Hi, all

 

I have a question about Neutron Policy.

 

I create some neutron policies in the file /etc/neutron/policy.json, plus in this policy file, I don't want to anyone to create address scope and set " "create_address_scope": "!" ". 

 

After that, I execute the command line " openstack address scope create test " by the admin user and it works fine.

 

This is not my expected. 

 

After some investigation, I find that in this pr[1], it will return True directly even if the admin user. 

 

Could someone tell me why the admin user can do anything without the control of policies? Or maybe I make some mistakes?

 

 

Thanks

 

1. https://review.opendev.org/#/c/175238/11/neutron/policy.py