Merge "Add new policy rules NET_OWNER and PARENT_OWNER"

2021-03-04 22:50:36 +00:00 · 2021-03-04 22:50:36 +00:00 · cb64e3a19f
parent 3ce1ca690c 9c2f0bba61
commit cb64e3a19f
2 changed files with 6 additions and 3 deletions
--- a/neutron/conf/policies/base.py
+++ b/neutron/conf/policies/base.py
@ -78,6 +78,9 @@ SYSTEM_ADMIN_OR_PROJECT_MEMBER = (
 SYSTEM_OR_PROJECT_READER = (
    '(' + SYSTEM_READER + ') or (' + PROJECT_READER + ')')

+# Additional rules needed in Neutron
+RULE_NET_OWNER = 'rule:network_owner'
+RULE_PARENT_OWNER = 'rule:ext_parent_owner'

 rules = [
    policy.RuleDefault(
--- a/neutron/conf/policies/subnet.py
+++ b/neutron/conf/policies/subnet.py
@ -41,7 +41,7 @@ rules = [
        name='create_subnet',
        check_str=base.policy_or(
            base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_ADMIN_OR_NET_OWNER),
+            base.RULE_NET_OWNER),
        scope_types=['system', 'project'],
        description='Create a subnet',
        operations=ACTION_POST,
@ -111,7 +111,7 @@ rules = [
        name='update_subnet',
        check_str=base.policy_or(
            base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_ADMIN_OR_NET_OWNER),
+            base.RULE_NET_OWNER),
        scope_types=['system', 'project'],
        description='Update a subnet',
        operations=ACTION_PUT,
@ -149,7 +149,7 @@ rules = [
        name='delete_subnet',
        check_str=base.policy_or(
            base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_ADMIN_OR_NET_OWNER),
+            base.RULE_NET_OWNER),
        scope_types=['system', 'project'],
        description='Delete a subnet',
        operations=ACTION_DELETE,