Remove redundant policy check from security_group_default_rule
We add check in security_group_default_rules, user is not necessary to be authorized to security_groups in order to access security_group_default_rules. Then this patch removes the security_groups policy check from security_group_default_rules. This is related to bp nova-api-policy-final-part DocImpact UpgradeImpact Change-Id: I221d1056b0101fc5c909222d9cac6739fd106e3f
This commit is contained in:
parent
5cdcf7dede
commit
92807d6638
|
@ -35,7 +35,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
|
||||
@extensions.expected_errors((400, 409, 501))
|
||||
def create(self, req, body):
|
||||
context = sg._authorize_context(req)
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
sg_rule = self._from_body(body, 'security_group_default_rule')
|
||||
|
@ -72,7 +72,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
|
||||
@extensions.expected_errors((400, 404, 501))
|
||||
def show(self, req, id):
|
||||
context = sg._authorize_context(req)
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
try:
|
||||
|
@ -91,7 +91,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
@extensions.expected_errors((400, 404, 501))
|
||||
@wsgi.response(204)
|
||||
def delete(self, req, id):
|
||||
context = sg._authorize_context(req)
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
try:
|
||||
|
@ -107,8 +107,7 @@ class SecurityGroupDefaultRulesController(sg.SecurityGroupControllerBase):
|
|||
|
||||
@extensions.expected_errors((404, 501))
|
||||
def index(self, req):
|
||||
|
||||
context = sg._authorize_context(req)
|
||||
context = req.environ['nova.context']
|
||||
authorize(context)
|
||||
|
||||
ret = {'security_group_default_rules': []}
|
||||
|
|
|
@ -379,7 +379,7 @@ class SecurityGroupDefaultRulesPolicyEnforcementV21(test.NoDBTestCase):
|
|||
self.req = fakes.HTTPRequest.blank('')
|
||||
|
||||
def _common_policy_check(self, func, *arg, **kwarg):
|
||||
rule_name = "os_compute_api:os-security-groups"
|
||||
rule_name = "os_compute_api:os-security-group-default-rules"
|
||||
rule = {rule_name: "project:non_fake"}
|
||||
self.policy.set_rules(rule)
|
||||
exc = self.assertRaises(
|
||||
|
|
Loading…
Reference in New Issue