Implement new policy rules NET_OWNER and PARENT_OWNER

In commit [1] new policy rules NET_OWNER and PARENT_OWNER were introduced but I forgot define what those rules actually means. Now definition of those rules is actually added. [1] https://review.opendev.org/c/openstack/neutron/+/778391 Change-Id: Ie0d30a444720c8a0fec261a153898b19aab4ee62
2021-03-06 17:40:39 +01:00 · 2021-03-06 17:40:39 +01:00 · 067241b11b
commit 067241b11b
parent 77ee0847f5
1 changed files with 8 additions and 0 deletions
--- a/neutron/conf/policies/base.py
+++ b/neutron/conf/policies/base.py
@ -108,6 +108,10 @@ rules = [
                  RULE_ADMIN_OR_NET_OWNER),
        description=('Rule for resource owner, '
                     'admin or network owner access')),
+    policy.RuleDefault(
+        'network_owner',
+        'tenant_id:%(network:tenant_id)s',
+        description='Rule for network owner access'),
    policy.RuleDefault(
        'admin_only',
        'rule:context_is_admin',
@ -130,6 +134,10 @@ rules = [
        policy_or('rule:context_is_admin',
                  'tenant_id:%(ext_parent:tenant_id)s'),
        description='Rule for common parent owner check'),
+    policy.RuleDefault(
+        'ext_parent_owner',
+        'tenant_id:%(ext_parent:tenant_id)s',
+        description='Rule for common parent owner check'),
 ]