[Wallaby-Only]Fix glance SRBAC policies
The change[1] had added some default policies for all the services, and backported as it is in Wallaby, but in glance, SRBAC project-persona support for few apis was added/updated in Xena cycle. This commit fixes secure-rbac policy overrides so that they work with wallaby glance policies. [1]: I9957243d307758f56b84cde3a408006d8161fa41 Change-Id: I899edff51233e61609071b340ab9eb05ed6e398a
This commit is contained in:
parent
525ceb736d
commit
4b12b608af
|
@ -1535,13 +1535,13 @@ parameter_defaults:
|
|||
value: "role:admin or (role:member and project_id:%(project_id)s)"
|
||||
glance-get_member:
|
||||
key: "get_member"
|
||||
value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
||||
value: "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
glance-get_members:
|
||||
key: "get_members"
|
||||
value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
|
||||
value: "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
glance-modify_member:
|
||||
key: "modify_member"
|
||||
value: "role:admin or (role:member and project_id:%(member_id)s)"
|
||||
value: "role:admin or (role:member and project_id:%(project_id)s)"
|
||||
glance-manage_image_cache:
|
||||
key: "manage_image_cache"
|
||||
value: "role:admin"
|
||||
|
@ -1577,10 +1577,10 @@ parameter_defaults:
|
|||
value: "role:admin"
|
||||
glance-get_metadef_namespace:
|
||||
key: "get_metadef_namespace"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-get_metadef_namespaces:
|
||||
key: "get_metadef_namespaces"
|
||||
value: "role:admin or (role:reader and project_id:%(project_id)s)"
|
||||
value: "rule:metadef_default"
|
||||
glance-modify_metadef_namespace:
|
||||
key: "modify_metadef_namespace"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1592,10 +1592,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_object:
|
||||
key: "get_metadef_object"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-get_metadef_objects:
|
||||
key: "get_metadef_objects"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-modify_metadef_object:
|
||||
key: "modify_metadef_object"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1607,10 +1607,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-list_metadef_resource_types:
|
||||
key: "list_metadef_resource_types"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-get_metadef_resource_type:
|
||||
key: "get_metadef_resource_type"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-add_metadef_resource_type_association:
|
||||
key: "add_metadef_resource_type_association"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1619,10 +1619,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_property:
|
||||
key: "get_metadef_property"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-get_metadef_properties:
|
||||
key: "get_metadef_properties"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-modify_metadef_property:
|
||||
key: "modify_metadef_property"
|
||||
value: "rule:metadef_admin"
|
||||
|
@ -1634,10 +1634,10 @@ parameter_defaults:
|
|||
value: "rule:metadef_admin"
|
||||
glance-get_metadef_tag:
|
||||
key: "get_metadef_tag"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-get_metadef_tags:
|
||||
key: "get_metadef_tags"
|
||||
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
|
||||
value: "rule:metadef_default"
|
||||
glance-modify_metadef_tag:
|
||||
key: "modify_metadef_tag"
|
||||
value: "rule:metadef_admin"
|
||||
|
|
Loading…
Reference in New Issue