Fix Floating IP policy rules
During migration to the new secure API rules of the Floating IP API we made some mistakes. This patch fixes it by: * allow SYSTEM_ADMIN to create floating IPs, * fix wrong name of the deprecated rule for update and delete floating IP Related-blueprint: bp/secure-rbac-roles Change-Id: Idba1cf4949f089deb9cc54a6648ec795c59a7377
This commit is contained in:
parent
3cbe340846
commit
dd6cd3fb8a
|
@ -25,7 +25,7 @@ DEPRECATION_REASON = (
|
|||
rules = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='create_floatingip',
|
||||
check_str=base.PROJECT_MEMBER,
|
||||
check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||
description='Create a floating IP',
|
||||
operations=[
|
||||
{
|
||||
|
@ -90,7 +90,7 @@ rules = [
|
|||
],
|
||||
scope_types=['system', 'project'],
|
||||
deprecated_rule=policy.DeprecatedRule(
|
||||
name='create_floatingip',
|
||||
name='update_floatingip',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
deprecated_reason=DEPRECATION_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY)
|
||||
|
@ -107,7 +107,7 @@ rules = [
|
|||
],
|
||||
scope_types=['system', 'project'],
|
||||
deprecated_rule=policy.DeprecatedRule(
|
||||
name='create_floatingip',
|
||||
name='delete_floatingip',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
deprecated_reason=DEPRECATION_REASON,
|
||||
deprecated_since=versionutils.deprecated.WALLABY)
|
||||
|
|
Loading…
Reference in New Issue