Fix Floating IP policy rules
During migration to the new secure API rules of the Floating IP API we
made some mistakes. This patch fixes it by:
* allow SYSTEM_ADMIN to create floating IPs,
* fix wrong name of the deprecated rule for update and delete floating
IP
Related-blueprint: bp/secure-rbac-roles
Change-Id: Idba1cf4949f089deb9cc54a6648ec795c59a7377
(cherry picked from commit dd6cd3fb8a
)
This commit is contained in:
parent
fec9d8f073
commit
ca78bf4a6b
|
@ -25,7 +25,7 @@ DEPRECATION_REASON = (
|
||||||
rules = [
|
rules = [
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
name='create_floatingip',
|
name='create_floatingip',
|
||||||
check_str=base.PROJECT_MEMBER,
|
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
description='Create a floating IP',
|
description='Create a floating IP',
|
||||||
operations=[
|
operations=[
|
||||||
{
|
{
|
||||||
|
@ -90,7 +90,7 @@ rules = [
|
||||||
],
|
],
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
deprecated_rule=policy.DeprecatedRule(
|
deprecated_rule=policy.DeprecatedRule(
|
||||||
name='create_floatingip',
|
name='update_floatingip',
|
||||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
deprecated_reason=DEPRECATION_REASON,
|
deprecated_reason=DEPRECATION_REASON,
|
||||||
deprecated_since=versionutils.deprecated.WALLABY)
|
deprecated_since=versionutils.deprecated.WALLABY)
|
||||||
|
@ -107,7 +107,7 @@ rules = [
|
||||||
],
|
],
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
deprecated_rule=policy.DeprecatedRule(
|
deprecated_rule=policy.DeprecatedRule(
|
||||||
name='create_floatingip',
|
name='delete_floatingip',
|
||||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||||
deprecated_reason=DEPRECATION_REASON,
|
deprecated_reason=DEPRECATION_REASON,
|
||||||
deprecated_since=versionutils.deprecated.WALLABY)
|
deprecated_since=versionutils.deprecated.WALLABY)
|
||||||
|
|
Loading…
Reference in New Issue