From 9ba24b91a454b524c7dabf2e604dcd12401415fa Mon Sep 17 00:00:00 2001
From: wangxiyuan <wangxiyuan@huawei.com>
Date: Tue, 26 Dec 2017 22:19:17 +0000
Subject: Implement policies for limits

This commit lays down the policies needed to protect the unified limit
API. A subsequent patch will expose the implementation.

bp unified-limits

Change-Id: I952fe6213adce86a92d7d607c9b639076b279f6c
---
 etc/policy.v3cloudsample.json | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'etc')

diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index c090c0109..6129e593e 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -28,6 +28,18 @@
     "identity:update_endpoint": "rule:cloud_admin",
     "identity:delete_endpoint": "rule:cloud_admin",
 
+    "identity:get_registered_limit": "",
+    "identity:list_registered_limits": "",
+    "identity:create_registered_limits": "rule:admin_required",
+    "identity:update_registered_limits": "rule:admin_required",
+    "identity:delete_registered_limit": "rule:admin_required",
+
+    "identity:get_limit": "",
+    "identity:list_limits": "",
+    "identity:create_limits": "rule:admin_required",
+    "identity:update_limits": "rule:admin_required",
+    "identity:delete_limit": "rule:admin_required",
+
     "identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id or token.project.domain.id:%(target.domain.id)s",
     "identity:list_domains": "rule:cloud_admin",
     "identity:create_domain": "rule:cloud_admin",
-- 
cgit v1.2.1