Merge "Add new policy rules NET_OWNER and PARENT_OWNER"
This commit is contained in:
commit
cb64e3a19f
@ -78,6 +78,9 @@ SYSTEM_ADMIN_OR_PROJECT_MEMBER = (
|
|||||||
SYSTEM_OR_PROJECT_READER = (
|
SYSTEM_OR_PROJECT_READER = (
|
||||||
'(' + SYSTEM_READER + ') or (' + PROJECT_READER + ')')
|
'(' + SYSTEM_READER + ') or (' + PROJECT_READER + ')')
|
||||||
|
|
||||||
|
# Additional rules needed in Neutron
|
||||||
|
RULE_NET_OWNER = 'rule:network_owner'
|
||||||
|
RULE_PARENT_OWNER = 'rule:ext_parent_owner'
|
||||||
|
|
||||||
rules = [
|
rules = [
|
||||||
policy.RuleDefault(
|
policy.RuleDefault(
|
||||||
|
@ -41,7 +41,7 @@ rules = [
|
|||||||
name='create_subnet',
|
name='create_subnet',
|
||||||
check_str=base.policy_or(
|
check_str=base.policy_or(
|
||||||
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
base.RULE_ADMIN_OR_NET_OWNER),
|
base.RULE_NET_OWNER),
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
description='Create a subnet',
|
description='Create a subnet',
|
||||||
operations=ACTION_POST,
|
operations=ACTION_POST,
|
||||||
@ -111,7 +111,7 @@ rules = [
|
|||||||
name='update_subnet',
|
name='update_subnet',
|
||||||
check_str=base.policy_or(
|
check_str=base.policy_or(
|
||||||
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
base.RULE_ADMIN_OR_NET_OWNER),
|
base.RULE_NET_OWNER),
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
description='Update a subnet',
|
description='Update a subnet',
|
||||||
operations=ACTION_PUT,
|
operations=ACTION_PUT,
|
||||||
@ -149,7 +149,7 @@ rules = [
|
|||||||
name='delete_subnet',
|
name='delete_subnet',
|
||||||
check_str=base.policy_or(
|
check_str=base.policy_or(
|
||||||
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
base.SYSTEM_ADMIN_OR_PROJECT_MEMBER,
|
||||||
base.RULE_ADMIN_OR_NET_OWNER),
|
base.RULE_NET_OWNER),
|
||||||
scope_types=['system', 'project'],
|
scope_types=['system', 'project'],
|
||||||
description='Delete a subnet',
|
description='Delete a subnet',
|
||||||
operations=ACTION_DELETE,
|
operations=ACTION_DELETE,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user