Merge "Update the default policy rule for /v1/storage/dataframes"
This commit is contained in:
commit
6c36f6721d
|
@ -54,7 +54,10 @@ class DataFramesController(rest.RestController):
|
||||||
:return: Collection of DataFrame objects.
|
:return: Collection of DataFrame objects.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
policy.authorize(pecan.request.context, 'storage:list_data_frames', {})
|
project_id = tenant_id or pecan.request.context.project_id
|
||||||
|
policy.authorize(pecan.request.context, 'storage:list_data_frames', {
|
||||||
|
'tenant_id': project_id,
|
||||||
|
})
|
||||||
|
|
||||||
scope_key = CONF.collect.scope_key
|
scope_key = CONF.collect.scope_key
|
||||||
backend = pecan.request.storage_backend
|
backend = pecan.request.storage_backend
|
||||||
|
|
|
@ -20,7 +20,7 @@ from cloudkitty.common.policies import base
|
||||||
storage_policies = [
|
storage_policies = [
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name='storage:list_data_frames',
|
name='storage:list_data_frames',
|
||||||
check_str=base.UNPROTECTED,
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
description='Return a list of rated resources for a time period '
|
description='Return a list of rated resources for a time period '
|
||||||
'and a tenant.',
|
'and a tenant.',
|
||||||
operations=[{'path': '/v1/storage/dataframes',
|
operations=[{'path': '/v1/storage/dataframes',
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
The default policy for the ``/v1/storage/dataframes`` endpoint has been
|
||||||
|
changed from ``unprotected`` (accessible by any unauthenticated used) to
|
||||||
|
``admin_or_owner`` (accessible only by admins or members of the project).
|
Loading…
Reference in New Issue