Fix create_port new API policy roles
Some rules for create port, using new personas policies allowed to
create port PROJECT_MEMBER persona but not SYSTEM_ADMIN. So this patch
fixes it by adding SYSTEM_ADMIN to that rules too.
Related-blueprint: bp/secure-rbac-roles
Change-Id: I65130b299541dd4559e2d758fb4ab9d68c6f2cfa
(cherry picked from commit 2bc1572740
)
This commit is contained in:
parent
80e1d8269b
commit
a25b9f74d6
|
@ -51,7 +51,7 @@ rules = [
|
|||
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_port',
|
||||
check_str=base.PROJECT_MEMBER,
|
||||
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||
scope_types=['system', 'project'],
|
||||
description='Create a port',
|
||||
operations=ACTION_POST,
|
||||
|
@ -211,7 +211,7 @@ rules = [
|
|||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_port:binding:vnic_type',
|
||||
check_str=base.PROJECT_MEMBER,
|
||||
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||
scope_types=['project'],
|
||||
description=(
|
||||
'Specify ``binding:vnic_type`` '
|
||||
|
|
Loading…
Reference in New Issue