openstack
/
neutron
Code Issues Proposed changes
neutron/neutron/conf/policies
History
Slawek Kaplonski de69a55378 Fix new API policies for RBAC 
During the migration to the new policies we set policy for
{create,update}_rbac_policy:target_tenant was allowed for all admin
users. That means that PROJECT_ADMIN was able to e.g. create RBAC policy
for the object which belongs to different tenant.
This patch fixes it as PROJECT_ADMIN should be only able to create or
update RBAC for own objects.

Related-blueprint: bp/secure-rbac-roles
Change-Id: Idd8bfd7075bb537cb8f0398a1e513e74f4ac5eef
 		2021-04-06 15:35:39 +02:00
..
__init__.py Allow sharing of address groups via RBAC mechanism 2021-03-01 18:28:31 -06:00
address_group.py Migrate address-group API to the new secure rbac rules 2021-03-25 14:02:25 +00:00
address_scope.py Modify create address scope policy rule and add UT for that API 2021-03-25 08:39:33 +00:00
agent.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
auto_allocated_topology.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
availability_zone.py Change new policy rules for availability zones API 2021-03-24 21:03:21 +00:00
base.py Add new policy rule SG_OWNER 2021-03-08 16:03:25 +01:00
flavor.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
floatingip.py Fix Floating IP policy rules 2021-04-01 10:25:34 +02:00
floatingip_pools.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
floatingip_port_forwarding.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
l3_conntrack_helper.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
logging.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
metering.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
network.py Fix new Network API policy rules 2021-04-01 13:23:35 +02:00
network_ip_availability.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
network_segment_range.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
port.py Fix create_port new API policy roles 2021-04-01 16:10:04 +02:00
qos.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
quotas.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
rbac.py Fix new API policies for RBAC 2021-04-06 15:35:39 +02:00
router.py Fix API policy rules for new personas 2021-04-01 17:00:59 +02:00
security_group.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
segment.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
service_type.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
subnet.py Move policy rules "deprecated_*" params to the DeprecatedRule 2021-03-18 21:31:56 +01:00
subnetpool.py Fix API policy rules for new personas 2021-04-01 17:00:59 +02:00
trunk.py Fix API policy rules for new personas 2021-04-01 17:00:59 +02:00