aa78d70df2
The default rule is broken in the current implementation of ceilometer rbac, because ceilometer rbac.py does not leverage the support provided by oslo_policy . It instead tries to loop through all the rules in the policy.json to check if the rule corresponding to the requested REST api matches with the any in the policy.json. In this process, it completely ignores the existence of the default rule. Closes-Bug: 1435855 Change-Id: Icab626b28d14514b0f024df447a8e7f35c52257c
8 lines
220 B
JSON
8 lines
220 B
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"context_is_project": "project_id:%(target.project_id)s",
|
|
"context_is_owner": "user_id:%(target.user_id)s",
|
|
"segregation": "rule:context_is_admin",
|
|
"default": ""
|
|
}
|