d2cc0dc566
Several Metadata Definition delete APIs do not have RBAC. This
patchset add policy enforcment to the following APIs:
- `Delete namespace`
- `Delete object`
- `Remove resource type association`
- `Remove property definition`
- `Delete tag definition`
- `Delete all tag definitions`
The following actions are enforce and added to the policy.json:
- `delete_metadef_namespace`
- `delete_metadef_object`
- `remove_metadef_resource_type_association`
- `remove_metadef_property`
- `delete_metadef_tag`
- `delete_metadef_tags`
Most other APIs have policy enforcement, so the ones above should as
well. Without adding policy enforcement for the above APIs, all roles
can peform the delete APIs noted above.
Change-Id: I8cd6eb26b0d3401fa4667384c31e4c56d838d42b
Closes-Bug: #1782840
Co-Authored-By: julian.sy@att.com
|
||
|---|---|---|
| .. | ||
| glance-swift.conf | ||
| policy.json | ||
| property-protections-policies.conf | ||
| property-protections.conf | ||
| schema-image.json | ||