Use double quotes for string comparisons policies in glance
TripleO lays down policy check strings wrapped in single quotes, which will break if we don't escape them. This commit updates the policies to use double quotes so it's not an issue. Otherwise, if you deploy this file in an environment glance will throw 500s with the following error: expected <block end>, but found '<scalar>' in "<unicode string>", line 22, column 110: ... or project_id:%(member_id)s or 'community':%(visibility)s or 'pu ... Change-Id: I9315a1039246f3db10c3902583eb6ca51cffdba4
This commit is contained in:
parent
36d706d80d
commit
1cbd03a139
|
@ -1514,7 +1514,7 @@ parameter_defaults:
|
|||
value: "role:admin or (role:member and project_id:%(project_id)s)"
|
||||
glance-get_image:
|
||||
key: "get_image"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))'
|
||||
glance-get_images:
|
||||
key: "get_images"
|
||||
value: "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
|
@ -1529,7 +1529,7 @@ parameter_defaults:
|
|||
value: "role:admin or (role:member and project_id:%(project_id)s)"
|
||||
glance-download_image:
|
||||
key: "download_image"
|
||||
value: "role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or 'community':%(visibility)s or 'public':%(visibility)s or 'shared':%(visibility)s))"
|
||||
value: 'role:admin or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s or "community":%(visibility)s or "public":%(visibility)s or "shared":%(visibility)s))'
|
||||
glance-upload_image:
|
||||
key: "upload_image"
|
||||
value: "role:admin or (role:member and project_id:%(project_id)s)"
|
||||
|
@ -1592,7 +1592,7 @@ parameter_defaults:
|
|||
value: "role:admin"
|
||||
glance-get_metadef_namespace:
|
||||
key: "get_metadef_namespace"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-get_metadef_namespaces:
|
||||
key: "get_metadef_namespaces"
|
||||
value: "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
|
@ -1607,10 +1607,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_object:
|
||||
key: "get_metadef_object"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-get_metadef_objects:
|
||||
key: "get_metadef_objects"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-modify_metadef_object:
|
||||
key: "modify_metadef_object"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1622,10 +1622,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-list_metadef_resource_types:
|
||||
key: "list_metadef_resource_types"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-get_metadef_resource_type:
|
||||
key: "get_metadef_resource_type"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-add_metadef_resource_type_association:
|
||||
key: "add_metadef_resource_type_association"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1634,10 +1634,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_property:
|
||||
key: "get_metadef_property"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-get_metadef_properties:
|
||||
key: "get_metadef_properties"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-modify_metadef_property:
|
||||
key: "modify_metadef_property"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1649,10 +1649,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_tag:
|
||||
key: "get_metadef_tag"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-get_metadef_tags:
|
||||
key: "get_metadef_tags"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: 'role:admin or (role:reader and (project_id:%(project_id)s or "public":%(visibility)s))'
|
||||
glance-modify_metadef_tag:
|
||||
key: "modify_metadef_tag"
|
||||
value: "rule:metadef_admin"
|
||||
|
|
Loading…
Reference in New Issue