From 95f677d7f3d134896b8c216b7f2a5d71cc64cd2f Mon Sep 17 00:00:00 2001
From: Salvatore Orlando <salv.orlando@gmail.com>
Date: Fri, 15 Mar 2013 01:31:31 +0100
Subject: [PATCH] Fix typo in policy.json and checks in nicira plugin

Bug 1155379

This patch removes extra colons from policy.json.
Also, it fixes some checks in the nicira plugin which were not
passing correctly the target resource for the policy engine.

Change-Id: I89a1d170818173eaa90b50158289a06455febadc
---
 etc/policy.json                                           | 6 +++---
 quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py | 8 +++-----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/etc/policy.json b/etc/policy.json
index aa18ba6e10a..f2c304b4849 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -51,9 +51,9 @@
     "delete_service_type": "rule:admin_only",
     "get_service_type": "rule:regular_user",
 
-    "create_qos_queue:": "rule:admin_only",
-    "get_qos_queue:": "rule:admin_only",
-    "get_qos_queues:": "rule:admin_only",
+    "create_qos_queue": "rule:admin_only",
+    "get_qos_queue": "rule:admin_only",
+    "get_qos_queues": "rule:admin_only",
 
     "update_agent": "rule:admin_only",
     "delete_agent": "rule:admin_only",
diff --git a/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py b/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
index c5a2780bd7f..abc9ac191f8 100644
--- a/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
+++ b/quantum/plugins/nicira/nicira_nvp_plugin/QuantumPlugin.py
@@ -2208,10 +2208,9 @@ class NvpPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
                                                                        sgrid)
 
     def create_qos_queue(self, context, qos_queue, check_policy=True):
-        if check_policy:
-            self._enforce_set_auth(context, qos_queue,
-                                   ext_qos.qos_queue_create)
         q = qos_queue.get('qos_queue')
+        if check_policy:
+            self._enforce_set_auth(context, q, ext_qos.qos_queue_create)
         self._validate_qos_queue(context, q)
         q['id'] = nvplib.create_lqueue(self.default_cluster,
                                        self._nvp_lqueue(q))
@@ -2229,8 +2228,7 @@ class NvpPluginV2(db_base_plugin_v2.QuantumDbPluginV2,
         return super(NvpPluginV2, self).delete_qos_queue(context, id)
 
     def get_qos_queue(self, context, id, fields=None):
-        if not self._check_view_auth(context, {'qos_queue': None},
-                                     ext_qos.qos_queue_get):
+        if not self._check_view_auth(context, {}, ext_qos.qos_queue_get):
             # don't want the user to find out that they guessed the right id
             # so  we raise not found if the policy.json file doesn't allow them
             raise ext_qos.QueueNotFound(id=id)