b3a970a5e4
Adds the policy openstack-common module and implements policy checks for the v2 API. Note that this cut only addresses whole objects (i.e., a subnet or a network or a port), not specific fields within objects. (This means that attributes are not filtered out based on policies.) Implements blueprint authorization-support-for-quantum. Change-Id: I1b52b1791a1f14f0af6508a63a40a38e440f15fe
20 lines
611 B
JSON
20 lines
611 B
JSON
{
|
|
"admin_or_owner": [["role:admin"], ["tenant_id:%(tenant_id)s"]],
|
|
"default": [["rule:admin_or_owner"]],
|
|
|
|
"create_subnet": [],
|
|
"get_subnet": [["rule:admin_or_owner"]],
|
|
"update_subnet": [["rule:admin_or_owner"]],
|
|
"delete_subnet": [["rule:admin_or_owner"]],
|
|
|
|
"create_network": [],
|
|
"get_network": [["rule:admin_or_owner"]],
|
|
"update_network": [["rule:admin_or_owner"]],
|
|
"delete_network": [["rule:admin_or_owner"]],
|
|
|
|
"create_port": [],
|
|
"get_port": [["rule:admin_or_owner"]],
|
|
"update_port": [["rule:admin_or_owner"]],
|
|
"delete_port": [["rule:admin_or_owner"]]
|
|
}
|