Merge pull request #9 from pjediny/lbaasv2 Enable LBaaS v2 for Contrail

commit: 87b07cd33a5082028f75d6291739b914393699d5 [log] [tgz]
author: Jakub Pavlik <pavlk.jakub@gmail.com> Thu Jun 01 10:25:16 2017 +0200
committer: GitHub <noreply@github.com> Thu Jun 01 10:25:16 2017 +0200
tree: cdd450f5c9c0f28ee31e8bed1a6fe76b112a6cd4
parent: 1d4d29ea71e1dc43bdb78f6ecb112183f897c45b [diff]
parent: 1f37f543ecaf2258284ed540ad45abb39eb6733b [diff]
diff --git a/.kitchen.yml b/.kitchen.yml
index 8b89e35..d144018 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml

@@ -24,6 +24,9 @@
     - name: linux
       repo: git
       source: https://github.com/salt-formulas/salt-formula-linux
+    - name: keystone
+      repo: git
+      source: https://github.com/salt-formulas/salt-formula-keystone
   state_top:
     base:
       "*":

diff --git a/README.rst b/README.rst
index 4f0cbbd..e8e633f 100644
--- a/README.rst
+++ b/README.rst

@@ -59,6 +59,20 @@
 because a single request may fail (timeout). This is enabled with both
 parameters *allow_pagination* and *pagination_max_limit* as shown above.
 
+
+Configuration of policy.json file
+
+.. code-block:: yaml
+
+    neutron:
+      server:
+        ....
+        policy:
+          create_subnet: 'rule:admin_or_network_owner'
+          'get_network:queue_id': 'rule:admin_only'
+          # Add key without value to remove line from policy.json
+          'create_network:shared':
+
 Neutron lbaas provides on the controller node
 
 .. code-block:: yaml
@@ -89,6 +103,21 @@
       lbaas:
         enabled: disabled
 
+Enable CORS parameters
+
+.. code-block:: yaml
+
+    neutron:
+      server:
+        cors:
+          allowed_origin: https:localhost.local,http:localhost.local
+          expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+          allow_methods: GET,PUT,POST,DELETE,PATCH
+          allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
+          allow_credentials: True
+          max_age: 86400
+
+
 Neutron VXLAN tenant networks with Network nodes
 ------------------------------------------------
 

diff --git a/_grains/neutron_policy.py b/_grains/neutron_policy.py
new file mode 100644
index 0000000..f194aeb
--- /dev/null
+++ b/_grains/neutron_policy.py

@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import salt.config
+import salt.loader
+
+
+def main():
+    path = "/etc/neutron/policy.json"
+    __opts__ = salt.config.minion_config('/etc/salt/minion')
+    keystone_policy_mod = salt.loader.raw_mod(__opts__, 'keystone_policy', None)
+    if keystone_policy_mod:
+        result = keystone_policy_mod['keystone_policy.rule_list'](path)
+        if result and 'Error' not in result:
+            return {'neutron_policy': result}
+    return {}
+

diff --git a/metadata.yml b/metadata.yml
index c7e6b3b..d43d586 100644
--- a/metadata.yml
+++ b/metadata.yml

@@ -1,3 +1,6 @@
 name: "neutron"
 version: "2016.4.1"
 source: "https://github.com/openstack/salt-formula-neutron"
+dependencies:
+  - name: keystone
+    source: "https://github.com/salt-formulas/salt-formula-keystone"

diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index 6f76ed5..9876a1e 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml

@@ -6,7 +6,7 @@
       heka:
         enabled: true
       sensu:
-        enabled: true
+        enabled: false
       sphinx:
         enabled: true
       config:

diff --git a/neutron/compute.sls b/neutron/compute.sls
index bd6e3e0..bfefb53 100644
--- a/neutron/compute.sls
+++ b/neutron/compute.sls

@@ -50,6 +50,18 @@
     - neutron-l3-agent
     - neutron-metadata-agent
 
+neutron_dvr_agents:
+  service.running:
+    - enable: true
+    - names:
+      - neutron-l3-agent
+      - neutron-metadata-agent
+    - watch:
+      - file: /etc/neutron/l3_agent.ini
+      - file: /etc/neutron/metadata_agent.ini
+    - require:
+      - pkg: neutron_dvr_packages
+
 /etc/neutron/l3_agent.ini:
   file.managed:
   - source: salt://neutron/files/{{ compute.version }}/l3_agent.ini
@@ -57,7 +69,7 @@
   - watch_in:
     - service: neutron_compute_services
   - require:
-    - pkg: neutron_compute_packages
+    - pkg: neutron_dvr_packages
 
 /etc/neutron/metadata_agent.ini:
   file.managed:
@@ -66,7 +78,7 @@
   - watch_in:
     - service: neutron_compute_services
   - require:
-    - pkg: neutron_compute_packages
+    - pkg: neutron_dvr_packages
 
 {% endif %}
 

diff --git a/neutron/files/grafana_dashboards/neutron_influxdb.json b/neutron/files/grafana_dashboards/neutron_influxdb.json
index 3cb72de..ef55556 100644
--- a/neutron/files/grafana_dashboards/neutron_influxdb.json
+++ b/neutron/files/grafana_dashboards/neutron_influxdb.json

@@ -1508,12 +1508,6 @@
                     "$interval"
                   ],
                   "type": "time"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -1521,7 +1515,7 @@
               ],
               "measurement": "openstack_neutron_networks",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_networks\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_networks\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -1732,18 +1726,12 @@
                     "$interval"
                   ],
                   "type": "time"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [],
               "measurement": "openstack_neutron_subnets",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_subnets\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_subnets\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -1971,12 +1959,6 @@
                     "owner"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -1984,7 +1966,7 @@
               ],
               "measurement": "openstack_neutron_ports",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_ports\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_ports\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -2207,12 +2189,6 @@
                     "state"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -2220,7 +2196,7 @@
               ],
               "measurement": "openstack_neutron_routers",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_routers\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_routers\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -2441,12 +2417,6 @@
                     "state"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -2454,7 +2424,7 @@
               ],
               "measurement": "openstack_neutron_floatingips",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_floatingips\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_floatingips\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -2591,5 +2561,5 @@
   },
   "timezone": "browser",
   "title": "Neutron",
-  "version": 4
+  "version": 5
 }

diff --git a/neutron/files/grafana_dashboards/neutron_openvswitch_influxdb.json b/neutron/files/grafana_dashboards/neutron_openvswitch_influxdb.json
index f8419ec..59f4781 100644
--- a/neutron/files/grafana_dashboards/neutron_openvswitch_influxdb.json
+++ b/neutron/files/grafana_dashboards/neutron_openvswitch_influxdb.json

@@ -2705,12 +2705,6 @@
                     "$interval"
                   ],
                   "type": "time"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -2718,7 +2712,7 @@
               ],
               "measurement": "openstack_neutron_networks",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_networks\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_networks\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -2928,18 +2922,12 @@
                     "$interval"
                   ],
                   "type": "time"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [],
               "measurement": "openstack_neutron_subnets",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_subnets\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_subnets\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -3166,12 +3154,6 @@
                     "owner"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -3179,7 +3161,7 @@
               ],
               "measurement": "openstack_neutron_ports",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_ports\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_ports\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -3401,12 +3383,6 @@
                     "state"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -3414,7 +3390,7 @@
               ],
               "measurement": "openstack_neutron_routers",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_routers\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_routers\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -3634,12 +3610,6 @@
                     "state"
                   ],
                   "type": "tag"
-                },
-                {
-                  "params": [
-                    "0"
-                  ],
-                  "type": "fill"
                 }
               ],
               "groupByTags": [
@@ -3647,7 +3617,7 @@
               ],
               "measurement": "openstack_neutron_floatingips",
               "policy": "default",
-              "query": "SELECT last(\"value\") FROM \"openstack_neutron_floatingips\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval) fill(0)",
+              "query": "SELECT last(\"value\") FROM \"openstack_neutron_floatingips\" WHERE \"environment_label\" =~ /^$environment$/ AND $timeFilter GROUP BY time($interval)",
               "rawQuery": false,
               "refId": "A",
               "resultFormat": "time_series",
@@ -3804,5 +3774,5 @@
   },
   "timezone": "browser",
   "title": "Neutron",
-  "version": 1
-}
\ No newline at end of file
+  "version": 2
+}

diff --git a/neutron/files/mitaka/neutron-server.conf.Debian b/neutron/files/mitaka/neutron-server.conf.Debian
index 87ba2b1..9410998 100644
--- a/neutron/files/mitaka/neutron-server.conf.Debian
+++ b/neutron/files/mitaka/neutron-server.conf.Debian

@@ -647,23 +647,42 @@
 # Indicate whether this resource may be shared with the domain received in the
 # requests "origin" header. (list value)
 #allowed_origin = <None>
+{%- if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{%- endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{%- if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{%- endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+{%- if server.cors.expose_headers is defined %}
+expose_headers = {{ server.cors.expose_headers }}
+{%- endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{%- if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{%- endif %}
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{%- if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{%- endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+{%- if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{%- endif %}
+
 
 
 [cors.subdomain]

diff --git a/neutron/files/newton/neutron-generic.conf.Debian b/neutron/files/newton/neutron-generic.conf.Debian
index 545d04a..2f4b89e 100644
--- a/neutron/files/newton/neutron-generic.conf.Debian
+++ b/neutron/files/newton/neutron-generic.conf.Debian

@@ -531,7 +531,7 @@
                          {%- endfor -%}
                              /{{ neutron.message_queue.virtual_host }}
 {%- else %}
-transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}{{ neutron.message_queue.virtual_host }}
+transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}/{{ neutron.message_queue.virtual_host }}
 {%- endif %}
 
 # The messaging driver to use, defaults to rabbit. Other drivers include amqp

diff --git a/neutron/files/newton/neutron-server.conf.Debian b/neutron/files/newton/neutron-server.conf.Debian
index c432f49..ab32f73 100644
--- a/neutron/files/newton/neutron-server.conf.Debian
+++ b/neutron/files/newton/neutron-server.conf.Debian

@@ -560,7 +560,7 @@
                          {%- endfor -%}
                              /{{ server.message_queue.virtual_host }}
 {%- else %}
-transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}{{ server.message_queue.virtual_host }}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
 {%- endif %}
 
 # The default exchange under which topics are scoped. May be overridden by an
@@ -657,23 +657,42 @@
 # Indicate whether this resource may be shared with the domain received in the
 # requests "origin" header. (list value)
 #allowed_origin = <None>
+{%- if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{%- endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{%- if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{%- endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+{%- if server.cors.expose_headers is defined %}
+expose_headers = {{ server.cors.expose_headers }}
+{%- endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{%- if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{%- endif %}
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{%- if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{%- endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
+{%- if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{%- endif %}
+
 
 
 [cors.subdomain]

diff --git a/neutron/files/ocata/neutron-generic.conf.Debian b/neutron/files/ocata/neutron-generic.conf.Debian
index 2687898..6275974 100644
--- a/neutron/files/ocata/neutron-generic.conf.Debian
+++ b/neutron/files/ocata/neutron-generic.conf.Debian

@@ -596,7 +596,7 @@
                          {%- endfor -%}
                              /{{ neutron.message_queue.virtual_host }}
 {%- else %}
-transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}{{ neutron.message_queue.virtual_host }}
+transport_url = rabbit://{{ neutron.message_queue.user }}:{{ neutron.message_queue.password }}@{{ neutron.message_queue.host }}:{{ neutron.message_queue.port }}/{{ neutron.message_queue.virtual_host }}
 {%- endif %}
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers

diff --git a/neutron/files/ocata/neutron-server.conf.Debian b/neutron/files/ocata/neutron-server.conf.Debian
index 170d48c..69841dd 100644
--- a/neutron/files/ocata/neutron-server.conf.Debian
+++ b/neutron/files/ocata/neutron-server.conf.Debian

@@ -43,7 +43,7 @@
 
 core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
 
-service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin{%- if server.lbaas is defined -%}
+service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,trunk{%- if server.lbaas is defined -%}
 ,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
 {%- endif -%}
 
@@ -615,7 +615,7 @@
                          {%- endfor -%}
                              /{{ server.message_queue.virtual_host }}
 {%- else %}
-transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}{{ server.message_queue.virtual_host }}
+transport_url = rabbit://{{ server.message_queue.user }}:{{ server.message_queue.password }}@{{ server.message_queue.host }}:{{ server.message_queue.port }}/{{ server.message_queue.virtual_host }}
 {%- endif %}
 
 # DEPRECATED: The messaging driver to use, defaults to rabbit. Other drivers
@@ -731,24 +731,41 @@
 # requests "origin" header. Format: "<protocol>://<host>[:<port>]", no trailing
 # slash. Example: https://horizon.example.com (list value)
 #allowed_origin = <None>
+{%- if server.cors.allowed_origin is defined %}
+allowed_origin = {{ server.cors.allowed_origin }}
+{%- endif %}
 
 # Indicate that the actual request can include user credentials (boolean value)
 #allow_credentials = true
+{%- if server.cors.allow_credentials is defined %}
+allow_credentials = {{ server.cors.allow_credentials }}
+{%- endif %}
 
 # Indicate which headers are safe to expose to the API. Defaults to HTTP Simple
 # Headers. (list value)
 #expose_headers = X-Auth-Token,X-Subject-Token,X-Service-Token,X-OpenStack-Request-ID,OpenStack-Volume-microversion
+{%- if server.cors.expose_headers is defined %}
+expose_headers = {{ server.cors.expose_headers }}
+{%- endif %}
 
 # Maximum cache age of CORS preflight requests. (integer value)
 #max_age = 3600
+{%- if server.cors.max_age is defined %}
+max_age = {{ server.cors.max_age }}
+{%- endif %}
 
 # Indicate which methods can be used during the actual request. (list value)
 #allow_methods = GET,PUT,POST,DELETE,PATCH
+{%- if server.cors.allow_methods is defined %}
+allow_methods = {{ server.cors.allow_methods }}
+{%- endif %}
 
 # Indicate which header field names may be used during the actual request.
 # (list value)
 #allow_headers = X-Auth-Token,X-Identity-Status,X-Roles,X-Service-Catalog,X-User-Id,X-Tenant-Id,X-OpenStack-Request-ID
-
+{%- if server.cors.allow_headers is defined %}
+allow_headers = {{ server.cors.allow_headers }}
+{%- endif %}
 
 [cors.subdomain]
 

diff --git a/neutron/map.jinja b/neutron/map.jinja
index 27382b4..f670fb0 100644
--- a/neutron/map.jinja
+++ b/neutron/map.jinja

@@ -38,6 +38,7 @@
         'services': ['neutron-server'],
         'notification': False,
         'dpdk': false,
+        'cors': {},
         'audit': {
           'enabled': false
         }
@@ -48,6 +49,7 @@
         'services': ['neutron-server'],
         'notification': False,
         'dpdk': false,
+        'cors': {},
         'audit': {
           'enabled': false
         }

diff --git a/neutron/meta/sphinx.yml b/neutron/meta/sphinx.yml
index a4d2085..20af434 100644
--- a/neutron/meta/sphinx.yml
+++ b/neutron/meta/sphinx.yml

@@ -16,7 +16,7 @@
         bind:
           value: {{ server.bind.address }}:{{ server.bind.port }}
         plugin:
-          value: {{ server.plugin }}
+          value: {{ server.backend.engine }}
         version:
           name: "Version"
           value: {{ server.version }}
@@ -38,4 +38,4 @@
             {%- set pkg_version = "dpkg -l "+pkg+" | grep "+pkg+" | awk '{print $3}'" %}
             * {{ pkg }}: {{ salt['cmd.run'](pkg_version) }}
             {%- endfor %}
-  {%- endif %}
\ No newline at end of file
+  {%- endif %}

diff --git a/neutron/server.sls b/neutron/server.sls
index 2f530e2..5bf73e3 100644
--- a/neutron/server.sls
+++ b/neutron/server.sls

@@ -80,6 +80,30 @@
     - require:
       - pkg: neutron_server_packages
 
+{%- for name, rule in server.get('policy', {}).iteritems() %}
+
+{%- if rule != None %}
+rule_{{ name }}_present:
+  keystone_policy.rule_present:
+  - path: /etc/neutron/policy.json
+  - name: {{ name }}
+  - rule: {{ rule }}
+  - require:
+    - pkg: neutron_server_packages
+
+{%- else %}
+
+rule_{{ name }}_absent:
+  keystone_policy.rule_absent:
+  - path: /etc/neutron/policy.json
+  - name: {{ name }}
+  - require:
+    - pkg: neutron_server_packages
+
+{%- endif %}
+
+{%- endfor %}
+
 {%- if grains.os_family == "Debian" %}
 
 /etc/default/neutron-server:

diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 1aba7fd..763b549 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls

@@ -51,4 +51,8 @@
     audit:
       filter_factory: 'keystonemiddleware.audit:filter_factory'
       map_file: '/etc/pycadf/neutron_api_audit_map.conf'
+    policy:
+      create_subnet: 'rule:admin_or_network_owner'
+      'get_network:queue_id': 'rule:admin_only'
+      'create_network:shared':
 

diff --git a/tests/pillar/control_dvr.sls b/tests/pillar/control_dvr.sls
index 014de67..a6fc8b3 100644
--- a/tests/pillar/control_dvr.sls
+++ b/tests/pillar/control_dvr.sls

@@ -45,4 +45,8 @@
       user: openstack
       virtual_host: /openstack
     plugin: ml2
-    version: mitaka
\ No newline at end of file
+    version: mitaka
+    policy:
+      create_subnet: 'rule:admin_or_network_owner'
+      'get_network:queue_id': 'rule:admin_only'
+      'create_network:shared':

diff --git a/tests/pillar/control_nodvr.sls b/tests/pillar/control_nodvr.sls
index 8840b5e..0d18f6a 100644
--- a/tests/pillar/control_nodvr.sls
+++ b/tests/pillar/control_nodvr.sls

@@ -45,4 +45,8 @@
       user: openstack
       virtual_host: /openstack
     plugin: ml2
-    version: mitaka
\ No newline at end of file
+    version: mitaka
+    policy:
+      create_subnet: 'rule:admin_or_network_owner'
+      'get_network:queue_id': 'rule:admin_only'
+      'create_network:shared':

diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 1f8a28e..2eb905e 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls

@@ -46,3 +46,7 @@
       user: nova
       password: password
       tenant: service
+    policy:
+      create_subnet: 'rule:admin_or_network_owner'
+      'get_network:queue_id': 'rule:admin_only'
+      'create_network:shared':
commit	87b07cd33a5082028f75d6291739b914393699d5	[log] [tgz]
author	Jakub Pavlik <pavlk.jakub@gmail.com>	Thu Jun 01 10:25:16 2017 +0200
committer	GitHub <noreply@github.com>	Thu Jun 01 10:25:16 2017 +0200
tree	cdd450f5c9c0f28ee31e8bed1a6fe76b112a6cd4
parent	1d4d29ea71e1dc43bdb78f6ecb112183f897c45b [diff]
parent	1f37f543ecaf2258284ed540ad45abb39eb6733b [diff]