c4618857b0
This patch should finally complete phase 1 of Secure RBAC community goal [1] where it was agreed that there will be just 4 personas: * ADMIN * PROJECT_ADMIN * PROJECT_MEMBER * PROJECT_READER System scope personas will be added in next phases of the community goal. To complete phase 1 in Neutron, this patch removes hardcoded system scope from the check strings in system scope personas - that way it can be controlled by the config option and enforced by oslo_policy only when enabled. It also skips all SYSTEM_MEMBER and SYSTEM_READER related unit tests. We can re-enable them in the future where we will have those personas working in Neutron. [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1 Change-Id: Iafa8ec1d9710ff404450ad0a64baf56a0f993756 |
||
---|---|---|
.. | ||
agent | ||
policies | ||
__init__.py |