cinder/cinder/policies
Lance Bragstad f8e569864f Simplify composite check strings for project personas
This commit adds two check strings to cinder's base policies that
simplify project personas.

The is_admin_project check isn't used in the admin_or_owner rule. The
is_admin property of the context object actually evaluates to
context_is_admin, which just checks if 'admin' is in context.roles.

This check string simplies the indirection. Future patches will likely
change many of the admin_or_owner checks to support system-scope, which
will require modifications to the existing deprecated defaults.

The other thing this change does is include project-reader and
project-member personas into cinder's default check strings. While
cinder doesn't fully support system-scope, we can still pursue
project-personas, allowing a more consistent experience across OpenStack
services.

Change-Id: Ib7856390053d75bd845476f25891923873bf3078
2021-02-17 17:44:40 +00:00
..
__init__.py Default type overrides 2020-09-16 14:05:31 +00:00
attachments.py Add policy check for complete attachment API action 2018-01-24 15:48:22 +00:00
backup_actions.py [policy in code] Add support for backup resource 2017-10-11 09:49:49 +08:00
backups.py [policy in code] Add support for backup resource 2017-10-11 09:49:49 +08:00
base.py Simplify composite check strings for project personas 2021-02-17 17:44:40 +00:00
capabilities.py [TrivialFix] Remove errant comma in capabilities policies 2017-10-26 04:06:50 +01:00
clusters.py Add policy documentation and sample file 2017-10-20 10:47:34 +08:00
default_types.py Default type overrides 2020-09-16 14:05:31 +00:00
group_actions.py [policy in code] Add support for group, g-snapshot resources 2017-10-11 13:19:33 +00:00
group_snapshot_actions.py Correct group:reset_group_snapshot_status policy 2020-12-16 21:34:57 -05:00
group_snapshots.py Add project_id in group snapshots list and show API 2019-03-01 22:59:19 +05:30
group_types.py [policy in code] Add support for group, g-snapshot resources 2017-10-11 13:19:33 +00:00
groups.py Add project_id in group list and show API 2019-01-30 13:20:58 +05:30
hosts.py Update access control of show under hostAPI 2017-11-22 16:19:35 +08:00
limits.py [policy in code] Add support for service, limits 2017-10-12 15:08:34 +08:00
manageable_snapshots.py [policy in code] Add support for snapshot resource 2017-10-10 03:28:08 +00:00
manageable_volumes.py Add policy documentation and sample file 2017-10-20 10:47:34 +08:00
messages.py Add policy documentation and sample file 2017-10-20 10:47:34 +08:00
qos_specs.py [policy in code] Add support for qos and quota resources 2017-10-12 14:22:40 +08:00
quota_class.py [policy in code] Add support for qos and quota resources 2017-10-12 14:22:40 +08:00
quotas.py Remove NestedQuotaDriver 2021-01-19 17:43:29 +00:00
scheduler_stats.py [policy in code] Add support for service, limits 2017-10-12 15:08:34 +08:00
services.py [policy in code] Add support for service, limits 2017-10-12 15:08:34 +08:00
snapshot_actions.py [policy in code] Add support for snapshot resource 2017-10-10 03:28:08 +00:00
snapshot_metadata.py [policy in code] Add support for snapshot resource 2017-10-10 03:28:08 +00:00
snapshots.py Fix policy in code docs for extended_snapshot_attributes 2018-03-18 23:02:10 +00:00
type_extra_specs.py [policy in code] Add support for volume, volume type resources 2017-10-17 09:54:28 +08:00
volume_access.py [policy in code] Add support for volume, volume type resources 2017-10-17 09:54:28 +08:00
volume_actions.py [policy in code] Add support for volume, volume type resources 2017-10-17 09:54:28 +08:00
volume_metadata.py Fix policy documentation for os-show_image_metadata endpoint 2017-11-21 16:02:54 +00:00
volume_transfer.py Correct volume-transfers API endpoint 2018-08-03 17:56:14 -05:00
volume_type.py Correct description for encryption-type policies 2020-04-16 11:20:00 -04:00
volumes.py Add policy in code documentation for os-set_bootable API 2018-07-05 09:06:56 -04:00
workers.py Add policy documentation and sample file 2017-10-20 10:47:34 +08:00