Fix Floating IP policy rules

During migration to the new secure API rules of the Floating IP API we made some mistakes. This patch fixes it by: * allow SYSTEM_ADMIN to create floating IPs, * fix wrong name of the deprecated rule for update and delete floating IP Related-blueprint: bp/secure-rbac-roles Change-Id: Idba1cf4949f089deb9cc54a6648ec795c59a7377
2021-04-01 10:25:34 +02:00 · 2021-04-01 10:25:34 +02:00 · dd6cd3fb8a
parent 3cbe340846
commit dd6cd3fb8a
1 changed files with 3 additions and 3 deletions
--- a/neutron/conf/policies/floatingip.py
+++ b/neutron/conf/policies/floatingip.py
@ -25,7 +25,7 @@ DEPRECATION_REASON = (
 rules = [
    policy.DocumentedRuleDefault(
        name='create_floatingip',
-        check_str=base.PROJECT_MEMBER,
+        check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
        description='Create a floating IP',
        operations=[
            {
@ -90,7 +90,7 @@ rules = [
        ],
        scope_types=['system', 'project'],
        deprecated_rule=policy.DeprecatedRule(
-            name='create_floatingip',
+            name='update_floatingip',
            check_str=base.RULE_ADMIN_OR_OWNER,
            deprecated_reason=DEPRECATION_REASON,
            deprecated_since=versionutils.deprecated.WALLABY)
@ -107,7 +107,7 @@ rules = [
        ],
        scope_types=['system', 'project'],
        deprecated_rule=policy.DeprecatedRule(
-            name='create_floatingip',
+            name='delete_floatingip',
            check_str=base.RULE_ADMIN_OR_OWNER,
            deprecated_reason=DEPRECATION_REASON,
            deprecated_since=versionutils.deprecated.WALLABY)