diff options
author | Zuul <zuul@review.opendev.org> | 2023-05-16 11:09:26 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-05-16 11:09:26 +0000 |
commit | 707331f7b83e2cffb3035d6cf6cfff45589c9179 (patch) | |
tree | 68c80023dac540fc5aab6f0c4e22f3fe7e9485b8 | |
parent | 05ff8ce3eeecbd981258864d324d3b011489df20 (diff) | |
parent | e7ccc75e0a41af5dd256ae564e7eb0f7b9473515 (diff) | |
download | neutron-stable/2023.1.tar.gz |
Merge "[S-RBAC] Get availability zone API available for READER role" into stable/2023.1stable/2023.1
-rw-r--r-- | neutron/conf/policies/availability_zone.py | 6 | ||||
-rw-r--r-- | neutron/tests/unit/conf/policies/test_availability_zone.py | 6 |
2 files changed, 5 insertions, 7 deletions
diff --git a/neutron/conf/policies/availability_zone.py b/neutron/conf/policies/availability_zone.py index faaea686d5..bd5e239d3b 100644 --- a/neutron/conf/policies/availability_zone.py +++ b/neutron/conf/policies/availability_zone.py @@ -22,7 +22,11 @@ DEPRECATION_REASON = ( rules = [ policy.DocumentedRuleDefault( name='get_availability_zone', - check_str=base.ADMIN, + # NOTE: it can't be ADMIN_OR_PROJECT_READER constant from the base + # module because that is using "project_id" in the check string and the + # availability_zone resource don't belongs to any project thus such + # check string would fail enforcement. + check_str='role:reader', description='List availability zones', operations=[ { diff --git a/neutron/tests/unit/conf/policies/test_availability_zone.py b/neutron/tests/unit/conf/policies/test_availability_zone.py index ad797da9b4..85d9679121 100644 --- a/neutron/tests/unit/conf/policies/test_availability_zone.py +++ b/neutron/tests/unit/conf/policies/test_availability_zone.py @@ -70,12 +70,6 @@ class ProjectMemberTests(AdminTests): super(ProjectMemberTests, self).setUp() self.context = self.project_member_ctx - def test_get_availability_zone(self): - self.assertRaises( - base_policy.PolicyNotAuthorized, - policy.enforce, - self.context, "get_availability_zone", self.target) - class ProjectReaderTests(ProjectMemberTests): |