From a053e1070c357f2d5fcf8b258ebeec51461cd3f9 Mon Sep 17 00:00:00 2001
From: "vikram.choudhary" <vikram.choudhary@huawei.com>
Date: Tue, 9 Jun 2015 19:55:59 +0530
Subject: [PATCH] Support Basic Address Scope CRUD as extensions

This patch adds the support for basic address scope CRUD.
Subsequent patches will be added to use this address scope
on subnet pools.

DocImpact
APIImpact

Co-Authored-By: Ryan Tidwell <rktidwell85@gmail.com>
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Change-Id: Icabdd22577cfda0e1fbf6042e4b05b8080e54fdb
Partially-implements:  blueprint address-scopes
---
 etc/policy.json               | 8 ++++++++
 neutron/tests/etc/policy.json | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/etc/policy.json b/etc/policy.json
index 87f6b266..eaf6d685 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -9,6 +9,7 @@
     "shared_firewalls": "field:firewalls:shared=True",
     "shared_firewall_policies": "field:firewall_policies:shared=True",
     "shared_subnetpools": "field:subnetpools:shared=True",
+    "shared_address_scopes": "field:address_scopes:shared=True",
     "external": "field:networks:router:external=True",
     "default": "rule:admin_or_owner",
 
@@ -23,6 +24,13 @@
     "update_subnetpool": "rule:admin_or_owner",
     "delete_subnetpool": "rule:admin_or_owner",
 
+    "create_address_scope": "",
+    "create_address_scope:shared": "rule:admin_only",
+    "get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
+    "update_address_scope": "rule:admin_or_owner",
+    "update_address_scope:shared": "rule:admin_only",
+    "delete_address_scope": "rule:admin_or_owner",
+
     "create_network": "",
     "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
     "get_network:router:external": "rule:regular_user",
diff --git a/neutron/tests/etc/policy.json b/neutron/tests/etc/policy.json
index 87f6b266..eaf6d685 100644
--- a/neutron/tests/etc/policy.json
+++ b/neutron/tests/etc/policy.json
@@ -9,6 +9,7 @@
     "shared_firewalls": "field:firewalls:shared=True",
     "shared_firewall_policies": "field:firewall_policies:shared=True",
     "shared_subnetpools": "field:subnetpools:shared=True",
+    "shared_address_scopes": "field:address_scopes:shared=True",
     "external": "field:networks:router:external=True",
     "default": "rule:admin_or_owner",
 
@@ -23,6 +24,13 @@
     "update_subnetpool": "rule:admin_or_owner",
     "delete_subnetpool": "rule:admin_or_owner",
 
+    "create_address_scope": "",
+    "create_address_scope:shared": "rule:admin_only",
+    "get_address_scope": "rule:admin_or_owner or rule:shared_address_scopes",
+    "update_address_scope": "rule:admin_or_owner",
+    "update_address_scope:shared": "rule:admin_only",
+    "delete_address_scope": "rule:admin_or_owner",
+
     "create_network": "",
     "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc",
     "get_network:router:external": "rule:regular_user",