Yes, we can add a policy rule like:
"service_role": "service_roles:<role_name>" "update_port:binding:host_id": "rule:admin_only or rule:service_role"
At now, oslo.context provides several service_xxxx fields [1]. we can discuss what kind of default rules would be nice for nova (or other services).
[1] http://git.openstack.org/cgit/openstack/oslo.context/tree/oslo_context/context.py#n281
Yes, we can add a policy rule like:
"service_role": "service_ roles:< role_name> " port:binding: host_id" : "rule:admin_only or rule:service_role"
"update_
At now, oslo.context provides several service_xxxx fields [1]. we can discuss what kind of default rules would be nice for nova (or other services).
[1] http:// git.openstack. org/cgit/ openstack/ oslo.context/ tree/oslo_ context/ context. py#n281