Merge "[Secure RBAC] Fix policy to get flavors" into stable/zed

neutron/conf/policies/flavor.py

@@ -47,7 +47,11 @@ rules = [
     ),
     policy.DocumentedRuleDefault(
         name='get_flavor',
-        check_str=base.ADMIN_OR_PROJECT_READER,
+        # NOTE: it can't be ADMIN_OR_PROJECT_READER constant from the base
+        # module because that is using "project_id" in the check string and the
+        # service_provider resource don't belongs to any project thus such
+        # check string would fail enforcement.
+        check_str='role:reader',
         description='Get a flavor',
         operations=[
             {

neutron/tests/unit/conf/policies/test_flavor.py

@@ -23,7 +23,7 @@ class FlavorAPITestCase(base.PolicyBaseTestCase):
 
     def setUp(self):
         super(FlavorAPITestCase, self).setUp()
-        self.target = {'project_id': self.project_id}
+        self.target = {}
 
 
 class SystemAdminTests(FlavorAPITestCase):