Fix policy rules for adding and removing router interfaces
Currently "add_router_interface" and "remove_router_interface" policy rules have the "update_router" prefix and thus are never enforced. Removing the prefix activates the rules. Also moved some rules, so that all router-related rules are now grouped together. Closes-Bug: 1356678 Change-Id: Ib6cc45f2c6d0c7ae394274d6196262529b9fd855
This commit is contained in:
parent
aa1c164b90
commit
f4e652a6c9
|
@ -63,10 +63,17 @@
|
||||||
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
"update_port:mac_learning_enabled": "rule:admin_or_network_owner",
|
||||||
"delete_port": "rule:admin_or_owner",
|
"delete_port": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"create_router": "rule:regular_user",
|
||||||
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
"create_router:external_gateway_info:enable_snat": "rule:admin_only",
|
||||||
"create_router:distributed": "rule:admin_only",
|
"create_router:distributed": "rule:admin_only",
|
||||||
|
"get_router": "rule:admin_or_owner",
|
||||||
|
"get_router:distributed": "rule:admin_only",
|
||||||
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
"update_router:external_gateway_info:enable_snat": "rule:admin_only",
|
||||||
"update_router:distributed": "rule:admin_only",
|
"update_router:distributed": "rule:admin_only",
|
||||||
|
"delete_router": "rule:admin_or_owner",
|
||||||
|
|
||||||
|
"add_router_interface": "rule:admin_or_owner",
|
||||||
|
"remove_router_interface": "rule:admin_or_owner",
|
||||||
|
|
||||||
"create_firewall": "",
|
"create_firewall": "",
|
||||||
"get_firewall": "rule:admin_or_owner",
|
"get_firewall": "rule:admin_or_owner",
|
||||||
|
@ -105,13 +112,6 @@
|
||||||
"get_loadbalancer-agent": "rule:admin_only",
|
"get_loadbalancer-agent": "rule:admin_only",
|
||||||
"get_loadbalancer-pools": "rule:admin_only",
|
"get_loadbalancer-pools": "rule:admin_only",
|
||||||
|
|
||||||
"create_router": "rule:regular_user",
|
|
||||||
"get_router": "rule:admin_or_owner",
|
|
||||||
"get_router:distributed": "rule:admin_only",
|
|
||||||
"update_router:add_router_interface": "rule:admin_or_owner",
|
|
||||||
"update_router:remove_router_interface": "rule:admin_or_owner",
|
|
||||||
"delete_router": "rule:admin_or_owner",
|
|
||||||
|
|
||||||
"create_floatingip": "rule:regular_user",
|
"create_floatingip": "rule:regular_user",
|
||||||
"update_floatingip": "rule:admin_or_owner",
|
"update_floatingip": "rule:admin_or_owner",
|
||||||
"delete_floatingip": "rule:admin_or_owner",
|
"delete_floatingip": "rule:admin_or_owner",
|
||||||
|
|
Loading…
Reference in New Issue