Fix default admin_or_owner policy expression
By default not even an admin can use the get_summary endpoint with
all_tenants=True or using a tenant_id parameter. This commit fixes that.
This rule is now the same as how cinder defines admin_or_owner.
Change-Id: I3e34927e8ab88f25d2975b4dbac89b52a7d94c98
(cherry picked from commit 2a985c94ee
)
This commit is contained in:
parent
9f45001938
commit
f2c4fd963d
|
@ -25,7 +25,9 @@ rules = [
|
|||
check_str='role:admin'),
|
||||
policy.RuleDefault(
|
||||
name='admin_or_owner',
|
||||
check_str='is_admin:True or tenant:%(tenant_id)s'),
|
||||
check_str='is_admin:True or '
|
||||
'(role:admin and is_admin_project:True) or '
|
||||
'tenant:%(tenant_id)s'),
|
||||
policy.RuleDefault(
|
||||
name='default',
|
||||
check_str=UNPROTECTED)
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
#
|
||||
#"context_is_admin": "role:admin"
|
||||
|
||||
#
|
||||
#"admin_or_owner": "is_admin:True or tenant:%(tenant_id)s"
|
||||
#"admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or tenant:%(tenant_id)s"
|
||||
|
||||
#
|
||||
#"default": ""
|
||||
|
||||
# Return the list of every services mapped to a collector.
|
||||
|
@ -48,7 +45,7 @@
|
|||
# GET /v1/info/config
|
||||
#"info:get_config": ""
|
||||
|
||||
# Reture the list of loaded modules in Cloudkitty.
|
||||
# Return the list of loaded modules in Cloudkitty.
|
||||
# LIST /v1/rating/modules
|
||||
#"rating:list_modules": "role:admin"
|
||||
|
||||
|
|
Loading…
Reference in New Issue