openstack/neutron
Code Issues Proposed changes

Merge "Implement new policy rules NET_OWNER and PARENT_OWNER"

Browse Source
This commit is contained in:
Zuul 2021-03-08 10:12:55 +00:00 committed by Gerrit Code Review
commit b7c4a11158
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
neutron/conf/policies/base.py
View File

@ -111,6 +111,10 @@ rules = [
RULE_ADMIN_OR_NET_OWNER), RULE_ADMIN_OR_NET_OWNER),
description=('Rule for resource owner, ' description=('Rule for resource owner, '
'admin or network owner access')), 'admin or network owner access')),
policy.RuleDefault(
'network_owner',
'tenant_id:%(network:tenant_id)s',
description='Rule for network owner access'),
policy.RuleDefault( policy.RuleDefault(
'admin_only', 'admin_only',
'rule:context_is_admin', 'rule:context_is_admin',
@ -133,6 +137,10 @@ rules = [
policy_or('rule:context_is_admin', policy_or('rule:context_is_admin',
'tenant_id:%(ext_parent:tenant_id)s'), 'tenant_id:%(ext_parent:tenant_id)s'),
description='Rule for common parent owner check'), description='Rule for common parent owner check'),
policy.RuleDefault(
'ext_parent_owner',
'tenant_id:%(ext_parent:tenant_id)s',
description='Rule for common parent owner check'),
] ]