Merge "Add missing policy actions to policy.json file"

etc/policy.json

@@ -73,6 +73,7 @@
     "create_port": "",
     "create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
+    "create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
     "create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
@@ -89,6 +90,7 @@
     "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
     "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
+    "update_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
     "update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
@@ -100,6 +102,8 @@
     "delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
 
     "create_router": "rule:regular_user",
+    "create_router:external_gateway_info": "rule:admin_or_owner",
+    "create_router:external_gateway_info:network_id": "rule:admin_or_owner",
     "create_router:external_gateway_info:enable_snat": "rule:admin_only",
     "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
     "create_router:distributed": "rule:admin_only",

neutron/tests/etc/policy.json

@@ -73,6 +73,7 @@
     "create_port": "",
     "create_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:mac_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
+    "create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
     "create_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
@@ -89,6 +90,7 @@
     "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
     "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",
+    "update_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",
     "update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",
@@ -100,6 +102,8 @@
     "delete_port": "rule:context_is_advsvc or rule:admin_owner_or_network_owner",
 
     "create_router": "rule:regular_user",
+    "create_router:external_gateway_info": "rule:admin_or_owner",
+    "create_router:external_gateway_info:network_id": "rule:admin_or_owner",
     "create_router:external_gateway_info:enable_snat": "rule:admin_only",
     "create_router:external_gateway_info:external_fixed_ips": "rule:admin_only",
     "create_router:distributed": "rule:admin_only",

neutron/tests/unit/extensions/test_l3.py

@@ -1298,8 +1298,7 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
                                         'ip_address':
                                             s2['subnet']['gateway_ip']}
                     with self.port(subnet=s1, fixed_ips=fixed_ips,
-                                   tenant_id=router_tenant_id,
-                                   set_context=True) as p:
+                                   tenant_id=router_tenant_id) as p:
                         kwargs = {'expected_code': expected_code}
                         if not router_action_as_admin:
                             kwargs['tenant_id'] = router_tenant_id
@@ -1800,7 +1799,7 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
                 gw_info = body['router']['external_gateway_info']
                 self.assertIsNone(gw_info)
 
-    def test_create_router_port_with_device_id_of_other_teants_router(self):
+    def test_create_router_port_with_device_id_of_other_tenants_router(self):
         with self.router() as admin_router:
             with self.network(tenant_id='tenant_a',
                               set_context=True) as n:
@@ -1814,7 +1813,7 @@ class L3NatTestCaseBase(L3NatTestCaseMixin):
                             set_context=True,
                             expected_res_status=exc.HTTPConflict.code)
 
-    def test_create_non_router_port_device_id_of_other_teants_router_update(
+    def test_create_non_router_port_device_id_of_other_tenants_router_update(
         self):
         # This tests that HTTPConflict is raised if we create a non-router
         # port that matches the device_id of another tenants router and then