ab084d4d1d
As per the RBAC new direction, we will allow project resources operation to be performed by the project scoped token only and system user will be allowed to perform system level operation only not project resources specific. Details about new direction can be found in community-wide goal - https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html This commit modify remaining APIs as per the new guidelines. Also, allow all project admin to list the other project limits. This is what we allowed in legacy policy and until we have domain admin or other way to list other project resources/info, we will keep that behaviour. Also modifying and adding tests for four cases: 1. enforce_scope=False + legacy rule (current default policies) 2. enforce_scope=False + No legacy rule 3. enforce_scope=True + legacy rule 4. enforce_scope=True + no legacy rule (end goal of new RBAC) Partial implement blueprint policy-defaults-refresh-2 Change-Id: I006d47aa2f4678a06c78057bcf407302abbe4907 |
||
|---|---|---|
| .. | ||
| openstack | ||
| validation | ||
| __init__.py | ||
| test_auth.py | ||
| test_compute_req_id.py | ||
| test_wsgi.py | ||