Merge "Migration logic for neutron policy-in-code"
diff --git a/lib/neutron b/lib/neutron
index 4847e87..62f7366 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -183,9 +183,14 @@
# Neutron API server & Neutron plugin
if is_service_enabled neutron-api; then
local policy_file=$NEUTRON_CONF_DIR/policy.json
- cp $NEUTRON_DIR/etc/policy.json $policy_file
# Allow neutron user to administer neutron to match neutron account
- sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $policy_file
+ # NOTE(amotoki): This is required for nova works correctly with neutron.
+ if [ -f $NEUTRON_DIR/etc/policy.json ]; then
+ cp $NEUTRON_DIR/etc/policy.json $policy_file
+ sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $policy_file
+ else
+ echo '{"context_is_admin": "role:admin or user_name:neutron"}' > $policy_file
+ fi
cp $NEUTRON_DIR/etc/api-paste.ini $NEUTRON_CONF_DIR/api-paste.ini
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index be5b73f..2fdb6db 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -699,10 +699,15 @@
cp $NEUTRON_DIR/etc/neutron.conf.sample $NEUTRON_CONF
Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json
- cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
# allow neutron user to administer neutron to match neutron account
- sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
+ # NOTE(amotoki): This is required for nova works correctly with neutron.
+ if [ -f $NEUTRON_DIR/etc/policy.json ]; then
+ cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
+ sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
+ else
+ echo '{"context_is_admin": "role:admin or user_name:neutron"}' > $Q_POLICY_FILE
+ fi
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``.
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``.