From ef7496d09f7f893dfe621c42370228ebb3369d29 Mon Sep 17 00:00:00 2001 From: Ryan Tidwell Date: Thu, 15 Jan 2015 13:17:17 -0800 Subject: [PATCH] Basic subnetpool CRUD Enable creating, reading, updating, and deleting subnet pools via REST API. Includes required changes to REST, model, alembic migrations, and unit tests. Subnet pools carry a list of IPv4 or IPv6 prefixes from which a subnet can be allocated. This will enable tenants to request a subnet from a pool rather than being forced to explicitly provide their own CIDR's for their subnets. This change simply enables managing the lifecycle of a subnet pool and does not yet enable allocation of subnet prefixes from a pool. Subnet pools can have their prefix bounds (min, max, default), name, and prefix list updated. Changes to prefix bounds do not alter existing allocations and will not be blocked by existing allocations. Prefix lists can only be appended to. Prefixes cannot be removed from the pool once added. ApiImpact Partially-Implements: blueprint subnet-allocation Change-Id: I88c6b15aab258069758f1a9423d6616ceb4a33c4 --- etc/policy.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/etc/policy.json b/etc/policy.json index 4fc6c1c5..ae46bc2c 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -8,6 +8,7 @@ "shared": "field:networks:shared=True", "shared_firewalls": "field:firewalls:shared=True", "shared_firewall_policies": "field:firewall_policies:shared=True", + "shared_subnetpools": "field:subnetpools:shared=True", "external": "field:networks:router:external=True", "default": "rule:admin_or_owner", @@ -16,6 +17,12 @@ "update_subnet": "rule:admin_or_network_owner", "delete_subnet": "rule:admin_or_network_owner", + "create_subnetpool": "", + "create_subnetpool:shared": "rule:admin_only", + "get_subnetpool": "rule:admin_or_owner or rule:shared_subnetpools", + "update_subnetpool": "rule:admin_or_owner", + "delete_subnetpool": "rule:admin_or_owner", + "create_network": "", "get_network": "rule:admin_or_owner or rule:shared or rule:external or rule:context_is_advsvc", "get_network:router:external": "rule:regular_user",