openstack/neutron
Code Issues Proposed changes
2ae623b2b4
neutron/releasenotes/notes/default-security-group-rules-policies-b6e350477c88edd8.yaml
Rodolfo Alonso Hernandez 96223931ca Create a policy rule to control if a rule belongs to the default SG 
The policy rule ``shared_security_group`` allows to create new policy
rules checking if a security group rule belongs or not to the project
default security group.

By default the behaviour has not changed. If an administrator wants
to prevent a non-privileged user from creating or deleting rules in the
default security group, the ``create_security_group_rule`` and
``delete_security_group_rule`` can be overriden. An example is provided
in the unit tests.

Closes-Bug: #2019960

Change-Id: I6c90b61df0e726ef07f177801069baf30c49de67
2023-10-09 14:11:55 +00:00

8 lines
323 B
YAML
Raw Blame History

---
features:
- |
A new policy rule check ``rule_default_sg`` has been added. This rule
allows to check if a security group rule belongs or not to the project
default security group. The administrator can override the rule creation
and rule deletion, disallowing a non-privileged user from these actions.
View Git Blame Copy Permalink