From 6f9fdcb3a152da3f2954589a1bd20064f2d7faea Mon Sep 17 00:00:00 2001
From: Aaron Rosen <arosen@nicira.com>
Date: Thu, 30 May 2013 19:33:55 -0700
Subject: [PATCH] Add L3 resources to policy.json

This patch adds the l3 resources to policy.json. I tested changing the
rule to rule:admin_only for all the resources added and they were
enforced as expected.

Fixes bug 1186077

Change-Id: Ib5e2879165d9dc6416be4c96c62d6e49452d3be5
---
 etc/policy.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/etc/policy.json b/etc/policy.json
index d62a724f76e..6e31a33c569 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -73,5 +73,16 @@
     "delete_l3-router": "rule:admin_only",
     "get_l3-routers": "rule:admin_only",
     "get_dhcp-agents": "rule:admin_only",
-    "get_l3-agents": "rule:admin_only"
+    "get_l3-agents": "rule:admin_only",
+
+    "create_router": "rule:regular_user",
+    "get_router": "rule:admin_or_owner",
+    "update_router:add_router_interface": "rule:admin_or_owner",
+    "update_router:remove_router_interface": "rule:admin_or_owner",
+    "delete_router": "rule:admin_or_owner",
+
+    "create_floatingip": "rule:regular_user",
+    "update_floatingip": "rule:admin_or_owner",
+    "delete_floatingip": "rule:admin_or_owner",
+    "get_floatingip": "rule:admin_or_owner"
 }