Merge "Reorder subnet RBAC policy check strings" into stable/2024.1
This commit is contained in:
commit
399eacbb34
@ -95,17 +95,19 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='get_subnet',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_READER,
|
||||
'rule:shared'),
|
||||
'rule:shared',
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
),
|
||||
scope_types=['project'],
|
||||
description='Get a subnet',
|
||||
operations=ACTION_GET,
|
||||
deprecated_rule=policy.DeprecatedRule(
|
||||
name='get_subnet',
|
||||
check_str=neutron_policy.policy_or(
|
||||
'rule:shared',
|
||||
neutron_policy.RULE_ADMIN_OR_OWNER,
|
||||
'rule:shared'),
|
||||
),
|
||||
deprecated_reason=DEPRECATED_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY)
|
||||
),
|
||||
@ -124,9 +126,10 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='get_subnets_tags',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_READER,
|
||||
'rule:shared'),
|
||||
'rule:shared',
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
),
|
||||
scope_types=['project'],
|
||||
description='Get the subnet tags',
|
||||
operations=ACTION_GET_TAGS,
|
||||
@ -134,8 +137,8 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='update_subnet',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_MEMBER),
|
||||
base.PROJECT_MEMBER,
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER),
|
||||
scope_types=['project'],
|
||||
description='Update a subnet',
|
||||
operations=ACTION_PUT,
|
||||
@ -172,8 +175,9 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='update_subnets_tags',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.PROJECT_MEMBER,
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_MEMBER),
|
||||
),
|
||||
scope_types=['project'],
|
||||
description='Update the subnet tags',
|
||||
operations=ACTION_PUT_TAGS,
|
||||
@ -181,8 +185,9 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='delete_subnet',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.PROJECT_MEMBER,
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_MEMBER),
|
||||
),
|
||||
scope_types=['project'],
|
||||
description='Delete a subnet',
|
||||
operations=ACTION_DELETE,
|
||||
@ -195,8 +200,9 @@ rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='delete_subnets_tags',
|
||||
check_str=neutron_policy.policy_or(
|
||||
base.PROJECT_MEMBER,
|
||||
base.ADMIN_OR_NET_OWNER_MEMBER,
|
||||
base.PROJECT_MEMBER),
|
||||
),
|
||||
scope_types=['project'],
|
||||
description='Delete the subnet tags',
|
||||
operations=ACTION_DELETE_TAGS,
|
||||
|
Loading…
x
Reference in New Issue
Block a user