Fix create_port new API policy roles

Some rules for create port, using new personas policies allowed to create port PROJECT_MEMBER persona but not SYSTEM_ADMIN. So this patch fixes it by adding SYSTEM_ADMIN to that rules too. Related-blueprint: bp/secure-rbac-roles Change-Id: I65130b299541dd4559e2d758fb4ab9d68c6f2cfa
2021-04-01 16:10:04 +02:00 · 2021-04-01 16:10:04 +02:00 · 2bc1572740
parent 07c0cc4a66
commit 2bc1572740
1 changed files with 2 additions and 2 deletions
--- a/neutron/conf/policies/port.py
+++ b/neutron/conf/policies/port.py
@ -51,7 +51,7 @@ rules = [

    policy.DocumentedRuleDefault(
        name='create_port',
-        check_str=base.PROJECT_MEMBER,
+        check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
        scope_types=['system', 'project'],
        description='Create a port',
        operations=ACTION_POST,
@ -211,7 +211,7 @@ rules = [
    ),
    policy.DocumentedRuleDefault(
        name='create_port:binding:vnic_type',
-        check_str=base.PROJECT_MEMBER,
+        check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
        scope_types=['project'],
        description=(
            'Specify ``binding:vnic_type`` '