diff options
author | Slawek Kaplonski <skaplons@redhat.com> | 2023-04-14 10:38:52 +0200 |
---|---|---|
committer | Slawek Kaplonski <skaplons@redhat.com> | 2023-04-17 17:31:20 +0200 |
commit | 6b5acb58357b94fad7c3868ab650726b922af51a (patch) | |
tree | c1a89fbb1bdb1e0fa157591ee78462764b426f85 /neutron/conf | |
parent | 18bc5b82a1d313a27411a9a88488f1cc306f0fee (diff) | |
download | neutron-6b5acb58357b94fad7c3868ab650726b922af51a.tar.gz |
[S-RBAC] Get availability zone API available for READER role
API call get_availability_zone should be available in new policies for
all users with READER role as this is kind of the same what was in the
old policies (ANY).
Closes-bug: #2016266
Change-Id: I8a99bc52bd815fb3395e902fc8f85cf5f187e288
Diffstat (limited to 'neutron/conf')
-rw-r--r-- | neutron/conf/policies/availability_zone.py | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/neutron/conf/policies/availability_zone.py b/neutron/conf/policies/availability_zone.py index 9f265dfab4..bb94f17f64 100644 --- a/neutron/conf/policies/availability_zone.py +++ b/neutron/conf/policies/availability_zone.py @@ -14,8 +14,6 @@ from neutron_lib import policy as neutron_policy from oslo_log import versionutils from oslo_policy import policy -from neutron.conf.policies import base - DEPRECATION_REASON = ( "The Availability Zone API now supports project scope and default roles.") @@ -23,7 +21,11 @@ DEPRECATION_REASON = ( rules = [ policy.DocumentedRuleDefault( name='get_availability_zone', - check_str=base.ADMIN, + # NOTE: it can't be ADMIN_OR_PROJECT_READER constant from the base + # module because that is using "project_id" in the check string and the + # availability_zone resource don't belongs to any project thus such + # check string would fail enforcement. + check_str='role:reader', description='List availability zones', operations=[ { |