e00ebee053
In case when user's security group contains rules created e.g.
by admin, and such rules has got admin's tenant as tenant_id,
owner of security group should be able to see those rules.
Some time ago this was addressed for request:
GET /v2.0/security-groups/<sec_group_id>
But it is also required to behave in same way for
GET /v2.0/security-group-rules
So this patch fixes this behaviour for listing of security
group rules.
To achieve that this patch also adds new policy rule:
ADMIN_OWNER_OR_SG_OWNER which is similar to already existing
ADMIN_OWNER_OR_NETWORK_OWNER used e.g. for listing or creating
ports.
Conflicts:
etc/policy.json
neutron/policy.py
Change-Id: I09114712582d2d38d14cf1683b87a8ce3a8e8c3c
Closes-Bug: #1824248
(cherry picked from commit b898d2e3c0)
(cherry picked from commit 36d1086569)
7 lines
244 B
YAML
7 lines
244 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Owners of security groups now see all security group rules which belong to
|
|
the security group, even if the rule was created by the admin user.
|
|
Fixes bug `1824248 <https://bugs.launchpad.net/neutron/+bug/1824248>`_.
|