openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "[Wallaby-Only]Fix glance SRBAC policies" into stable/wallaby

This commit is contained in:
Zuul 2022-08-02 14:24:42 +00:00 committed by Gerrit Code Review
parent b3003411ee 4b12b608af
commit 6b6fa43a53
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
environments/enable-secure-rbac.yaml
View File

@ -1535,13 +1535,13 @@ parameter_defaults:
value: "role:admin or (role:member and project_id:%(project_id)s)"
glance-get_member:
key: "get_member"
value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
value: "role:admin or (role:reader and project_id:%(project_id)s)"
glance-get_members:
key: "get_members"
value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)"
value: "role:admin or (role:reader and project_id:%(project_id)s)"
glance-modify_member:
key: "modify_member"
value: "role:admin or (role:member and project_id:%(member_id)s)"
value: "role:admin or (role:member and project_id:%(project_id)s)"
glance-manage_image_cache:
key: "manage_image_cache"
value: "role:admin"
@ -1577,10 +1577,10 @@ parameter_defaults:
value: "role:admin"
glance-get_metadef_namespace:
key: "get_metadef_namespace"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-get_metadef_namespaces:
key: "get_metadef_namespaces"
value: "role:admin or (role:reader and project_id:%(project_id)s)"
value: "rule:metadef_default"
glance-modify_metadef_namespace:
key: "modify_metadef_namespace"
value: "rule:metadef_admin"
@ -1592,10 +1592,10 @@ parameter_defaults:
value: "rule:metadef_admin"
glance-get_metadef_object:
key: "get_metadef_object"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-get_metadef_objects:
key: "get_metadef_objects"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-modify_metadef_object:
key: "modify_metadef_object"
value: "rule:metadef_admin"
@ -1607,10 +1607,10 @@ parameter_defaults:
value: "rule:metadef_admin"
glance-list_metadef_resource_types:
key: "list_metadef_resource_types"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-get_metadef_resource_type:
key: "get_metadef_resource_type"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-add_metadef_resource_type_association:
key: "add_metadef_resource_type_association"
value: "rule:metadef_admin"
@ -1619,10 +1619,10 @@ parameter_defaults:
value: "rule:metadef_admin"
glance-get_metadef_property:
key: "get_metadef_property"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-get_metadef_properties:
key: "get_metadef_properties"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-modify_metadef_property:
key: "modify_metadef_property"
value: "rule:metadef_admin"
@ -1634,10 +1634,10 @@ parameter_defaults:
value: "rule:metadef_admin"
glance-get_metadef_tag:
key: "get_metadef_tag"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-get_metadef_tags:
key: "get_metadef_tags"
value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))"
value: "rule:metadef_default"
glance-modify_metadef_tag:
key: "modify_metadef_tag"
value: "rule:metadef_admin"