From c6be78deb6a3a7cbf092efdfb54f561ce689605f Mon Sep 17 00:00:00 2001
From: unicell <unicell@gmail.com>
Date: Sat, 18 Aug 2012 14:23:01 +0800
Subject: Remove hard-coded 'admin' role checking and use policy instead

bug 1037786

This change removed hard-coded 'admin' role checking, and use policy check to
decide is_admin at the time of context construction. And also set
default admin role to 'admin', in policy template, to keep backward
compatibility.

Change-Id: I56b45bfdfba1b8e1391bde7fec3d4cf26c66324c
---
 etc/nova/policy.json | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc')

diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index 3970ce96a..02bf503cd 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -1,4 +1,5 @@
 {
+    "admin":  [["role:admin"]],
     "admin_or_owner":  [["role:admin"], ["project_id:%(project_id)s"]],
     "default": [["rule:admin_or_owner"]],
 
-- 
cgit