Change API policy for service_type to be available for all readers
Service type resource don't have "project_id" so using "PROJECT_*" rules wasn't working fine. And this resource should be available for all users so this patch switches its check_str to be "role:reader" which works for all types of SYSTEM and PROJECT scope users. Related-blueprint: bp/secure-rbac-roles Change-Id: If28e70252c1f9ec76502699fad2d5a2aece8f4fb
This commit is contained in:
parent
5d33a6b9dd
commit
962d2539a1
@ -22,7 +22,7 @@ DEPRECATION_REASON = (
|
||||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='get_service_provider',
|
||||
check_str=base.SYSTEM_OR_PROJECT_READER,
|
||||
check_str='role:reader',
|
||||
description='Get service providers',
|
||||
operations=[
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user