From 3e1d3d0659b6d626b9d9f6b1e76b35b3f5fc725e Mon Sep 17 00:00:00 2001
From: Brian Haley <brian.haley@hpe.com>
Date: Fri, 9 Oct 2015 19:09:11 -0400
Subject: [PATCH] Implement 'get-me-a-network' API building block

This patch introduces an API to allocate an externally connected
private tenant network on demand. The API is idempotent in that,
once the topology is provisioned, further API calls keep returning
the same topology to the caller.

The API, as introduced by the patch, is not currently on, and its
design carefully ensures minimal impact on the existing codebase.
In fact the feature depends on and enhances the external-net extension,
but it does so via callbacks.

A subsequent patch in this series will make it available by default,
and API tests will be added to validate the functionality.

Partially-implements: blueprint get-me-a-network

Co-Authored-By: Armando Migliaccio <armamig@gmail.com>
Co-Authored-By: Henry Gessau <HenryG@gessau.net>

Change-Id: I4abd45252026431452f0d2cb2805043489c2f6ad
---
 etc/policy.json                     | 4 +++-
 neutron/db/migration/models/head.py | 1 +
 neutron/tests/etc/policy.json       | 4 +++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/etc/policy.json b/etc/policy.json
index c551eb81..34f7a534 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -45,6 +45,7 @@
     "get_network:queue_id": "rule:admin_only",
     "create_network:shared": "rule:admin_only",
     "create_network:router:external": "rule:admin_only",
+    "create_network:is_default": "rule:admin_only",
     "create_network:segments": "rule:admin_only",
     "create_network:provider:network_type": "rule:admin_only",
     "create_network:provider:physical_network": "rule:admin_only",
@@ -203,5 +204,6 @@
 
     "create_flavor_service_profile": "rule:admin_only",
     "delete_flavor_service_profile": "rule:admin_only",
-    "get_flavor_service_profile": "rule:regular_user"
+    "get_flavor_service_profile": "rule:regular_user",
+    "get_auto_allocated_topology": "rule:admin_or_owner"
 }
diff --git a/neutron/db/migration/models/head.py b/neutron/db/migration/models/head.py
index 16cc7a33..789c8972 100644
--- a/neutron/db/migration/models/head.py
+++ b/neutron/db/migration/models/head.py
@@ -54,6 +54,7 @@ from neutron.plugins.ml2.drivers import type_gre  # noqa
 from neutron.plugins.ml2.drivers import type_vlan  # noqa
 from neutron.plugins.ml2.drivers import type_vxlan  # noqa
 from neutron.plugins.ml2 import models  # noqa
+from neutron.services.auto_allocate import models  # noqa
 
 
 def get_metadata():
diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json
index c551eb81..34f7a534 100644
--- a/neutron/tests/etc/policy.json
+++ b/neutron/tests/etc/policy.json
@@ -45,6 +45,7 @@
     "get_network:queue_id": "rule:admin_only",
     "create_network:shared": "rule:admin_only",
     "create_network:router:external": "rule:admin_only",
+    "create_network:is_default": "rule:admin_only",
     "create_network:segments": "rule:admin_only",
     "create_network:provider:network_type": "rule:admin_only",
     "create_network:provider:physical_network": "rule:admin_only",
@@ -203,5 +204,6 @@
 
     "create_flavor_service_profile": "rule:admin_only",
     "delete_flavor_service_profile": "rule:admin_only",
-    "get_flavor_service_profile": "rule:regular_user"
+    "get_flavor_service_profile": "rule:regular_user",
+    "get_auto_allocated_topology": "rule:admin_or_owner"
 }