openstack
/
neutron
Code Issues Proposed changes

Change API policy for service_type to be available for all readers 

Service type resource don't have "project_id" so using "PROJECT_*"
rules wasn't working fine.
And this resource should be available for all users so this patch
switches its check_str to be "role:reader" which works for all
types of SYSTEM and PROJECT scope users.

Related-blueprint: bp/secure-rbac-roles
Change-Id: If28e70252c1f9ec76502699fad2d5a2aece8f4fb
This commit is contained in:
Slawek Kaplonski 2021-04-12 16:47:56 +02:00 committed by Rodolfo Alonso
parent 5d33a6b9dd
commit 962d2539a1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
neutron/conf/policies/service_type.py
View File

@ -22,7 +22,7 @@ DEPRECATION_REASON = (
rules = [ rules = [
policy.DocumentedRuleDefault( policy.DocumentedRuleDefault(
name='get_service_provider', name='get_service_provider',
check_str=base.SYSTEM_OR_PROJECT_READER, check_str='role:reader',
description='Get service providers', description='Get service providers',
operations=[ operations=[
{ {