e9dfe5ddaa
This patch implements the project scoped rbac policies for a system and project scoped deployment of ironic. Because of the nature of Ports and Portgroups, along with the subcontroller resources, this change was a little more invasive than was originally anticipated. In that process, along with some discussion in the #openstack-ironic IRC channel, that it would be most security concious to respond only with 404s if the user simply does not have access to the underlying node object. In essence, their view of the universe has been restricted as they have less acess rights, and we appropriately enforce that. Not expecting that, or not conciously being aware of that, can quickly lead to confusion though. Possibly a day or more of Julia's life as well, but it comes down to perceptions and awareness. Change-Id: I68c5f2bae76ca313ba77285747dc6b1bc8b623b9 |
||
---|---|---|
.. | ||
v1 | ||
__init__.py | ||
test_base.py |