[policy in code] part3 (resource types)

Allow use policy in code to resource type's rule.
Also add test for override the in-code resource type rule in json
file.
Partially-Implements: bp policy-in-code

Change-Id: Id6c21732e66de6c421427ded98de52f5da0a4db2

1 files changed, 1 insertions, 17 deletions

diff --git a/etc/heat/policy.json b/etc/heat/policy.json
index 3c85e1df2..9fbf21a80 100644
--- a/etc/heat/policy.json
+++ b/etc/heat/policy.json
@@ -47,21 +47,5 @@
     "software_deployments:delete": "rule:deny_stack_user",
     "software_deployments:metadata": "",
 
-    "service:index": "rule:context_is_admin",
-
-    "resource_types:OS::Nova::Flavor": "rule:project_admin",
-    "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin",
-    "resource_types:OS::Cinder::VolumeType": "rule:project_admin",
-    "resource_types:OS::Cinder::Quota": "rule:project_admin",
-    "resource_types:OS::Neutron::Quota": "rule:project_admin",
-    "resource_types:OS::Nova::Quota": "rule:project_admin",
-    "resource_types:OS::Manila::ShareType": "rule:project_admin",
-    "resource_types:OS::Neutron::ProviderNet": "rule:project_admin",
-    "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin",
-    "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin",
-    "resource_types:OS::Neutron::Segment": "rule:project_admin",
-    "resource_types:OS::Nova::HostAggregate": "rule:project_admin",
-    "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin",
-    "resource_types:OS::Cinder::QoSAssociation": "rule:project_admin",
-    "resource_types:OS::Keystone::*": "rule:project_admin"
+    "service:index": "rule:context_is_admin"
 }