vmware-nsx/etc/policy.d/routers.json
Akihiro Motoki b7930ae821 Convert policy.json into policy-in-code
vmware-nsx specific policies are defined as policy-in-code.

- vmware_nsx/policies/lsn.py, qos_queue.py and maclearning.py
  are moved from the neutron repo.
- vmware_nsx/policies/providersecuritygroup.py is based on the difference
  between etc/policy.json and the old neutron policy.json
- vmware_nsx/policies/security_group.py is based on
  etc/policy.d/security-groups.json
- vmware_nsx/policies/network_gateway.py is based on
  etc/policy.d/network-gateways.json

etc/policy.d/dynamic-routing.json and etc/policy.d/neutron-fwaas.json
have no policies specific to vmware-nsx, so they can be dropped and
we can use policy-in-code definitions in neutron-fwaas and
neutron-dynamic-routing.

etc/policy.d/routers.json and flow-classifier.json cannot be
converted into policy-in-code because the default policies are
different from those defined in neutron and networking-sfc.
Note that etc/policy.d/routers.json now has policies which are
different from the default policies defined in the neutron repo.
(Others are clean up by this commit.)

This commit depends on the following patches under review:

(neutron-fwaas policy-in-code support)
Depends-On: https://review.openstack.org/527282
(neutron-dynamic-routing policy-in-code support)
Depends-On: https://review.openstack.org/625429
(networking-sfc policy-in-code support)
Depends-On: https://review.openstack.org/625431
(Drop 3rd-party plugin specific policies)
Depends-On: https://review.openstack.org/625394

Partially Implements: blueprint neutron-policy-in-code

Co-Authored-By: Michal Kelner Mishali <mkelnermishal@vmware.com>
Co-Authored-By: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I96a9dbd759d54308abbc12ce65c97b06a76453cd
2019-01-24 20:00:49 +00:00

9 lines
325 B
JSON

{
"create_router:distributed": "rule:admin_or_owner",
"get_router:distributed": "rule:admin_or_owner",
"update_router:distributed": "rule:admin_or_owner",
"create_router:external_gateway_info:enable_snat": "rule:admin_or_owner",
"update_router:external_gateway_info:enable_snat": "rule:admin_or_owner"
}