cyborg/cyborg/policies
Ghanshyam Mann d74365969e Drop system scope from RBAC
In new RBAC rules, all openstack services except
ironic and keystone have dropped the system scope.
- https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1

All the policy rules should be scoped to project and
system scoped token should not be allowed to access
the Cyborg APIs.

As oslo.policy 4.4.0 enable the scope check and new
defaults, it break cyborg tests and to fix that we need
to drop the system scope from the cyborg policies.

Ref:
- https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/6IDPXIXZ6FBKONNHFRU3ZPSXIIQJXUIE/
- https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/MPHSVG222OFHJL2AQD2A7CJGTH57SRCJ/

Change-Id: Iafbd5470e55e10ffb6bcddd232a698eb042d7eed
2024-09-17 20:56:51 -07:00
..
__init__.py Add attribute_list_api 2022-12-01 09:18:45 +08:00
base.py Drop system scope from RBAC 2024-09-17 20:56:51 -07:00
device_profiles.py Drop system scope from RBAC 2024-09-17 20:56:51 -07:00