ba24a89998
This adds new defaults roles in vnf-package API policies. Backward compatibility: - Old Rules and Defaults will keep working as it is because they are added as deprecated rules and not removed. They are enabled by default. This means existing deployement will continue working in same way till deprecated rules are there and enabled by default. - Legacy/current admin stays same and no change in their access permission - Deprecation warning is added for old defaults so that operators will know that new defaults are available to opt-in. New defaults(project personas): - Add new defaults but they are disabled by defaults and operators can adopt them by enabling the oslo.policy config option. Basically add below in tacker.conf [oslo_policy] enforce_new_defaults=True - All GET (read only) APIs are default to PROJECT_READER_OR_ADMIN - Rest other APIs (write operations) are default to PROJECT_MEMBER_OR_ADMIN Adding tests also to check permissions of new defaults. Partial implement blueprint implement-project-personas Change-Id: Ic7f5a9cd5aa10d93dfa491e5e60befb1f4bf2fcd |
||
---|---|---|
.. | ||
__init__.py | ||
base.py | ||
vnf_lcm.py | ||
vnf_package.py |