Fix create_port new API policy roles
Some rules for create port, using new personas policies allowed to create port PROJECT_MEMBER persona but not SYSTEM_ADMIN. So this patch fixes it by adding SYSTEM_ADMIN to that rules too. Related-blueprint: bp/secure-rbac-roles Change-Id: I65130b299541dd4559e2d758fb4ab9d68c6f2cfa
This commit is contained in:
parent
07c0cc4a66
commit
2bc1572740
|
@ -51,7 +51,7 @@ rules = [
|
||||||
|
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name='create_port',
|
name='create_port',
|
||||||
check_str=base.PROJECT_MEMBER,
|
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
description='Create a port',
|
description='Create a port',
|
||||||
operations=ACTION_POST,
|
operations=ACTION_POST,
|
||||||
|
@ -211,7 +211,7 @@ rules = [
|
||||||
),
|
),
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name='create_port:binding:vnic_type',
|
name='create_port:binding:vnic_type',
|
||||||
check_str=base.PROJECT_MEMBER,
|
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
scope_types=['project'],
|
scope_types=['project'],
|
||||||
description=(
|
description=(
|
||||||
'Specify ``binding:vnic_type`` '
|
'Specify ``binding:vnic_type`` '
|
||||||
|
|
Loading…
Reference in New Issue