Merge "Enable attribute-based policy on router:external_gateway_info"

2013-06-16 06:55:31 +00:00 · 2013-06-16 06:55:31 +00:00 · 7e79dd1ace
parent af91f1b41a a9098d2188
commit 7e79dd1ace
3 changed files with 4 additions and 2 deletions
--- a/quantum/extensions/l3.py
+++ b/quantum/extensions/l3.py
@ -110,7 +110,8 @@ RESOURCE_ATTRIBUTE_MAP = {
                      'validate': {'type:string': None},
                      'is_visible': True},
        EXTERNAL_GW_INFO: {'allow_post': True, 'allow_put': True,
-                           'is_visible': True, 'default': None}
+                           'is_visible': True, 'default': None,
+                           'enforce_policy': True}
    },
    'floatingips': {
        'id': {'allow_post': False, 'allow_put': False,
--- a/quantum/extensions/l3_ext_gw_mode.py
+++ b/quantum/extensions/l3_ext_gw_mode.py
@ -33,6 +33,7 @@ EXTENDED_ATTRIBUTES_2_0 = {
                 'allow_put': True,
                 'is_visible': True,
                 'default': None,
+                 'enforce_policy': True,
                 'validate':
                 {'type:dict_or_nodata':
                  {'network_id': {'type:uuid': None, 'required': True},
--- a/quantum/policy.py
+++ b/quantum/policy.py
@ -149,7 +149,7 @@ def _build_match_rule(action, target):
                                                res_map[resource],
                                                target):
                    attribute = res_map[resource][attribute_name]
-                    if 'enforce_policy' in attribute and is_write:
+                    if 'enforce_policy' in attribute:
                        attr_rule = policy.RuleCheck('rule', '%s:%s' %
                                                     (action, attribute_name))
                        match_rule = policy.AndCheck([match_rule, attr_rule])