[Secure RBAC] Fix policy to get flavors
Flavors are resources which don't have owner and should be able to be listed/showed by any user with READER role. This patch fixes policy for "get_flavor" action to match this requirement. Additionall it removes "project_id" field from the target object in the flavor policy unit tests. Closes-Bug: #2004017 Change-Id: I254e88f7c32343034f4799b63b1088c3f966d7a6
This commit is contained in:
parent
06e2e22d31
commit
1c27d8b5b4
|
@ -47,7 +47,11 @@ rules = [
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name='get_flavor',
|
name='get_flavor',
|
||||||
check_str=base.ADMIN_OR_PROJECT_READER,
|
# NOTE: it can't be ADMIN_OR_PROJECT_READER constant from the base
|
||||||
|
# module because that is using "project_id" in the check string and the
|
||||||
|
# service_provider resource don't belongs to any project thus such
|
||||||
|
# check string would fail enforcement.
|
||||||
|
check_str='role:reader',
|
||||||
description='Get a flavor',
|
description='Get a flavor',
|
||||||
operations=[
|
operations=[
|
||||||
{
|
{
|
||||||
|
|
|
@ -23,7 +23,7 @@ class FlavorAPITestCase(base.PolicyBaseTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(FlavorAPITestCase, self).setUp()
|
super(FlavorAPITestCase, self).setUp()
|
||||||
self.target = {'project_id': self.project_id}
|
self.target = {}
|
||||||
|
|
||||||
|
|
||||||
class SystemAdminTests(FlavorAPITestCase):
|
class SystemAdminTests(FlavorAPITestCase):
|
||||||
|
|
Loading…
Reference in New Issue