Merge "Implement new policy rules NET_OWNER and PARENT_OWNER"

2021-03-08 10:12:55 +00:00 · 2021-03-08 10:12:55 +00:00 · b7c4a11158
commit b7c4a11158
parent 2328cd7c84 067241b11b
1 changed files with 8 additions and 0 deletions
--- a/neutron/conf/policies/base.py
+++ b/neutron/conf/policies/base.py
@ -111,6 +111,10 @@ rules = [
                  RULE_ADMIN_OR_NET_OWNER),
        description=('Rule for resource owner, '
                     'admin or network owner access')),
+    policy.RuleDefault(
+        'network_owner',
+        'tenant_id:%(network:tenant_id)s',
+        description='Rule for network owner access'),
    policy.RuleDefault(
        'admin_only',
        'rule:context_is_admin',
@ -133,6 +137,10 @@ rules = [
        policy_or('rule:context_is_admin',
                  'tenant_id:%(ext_parent:tenant_id)s'),
        description='Rule for common parent owner check'),
+    policy.RuleDefault(
+        'ext_parent_owner',
+        'tenant_id:%(ext_parent:tenant_id)s',
+        description='Rule for common parent owner check'),
 ]