From a99046654a0cb6ee47b1cff699e1c372e93920d4 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sun, 5 Apr 2020 00:26:47 -0500
Subject: [PATCH] fix(policy): update the default policy

This updates the policy.yaml file with the latest rules generated by
tox -egenpolicy in openstack/placement project.

Change-Id: I43a2fb00121eb7addd5b07378eb51aeb273aedfb
Signed-off-by: Tin Lam <tin@irrational.io>
---
 placement/values.yaml | 43 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/placement/values.yaml b/placement/values.yaml
index 91f589bbbc..4b350f1843 100644
--- a/placement/values.yaml
+++ b/placement/values.yaml
@@ -60,11 +60,6 @@ network:
       port: 30778
 
 conf:
-  policy:
-    context_is_admin: 'role:admin'
-    segregation: 'rule:context_is_admin'
-    admin_or_owner: 'rule:context_is_admin or project_id:%(project_id)s'
-    default: 'rule:admin_or_owner'
   software:
     apache2:
       binary: apache2
@@ -77,6 +72,44 @@ conf:
       #   - status
       a2enmod: null
       a2dismod: null
+  policy:
+    "context_is_admin": "role:admin"
+    "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
+    "default": "rule:admin_or_owner"
+    "admin_api": "role:admin"
+    "placement:resource_providers:list": "rule:admin_api"
+    "placement:resource_providers:create": "rule:admin_api"
+    "placement:resource_providers:show": "rule:admin_api"
+    "placement:resource_providers:update": "rule:admin_api"
+    "placement:resource_providers:delete": "rule:admin_api"
+    "placement:resource_classes:list": "rule:admin_api"
+    "placement:resource_classes:create": "rule:admin_api"
+    "placement:resource_classes:show": "rule:admin_api"
+    "placement:resource_classes:update": "rule:admin_api"
+    "placement:resource_classes:delete": "rule:admin_api"
+    "placement:resource_providers:inventories:list": "rule:admin_api"
+    "placement:resource_providers:inventories:create": "rule:admin_api"
+    "placement:resource_providers:inventories:show": "rule:admin_api"
+    "placement:resource_providers:inventories:update": "rule:admin_api"
+    "placement:resource_providers:inventories:delete": "rule:admin_api"
+    "placement:resource_providers:aggregates:list": "rule:admin_api"
+    "placement:resource_providers:aggregates:update": "rule:admin_api"
+    "placement:resource_providers:usages": "rule:admin_api"
+    "placement:usages": "rule:admin_api"
+    "placement:traits:list": "rule:admin_api"
+    "placement:traits:show": "rule:admin_api"
+    "placement:traits:update": "rule:admin_api"
+    "placement:traits:delete": "rule:admin_api"
+    "placement:resource_providers:traits:list": "rule:admin_api"
+    "placement:resource_providers:traits:update": "rule:admin_api"
+    "placement:resource_providers:traits:delete": "rule:admin_api"
+    "placement:allocations:manage": "rule:admin_api"
+    "placement:allocations:list": "rule:admin_api"
+    "placement:allocations:update": "rule:admin_api"
+    "placement:allocations:delete": "rule:admin_api"
+    "placement:resource_providers:allocations:list": "rule:admin_api"
+    "placement:allocation_candidates:list": "rule:admin_api"
+    "placement:reshaper:reshape": "rule:admin_api"
   placement:
     DEFAULT:
       debug: false