b7930ae821
vmware-nsx specific policies are defined as policy-in-code. - vmware_nsx/policies/lsn.py, qos_queue.py and maclearning.py are moved from the neutron repo. - vmware_nsx/policies/providersecuritygroup.py is based on the difference between etc/policy.json and the old neutron policy.json - vmware_nsx/policies/security_group.py is based on etc/policy.d/security-groups.json - vmware_nsx/policies/network_gateway.py is based on etc/policy.d/network-gateways.json etc/policy.d/dynamic-routing.json and etc/policy.d/neutron-fwaas.json have no policies specific to vmware-nsx, so they can be dropped and we can use policy-in-code definitions in neutron-fwaas and neutron-dynamic-routing. etc/policy.d/routers.json and flow-classifier.json cannot be converted into policy-in-code because the default policies are different from those defined in neutron and networking-sfc. Note that etc/policy.d/routers.json now has policies which are different from the default policies defined in the neutron repo. (Others are clean up by this commit.) This commit depends on the following patches under review: (neutron-fwaas policy-in-code support) Depends-On: https://review.openstack.org/527282 (neutron-dynamic-routing policy-in-code support) Depends-On: https://review.openstack.org/625429 (networking-sfc policy-in-code support) Depends-On: https://review.openstack.org/625431 (Drop 3rd-party plugin specific policies) Depends-On: https://review.openstack.org/625394 Partially Implements: blueprint neutron-policy-in-code Co-Authored-By: Michal Kelner Mishali <mkelnermishal@vmware.com> Co-Authored-By: Adit Sarfaty <asarfaty@vmware.com> Change-Id: I96a9dbd759d54308abbc12ce65c97b06a76453cd
46 lines
1.3 KiB
Python
46 lines
1.3 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_policy import policy
|
|
|
|
from vmware_nsx.policies import base
|
|
|
|
|
|
rules = [
|
|
policy.DocumentedRuleDefault(
|
|
'create_port:mac_learning_enabled',
|
|
base.RULE_ADMIN_OR_NET_OWNER_OR_ADVSVC,
|
|
'Create a port with ``mac_learning_enabled`` attribute',
|
|
[
|
|
{
|
|
'method': 'POST',
|
|
'path': '/ports',
|
|
},
|
|
]
|
|
),
|
|
policy.DocumentedRuleDefault(
|
|
'update_port:mac_learning_enabled',
|
|
base.RULE_ADMIN_OR_NET_OWNER_OR_ADVSVC,
|
|
'Update ``mac_learning_enabled`` attribute of a port',
|
|
[
|
|
{
|
|
'method': 'PUT',
|
|
'path': '/ports/{id}',
|
|
},
|
|
]
|
|
),
|
|
]
|
|
|
|
|
|
def list_rules():
|
|
return rules
|