Browse Source

Change API policy for service_type to be available for all readers

Service type resource don't have "project_id" so using "PROJECT_*"
rules wasn't working fine.
And this resource should be available for all users so this patch
switches its check_str to be "role:reader" which works for all
types of SYSTEM and PROJECT scope users.

Related-blueprint: bp/secure-rbac-roles
Change-Id: If28e70252c1f9ec76502699fad2d5a2aece8f4fb
changes/95/785895/3
Slawek Kaplonski 2 months ago
committed by Rodolfo Alonso
parent
commit
962d2539a1
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      neutron/conf/policies/service_type.py

+ 1
- 1
neutron/conf/policies/service_type.py View File

@ -22,7 +22,7 @@ DEPRECATION_REASON = (
rules = [
policy.DocumentedRuleDefault(
name='get_service_provider',
check_str=base.SYSTEM_OR_PROJECT_READER,
check_str='role:reader',
description='Get service providers',
operations=[
{


Loading…
Cancel
Save