Enable attribute-based policy on router:external_gateway_info

Bug 1186081

This patch also removes a check on is_write in policy.py since
the code block where that check is placed assumed already that
is_write == True

Change-Id: I21c54f63e1948675f67afb088c262dc5316c230d

quantum/extensions/l3.py

@@ -110,7 +110,8 @@ RESOURCE_ATTRIBUTE_MAP = {
                       'validate': {'type:string': None},
                       'is_visible': True},
         EXTERNAL_GW_INFO: {'allow_post': True, 'allow_put': True,
-                           'is_visible': True, 'default': None}
+                           'is_visible': True, 'default': None,
+                           'enforce_policy': True}
     },
     'floatingips': {
         'id': {'allow_post': False, 'allow_put': False,

quantum/extensions/l3_ext_gw_mode.py

@@ -33,6 +33,7 @@ EXTENDED_ATTRIBUTES_2_0 = {
                  'allow_put': True,
                  'is_visible': True,
                  'default': None,
+                 'enforce_policy': True,
                  'validate':
                  {'type:dict_or_nodata':
                   {'network_id': {'type:uuid': None, 'required': True},

quantum/policy.py

@@ -167,7 +167,7 @@ def _build_match_rule(action, target):
                                                 res_map[resource],
                                                 target):
                     attribute = res_map[resource][attribute_name]
-                    if 'enforce_policy' in attribute and is_write:
+                    if 'enforce_policy' in attribute:
                         attr_rule = policy.RuleCheck('rule', '%s:%s' %
                                                      (action, attribute_name))
                         match_rule = policy.AndCheck([match_rule, attr_rule])