
168
+    policy.DocumentedRuleDefault(
169
+        'get_bgpvpn:import_targets',
170
+        base.RULE_ADMIN_ONLY,
171
+        'Get ``import_targets`` attributes of BGP VPNs',
172
+        [
173
+            {
174
+                'method': 'GET',
175
+                'path': '/bgpvpn/bgpvpns',
176
+            },
177
+            {
178
+                'method': 'GET',
179
+                'path': '/bgpvpn/bgpvpns/{id}',
180
+            },
181
+        ]
182
+    ),
183
+    policy.DocumentedRuleDefault(
184
+        'get_bgpvpn:export_targets',
185
+        base.RULE_ADMIN_ONLY,
186
+        'Get ``export_targets`` attributes of  BGP VPNs',
187
+        [
188
+            {
189
+                'method': 'GET',
190
+                'path': '/bgpvpn/bgpvpns',
191
+            },
192
+            {
193
+                'method': 'GET',
194
+                'path': '/bgpvpn/bgpvpns/{id}',
195
+            },
196
+        ]
197
+    ),
198
+    policy.DocumentedRuleDefault(
199
+        'get_bgpvpn:route_distinguishers',
200
+        base.RULE_ADMIN_ONLY,
201
+        'Get ``route_distinguishers`` attributes of BGP VPNs',
202
+        [
203
+            {
204
+                'method': 'GET',
205
+                'path': '/bgpvpn/bgpvpns',
206
+            },
207
+            {
208
+                'method': 'GET',
209
+                'path': '/bgpvpn/bgpvpns/{id}',
210
+            },
211
+        ]
212
+    ),
213
+    policy.DocumentedRuleDefault(
214
+        'get_bgpvpn:vni',
215
+        base.RULE_ADMIN_ONLY,
216
+        'Get ``vni`` attributes of BGP VPNs',
217
+        [
218
+            {
219
+                'method': 'GET',
220
+                'path': '/bgpvpn/bgpvpns',
221
+            },
222
+            {
223
+                'method': 'GET',
224
+                'path': '/bgpvpn/bgpvpns/{id}',
225
+            },
226
+        ]
227
+    ),
228
+]
229
+
230
+
231
+def list_rules():
232
+    return rules

+ 91
- 0
networking_bgpvpn/policies/network_association.py View File

@@ -0,0 +1,91 @@
1
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#  not use this file except in compliance with the License. You may obtain
3
+#  a copy of the License at
4
+#
5
+#       http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#  Unless required by applicable law or agreed to in writing, software
8
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#  License for the specific language governing permissions and limitations
11
+#  under the License.
12
+
13
+from oslo_policy import policy
14
+
15
+from networking_bgpvpn.policies import base
16
+
17
+
18
+rules = [
19
+    policy.DocumentedRuleDefault(
20
+        'create_bgpvpn_network_association',
21
+        base.RULE_ADMIN_OR_OWNER,
22
+        'Create a network association',
23
+        [
24
+            {
25
+                'method': 'POST',
26
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/network_associations',
27
+            },
28
+        ]
29
+    ),
30
+    # TODO(amotoki): PUT operation is not defined in the API ref. Drop it?
31
+    policy.DocumentedRuleDefault(
32
+        'update_bgpvpn_network_association',
33
+        base.RULE_ADMIN_OR_OWNER,
34
+        'Update a network association',
35
+        [
36
+            {
37
+                'method': 'PUT',
38
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
39
+                         'network_associations/{network_association_id}'),
40
+            },
41
+        ]
42
+    ),
43
+    policy.DocumentedRuleDefault(
44
+        'delete_bgpvpn_network_association',
45
+        base.RULE_ADMIN_OR_OWNER,
46
+        'Delete a network association',
47
+        [
48
+            {
49
+                'method': 'DELETE',
50
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
51
+                         'network_associations/{network_association_id}'),
52
+            },
53
+        ]
54
+    ),
55
+    policy.DocumentedRuleDefault(
56
+        'get_bgpvpn_network_association',
57
+        base.RULE_ADMIN_OR_OWNER,
58
+        'Get network associations',
59
+        [
60
+            {
61
+                'method': 'GET',
62
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/network_associations',
63
+            },
64
+            {
65
+                'method': 'GET',
66
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
67
+                         'network_associations/{network_association_id}'),
68
+            },
69
+        ]
70
+    ),
71
+    policy.DocumentedRuleDefault(
72
+        'get_bgpvpn_network_association:tenant_id',
73
+        base.RULE_ADMIN_ONLY,
74
+        'Get ``tenant_id`` attributes of network associations',
75
+        [
76
+            {
77
+                'method': 'GET',
78
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/network_associations',
79
+            },
80
+            {
81
+                'method': 'GET',
82
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
83
+                         'network_associations/{network_association_id}'),
84
+            },
85
+        ]
86
+    ),
87
+]
88
+
89
+
90
+def list_rules():
91
+    return rules

+ 90
- 0
networking_bgpvpn/policies/port_association.py View File

@@ -0,0 +1,90 @@
1
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#  not use this file except in compliance with the License. You may obtain
3
+#  a copy of the License at
4
+#
5
+#       http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#  Unless required by applicable law or agreed to in writing, software
8
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#  License for the specific language governing permissions and limitations
11
+#  under the License.
12
+
13
+from oslo_policy import policy
14
+
15
+from networking_bgpvpn.policies import base
16
+
17
+
18
+rules = [
19
+    policy.DocumentedRuleDefault(
20
+        'create_bgpvpn_port_association',
21
+        base.RULE_ADMIN_OR_OWNER,
22
+        'Create a port association',
23
+        [
24
+            {
25
+                'method': 'POST',
26
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/port_associations',
27
+            },
28
+        ]
29
+    ),
30
+    policy.DocumentedRuleDefault(
31
+        'update_bgpvpn_port_association',
32
+        base.RULE_ADMIN_OR_OWNER,
33
+        'Update a port association',
34
+        [
35
+            {
36
+                'method': 'PUT',
37
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
38
+                         'port_associations/{port_association_id}'),
39
+            },
40
+        ]
41
+    ),
42
+    policy.DocumentedRuleDefault(
43
+        'delete_bgpvpn_port_association',
44
+        base.RULE_ADMIN_OR_OWNER,
45
+        'Delete a port association',
46
+        [
47
+            {
48
+                'method': 'DELETE',
49
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
50
+                         'port_associations/{port_association_id}'),
51
+            },
52
+        ]
53
+    ),
54
+    policy.DocumentedRuleDefault(
55
+        'get_bgpvpn_port_association',
56
+        base.RULE_ADMIN_OR_OWNER,
57
+        'Get port associations',
58
+        [
59
+            {
60
+                'method': 'GET',
61
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/port_associations',
62
+            },
63
+            {
64
+                'method': 'GET',
65
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
66
+                         'port_associations/{port_association_id}'),
67
+            },
68
+        ]
69
+    ),
70
+    policy.DocumentedRuleDefault(
71
+        'get_bgpvpn_port_association:tenant_id',
72
+        base.RULE_ADMIN_ONLY,
73
+        'Get ``tenant_id`` attributes of port associations',
74
+        [
75
+            {
76
+                'method': 'GET',
77
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/port_associations',
78
+            },
79
+            {
80
+                'method': 'GET',
81
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
82
+                         'port_associations/{port_association_id}'),
83
+            },
84
+        ]
85
+    ),
86
+]
87
+
88
+
89
+def list_rules():
90
+    return rules

+ 90
- 0
networking_bgpvpn/policies/router_association.py View File

@@ -0,0 +1,90 @@
1
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
2
+#  not use this file except in compliance with the License. You may obtain
3
+#  a copy of the License at
4
+#
5
+#       http://www.apache.org/licenses/LICENSE-2.0
6
+#
7
+#  Unless required by applicable law or agreed to in writing, software
8
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10
+#  License for the specific language governing permissions and limitations
11
+#  under the License.
12
+
13
+from oslo_policy import policy
14
+
15
+from networking_bgpvpn.policies import base
16
+
17
+
18
+rules = [
19
+    policy.DocumentedRuleDefault(
20
+        'create_bgpvpn_router_association',
21
+        base.RULE_ADMIN_OR_OWNER,
22
+        'Create a router association',
23
+        [
24
+            {
25
+                'method': 'POST',
26
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/router_associations',
27
+            },
28
+        ]
29
+    ),
30
+    policy.DocumentedRuleDefault(
31
+        'update_bgpvpn_router_association',
32
+        base.RULE_ADMIN_OR_OWNER,
33
+        'Update a router association',
34
+        [
35
+            {
36
+                'method': 'PUT',
37
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
38
+                         'router_associations/{router_association_id}'),
39
+            },
40
+        ]
41
+    ),
42
+    policy.DocumentedRuleDefault(
43
+        'delete_bgpvpn_router_association',
44
+        base.RULE_ADMIN_OR_OWNER,
45
+        'Delete a router association',
46
+        [
47
+            {
48
+                'method': 'DELETE',
49
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
50
+                         'router_associations/{router_association_id}'),
51
+            },
52
+        ]
53
+    ),
54
+    policy.DocumentedRuleDefault(
55
+        'get_bgpvpn_router_association',
56
+        base.RULE_ADMIN_OR_OWNER,
57
+        'Get router associations',
58
+        [
59
+            {
60
+                'method': 'GET',
61
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/router_associations',
62
+            },
63
+            {
64
+                'method': 'GET',
65
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
66
+                         'router_associations/{router_association_id}'),
67
+            },
68
+        ]
69
+    ),
70
+    policy.DocumentedRuleDefault(
71
+        'get_bgpvpn_router_association:tenant_id',
72
+        base.RULE_ADMIN_ONLY,
73
+        'Get ``tenant_id`` attributes of router associations',
74
+        [
75
+            {
76
+                'method': 'GET',
77
+                'path': '/bgpvpn/bgpvpns/{bgpvpn_id}/router_associations',
78
+            },
79
+            {
80
+                'method': 'GET',
81
+                'path': ('/bgpvpn/bgpvpns/{bgpvpn_id}/'
82
+                         'router_associations/{router_association_id}'),
83
+            },
84
+        ]
85
+    ),
86
+]
87
+
88
+
89
+def list_rules():
90
+    return rules

+ 4
- 2
setup.cfg View File

@@ -25,8 +25,6 @@ packages =
25 25
     networking_bgpvpn_heat
26 26
     bgpvpn_dashboard
27 27
 data_files =
28
-    etc/neutron/policy.d =
29
-        etc/neutron/policy.d/bgpvpn.conf
30 28
     etc/neutron =
31 29
         etc/neutron/networking_bgpvpn.conf
32 30
 
@@ -45,6 +43,10 @@ oslo.config.opts =
45 43
     networking-bgpvpn.service_provider = networking_bgpvpn.neutron.opts:list_service_provider
46 44
 oslo.config.opts.defaults =
47 45
     networking-bgpvpn.service_provider = networking_bgpvpn.neutron.opts:set_service_provider_default
46
+oslo.policy.policies =
47
+    networking-bgpvpn = networking_bgpvpn.policies:list_rules
48
+neutron.policies =
49
+    networking-bgpvpn = networking_bgpvpn.policies:list_rules
48 50
 
49 51
 [build_sphinx]
50 52
 source-dir = doc/source

+ 4
- 0
tox.ini View File

@@ -35,6 +35,7 @@ commands =
35 35
     pylint --rcfile=.pylintrc --output-format=colorized doc/source/samples
36 36
     neutron-db-manage --subproject networking-bgpvpn --database-connection sqlite:// check_migration
37 37
     {[testenv:genconfig]commands}
38
+    {[testenv:genpolicy]commands}
38 39
 
39 40
 [testenv:dsvm]
40 41
 setenv = OS_FAIL_ON_MISSING_DEPS=1
@@ -104,6 +105,9 @@ commands = oslo_debug_helper -t networking_bgpvpn/tests/unit {posargs}
104 105
 [testenv:genconfig]
105 106
 commands = {toxinidir}/tools/generate_config_file_samples.sh
106 107
 
108
+[testenv:genpolicy]
109
+commands = oslopolicy-sample-generator --config-file=etc/oslo-policy-generator/policy.conf
110
+
107 111
 [flake8]
108 112
 show-source = True
109 113
 # E123, E125 skipped as they are invalid PEP-8.

Loading…
Cancel
Save