openstack
/
neutron-dynamic-routing
Code Issues Proposed changes

Add authZ through incorporation of policy checks. 

Adds the policy openstack-common module and implements policy checks
for the v2 API.  Note that this cut only addresses whole objects (i.e.,
a subnet or a network or a port), not specific fields within objects.
(This means that attributes are not filtered out based on policies.)
Implements blueprint authorization-support-for-quantum.

Change-Id: I1b52b1791a1f14f0af6508a63a40a38e440f15fe
This commit is contained in:
Kevin L. Mitchell 2012-06-14 09:39:57 -05:00
parent 49c71b935d
commit 87a815f12a
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
etc/policy.json Normal file
View File

@ -0,0 +1,19 @@
{
"admin_or_owner": [["role:admin"], ["tenant_id:%(tenant_id)s"]],
"default": [["rule:admin_or_owner"]],
"create_subnet": [],
"get_subnet": [["rule:admin_or_owner"]],
"update_subnet": [["rule:admin_or_owner"]],
"delete_subnet": [["rule:admin_or_owner"]],
"create_network": [],
"get_network": [["rule:admin_or_owner"]],
"update_network": [["rule:admin_or_owner"]],
"delete_network": [["rule:admin_or_owner"]],
"create_port": [],
"get_port": [["rule:admin_or_owner"]],
"update_port": [["rule:admin_or_owner"]],
"delete_port": [["rule:admin_or_owner"]]
}