diff --git a/environments/enable-secure-rbac.yaml b/environments/enable-secure-rbac.yaml index 0f03652766..61a0c8baef 100644 --- a/environments/enable-secure-rbac.yaml +++ b/environments/enable-secure-rbac.yaml @@ -1535,13 +1535,13 @@ parameter_defaults: value: "role:admin or (role:member and project_id:%(project_id)s)" glance-get_member: key: "get_member" - value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)" + value: "role:admin or (role:reader and project_id:%(project_id)s)" glance-get_members: key: "get_members" - value: "role:admin or role:reader and (project_id:%(project_id)s or project_id:%(member_id)s)" + value: "role:admin or (role:reader and project_id:%(project_id)s)" glance-modify_member: key: "modify_member" - value: "role:admin or (role:member and project_id:%(member_id)s)" + value: "role:admin or (role:member and project_id:%(project_id)s)" glance-manage_image_cache: key: "manage_image_cache" value: "role:admin" @@ -1577,10 +1577,10 @@ parameter_defaults: value: "role:admin" glance-get_metadef_namespace: key: "get_metadef_namespace" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-get_metadef_namespaces: key: "get_metadef_namespaces" - value: "role:admin or (role:reader and project_id:%(project_id)s)" + value: "rule:metadef_default" glance-modify_metadef_namespace: key: "modify_metadef_namespace" value: "rule:metadef_admin" @@ -1592,10 +1592,10 @@ parameter_defaults: value: "rule:metadef_admin" glance-get_metadef_object: key: "get_metadef_object" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-get_metadef_objects: key: "get_metadef_objects" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-modify_metadef_object: key: "modify_metadef_object" value: "rule:metadef_admin" @@ -1607,10 +1607,10 @@ parameter_defaults: value: "rule:metadef_admin" glance-list_metadef_resource_types: key: "list_metadef_resource_types" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-get_metadef_resource_type: key: "get_metadef_resource_type" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-add_metadef_resource_type_association: key: "add_metadef_resource_type_association" value: "rule:metadef_admin" @@ -1619,10 +1619,10 @@ parameter_defaults: value: "rule:metadef_admin" glance-get_metadef_property: key: "get_metadef_property" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-get_metadef_properties: key: "get_metadef_properties" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-modify_metadef_property: key: "modify_metadef_property" value: "rule:metadef_admin" @@ -1634,10 +1634,10 @@ parameter_defaults: value: "rule:metadef_admin" glance-get_metadef_tag: key: "get_metadef_tag" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-get_metadef_tags: key: "get_metadef_tags" - value: "role:admin or (role:reader and (project_id:%(project_id)s or 'public':%(visibility)s))" + value: "rule:metadef_default" glance-modify_metadef_tag: key: "modify_metadef_tag" value: "rule:metadef_admin"