3 files changed, 26 insertions, 4 deletions

diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample
index 7524a7e5e..9e095cb29 100644
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@@ -515,8 +515,8 @@
 # (string value)
 #vpn_image_id=0
 
-# Instance type for vpn instances (string value)
-#vpn_instance_type=m1.tiny
+# Flavor for vpn instances (string value)
+#vpn_flavor=m1.tiny
 
 # Template for cloudpipe instance boot script (string value)
 #boot_script_template=$pybasedir/nova/cloudpipe/bootscript.template
@@ -641,8 +641,8 @@
 # Options defined in nova.compute.flavors
 #
 
-# default instance type to use, testing only (string value)
-#default_instance_type=m1.small
+# default flavor to use, testing only (string value)
+#default_flavor=m1.small
 
 
 #
diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index a9a584237..69fbbb584 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -33,26 +33,34 @@
     "compute_extension:attach_interfaces": "",
     "compute_extension:baremetal_nodes": "rule:admin_api",
     "compute_extension:cells": "rule:admin_api",
+    "compute_extension:v3:os-cells": "rule:admin_api",
     "compute_extension:certificates": "",
+    "compute_extension:v3:os-certificates": "",
     "compute_extension:cloudpipe": "rule:admin_api",
     "compute_extension:cloudpipe_update": "rule:admin_api",
     "compute_extension:console_output": "",
+    "compute_extension:v3:consoles:discoverable": "",
     "compute_extension:consoles": "",
     "compute_extension:coverage_ext": "rule:admin_api",
     "compute_extension:createserverext": "",
     "compute_extension:deferred_delete": "",
     "compute_extension:disk_config": "",
     "compute_extension:evacuate": "rule:admin_api",
+    "compute_extension:v3:os-evacuate": "rule:admin_api",
     "compute_extension:extended_server_attributes": "rule:admin_api",
     "compute_extension:extended_status": "",
     "compute_extension:extended_availability_zone": "",
     "compute_extension:extended_ips": "",
     "compute_extension:extended_ips_mac": "",
     "compute_extension:extended_vif_net": "",
+    "compute_extension:v3:extension_info:discoverable": "",
     "compute_extension:fixed_ips": "rule:admin_api",
+    "compute_extension:v3:os-fixed-ips:discoverable": "",
     "compute_extension:v3:os-fixed-ips": "rule:admin_api",
     "compute_extension:flavor_access": "",
+    "compute_extension:v3:os-flavor-access": "",
     "compute_extension:flavor_disabled": "",
+    "compute_extension:v3:os-flavor-disabled": "",
     "compute_extension:flavor_rxtx": "",
     "compute_extension:flavor_swap": "",
     "compute_extension:flavorextradata": "",
@@ -72,10 +80,13 @@
     "compute_extension:hosts": "rule:admin_api",
     "compute_extension:hypervisors": "rule:admin_api",
     "compute_extension:image_size": "",
+    "compute_extension:v3:os-images": "",
     "compute_extension:instance_actions": "",
     "compute_extension:instance_actions:events": "rule:admin_api",
     "compute_extension:instance_usage_audit_log": "rule:admin_api",
+    "compute_extension:v3:ips:discoverable": "",
     "compute_extension:keypairs": "",
+    "compute_extension:v3:os-keypairs:discoverable": "",
     "compute_extension:v3:os-keypairs": "",
     "compute_extension:multinic": "",
     "compute_extension:networks": "rule:admin_api",
@@ -84,14 +95,20 @@
     "compute_extension:quotas:show": "",
     "compute_extension:quotas:update": "rule:admin_api",
     "compute_extension:quotas:delete": "rule:admin_api",
+    "compute_extension:v3:os-quota-sets:show": "",
+    "compute_extension:v3:os-quota-sets:update": "rule:admin_api",
+    "compute_extension:v3:os-quota-sets:delete": "rule:admin_api",
     "compute_extension:quota_classes": "",
     "compute_extension:rescue": "",
+    "compute_extension:v3:os-rescue": "",
     "compute_extension:security_group_default_rules": "rule:admin_api",
     "compute_extension:security_groups": "",
     "compute_extension:server_diagnostics": "rule:admin_api",
+    "compute_extension:v3:os-server-diagnostics": "rule:admin_api",
     "compute_extension:server_password": "",
     "compute_extension:server_usage": "",
     "compute_extension:services": "rule:admin_api",
+    "compute_extension:v3:servers:discoverable": "",
     "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner",
     "compute_extension:simple_tenant_usage:list": "rule:admin_api",
     "compute_extension:users": "rule:admin_api",
diff --git a/etc/nova/rootwrap.d/network.filters b/etc/nova/rootwrap.d/network.filters
index 02138cff4..9a607bf84 100644
--- a/etc/nova/rootwrap.d/network.filters
+++ b/etc/nova/rootwrap.d/network.filters
@@ -34,6 +34,11 @@ ovs-vsctl: CommandFilter, ovs-vsctl, root
 # nova/network/linux_net.py: 'ovs-ofctl', ....
 ovs-ofctl: CommandFilter, ovs-ofctl, root
 
+# nova/virt/libvirt/vif.py: 'ivs-ctl', ...
+# nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ...
+# nova/network/linux_net.py: 'ivs-ctl', ....
+ivs-ctl: CommandFilter, ivs-ctl, root
+
 # nova/network/linux_net.py: 'ebtables', '-D' ...
 # nova/network/linux_net.py: 'ebtables', '-I' ...
 ebtables: CommandFilter, ebtables, root