Enable attribute-based policy on router:external_gateway_info

Bug 1186081

This patch also removes a check on is_write in policy.py since
the code block where that check is placed assumed already that
is_write == True

Change-Id: I21c54f63e1948675f67afb088c262dc5316c230d
This commit is contained in:
Salvatore Orlando 2013-05-31 17:28:35 +02:00
parent 7dc3849592
commit a9098d2188
3 changed files with 4 additions and 2 deletions

View File

@ -110,7 +110,8 @@ RESOURCE_ATTRIBUTE_MAP = {
'validate': {'type:string': None},
'is_visible': True},
EXTERNAL_GW_INFO: {'allow_post': True, 'allow_put': True,
'is_visible': True, 'default': None}
'is_visible': True, 'default': None,
'enforce_policy': True}
},
'floatingips': {
'id': {'allow_post': False, 'allow_put': False,

View File

@ -33,6 +33,7 @@ EXTENDED_ATTRIBUTES_2_0 = {
'allow_put': True,
'is_visible': True,
'default': None,
'enforce_policy': True,
'validate':
{'type:dict_or_nodata':
{'network_id': {'type:uuid': None, 'required': True},

View File

@ -167,7 +167,7 @@ def _build_match_rule(action, target):
res_map[resource],
target):
attribute = res_map[resource][attribute_name]
if 'enforce_policy' in attribute and is_write:
if 'enforce_policy' in attribute:
attr_rule = policy.RuleCheck('rule', '%s:%s' %
(action, attribute_name))
match_rule = policy.AndCheck([match_rule, attr_rule])