diff options
author | Zuul <zuul@review.opendev.org> | 2023-05-16 11:09:30 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-05-16 11:09:30 +0000 |
commit | 08a6168a07d4984611248ee6ab07e45f21974103 (patch) | |
tree | 14ede2d808a53f0242802099a94d5990d75737c8 | |
parent | 1864dd868459384e8f19ba413929a8c196877370 (diff) | |
parent | 876c681821db24cd8c8479790a302ab698c7c1d3 (diff) | |
download | neutron-stable/zed.tar.gz |
Merge "[S-RBAC] Get availability zone API available for READER role" into stable/zedstable/zed
-rw-r--r-- | neutron/conf/policies/availability_zone.py | 6 | ||||
-rw-r--r-- | neutron/tests/unit/conf/policies/test_availability_zone.py | 6 |
2 files changed, 5 insertions, 7 deletions
diff --git a/neutron/conf/policies/availability_zone.py b/neutron/conf/policies/availability_zone.py index faaea686d5..bd5e239d3b 100644 --- a/neutron/conf/policies/availability_zone.py +++ b/neutron/conf/policies/availability_zone.py @@ -22,7 +22,11 @@ DEPRECATION_REASON = ( rules = [ policy.DocumentedRuleDefault( name='get_availability_zone', - check_str=base.ADMIN, + # NOTE: it can't be ADMIN_OR_PROJECT_READER constant from the base + # module because that is using "project_id" in the check string and the + # availability_zone resource don't belongs to any project thus such + # check string would fail enforcement. + check_str='role:reader', description='List availability zones', operations=[ { diff --git a/neutron/tests/unit/conf/policies/test_availability_zone.py b/neutron/tests/unit/conf/policies/test_availability_zone.py index ad797da9b4..85d9679121 100644 --- a/neutron/tests/unit/conf/policies/test_availability_zone.py +++ b/neutron/tests/unit/conf/policies/test_availability_zone.py @@ -70,12 +70,6 @@ class ProjectMemberTests(AdminTests): super(ProjectMemberTests, self).setUp() self.context = self.project_member_ctx - def test_get_availability_zone(self): - self.assertRaises( - base_policy.PolicyNotAuthorized, - policy.enforce, - self.context, "get_availability_zone", self.target) - class ProjectReaderTests(ProjectMemberTests): |