Fix create_port new API policy roles
Some rules for create port, using new personas policies allowed to create port PROJECT_MEMBER persona but not SYSTEM_ADMIN. So this patch fixes it by adding SYSTEM_ADMIN to that rules too. Related-blueprint: bp/secure-rbac-roles Change-Id: I65130b299541dd4559e2d758fb4ab9d68c6f2cfa
This commit is contained in:
parent
07c0cc4a66
commit
2bc1572740
|
@ -51,7 +51,7 @@ rules = [
|
|||
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_port',
|
||||
check_str=base.PROJECT_MEMBER,
|
||||
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||
scope_types=['system', 'project'],
|
||||
description='Create a port',
|
||||
operations=ACTION_POST,
|
||||
|
@ -211,7 +211,7 @@ rules = [
|
|||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_port:binding:vnic_type',
|
||||
check_str=base.PROJECT_MEMBER,
|
||||
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||
scope_types=['project'],
|
||||
description=(
|
||||
'Specify ``binding:vnic_type`` '
|
||||
|
|
Loading…
Reference in New Issue