From 1b8ad7b552d3852843f93a06aea11a4b683d047c Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Mon, 15 Aug 2016 15:42:29 +0100
Subject: [PATCH] Update paste, policy and rootwrap configurations 2016-08-15

Change-Id: I72fab7c6e1d128e0021654265488aba0e5f03d35
---
 templates/policy.json.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 930b1a6b..fc1268c2 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -17,9 +17,11 @@
 
     "create_subnet": "rule:admin_or_network_owner",
     "create_subnet:segment_id": "rule:admin_only",
+    "create_subnet:service_types": "rule:admin_only",
     "get_subnet": "rule:admin_or_owner or rule:shared",
     "get_subnet:segment_id": "rule:admin_only",
     "update_subnet": "rule:admin_or_network_owner",
+    "update_subnet:service_types": "rule:admin_only",
     "delete_subnet": "rule:admin_or_network_owner",
 
     "create_subnetpool": "",
@@ -84,6 +86,7 @@
     "get_port:binding:vif_details": "rule:admin_only",
     "get_port:binding:host_id": "rule:admin_only",
     "get_port:binding:profile": "rule:admin_only",
+    "get_port:ipam_segment_id": "rule:admin_only",
     "update_port": "rule:admin_or_owner or rule:context_is_advsvc",
     "update_port:device_owner": "not rule:network_device or rule:context_is_advsvc or rule:admin_or_network_owner",
     "update_port:mac_address": "rule:admin_only or rule:context_is_advsvc",