Merge "[S-RBAC] Get QoS rule types API available for READER role"

author: Zuul <zuul@review.opendev.org> 2023-05-16 12:02:28 +0000
committer: Gerrit Code Review <review@openstack.org> 2023-05-16 12:02:28 +0000
commit: ae4084c1735f63de7fc685ee51502f5d0d9db67c (patch)
tree: 1404a3b6463941fb5893c2a3101f720e109e476d /neutron/conf
parent: a06b44e12da4ab8fb037b34593f33c4df7dbafa1 (diff)
parent: 01de74dedfdc306b0331aae4f970f0c5bca5cb48 (diff)
download: neutron-ae4084c1735f63de7fc685ee51502f5d0d9db67c.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/neutron/conf/policies/qos.py b/neutron/conf/policies/qos.py
index 2fc9d0975c..c507a7bdb9 100644
--- a/neutron/conf/policies/qos.py
+++ b/neutron/conf/policies/qos.py
@@ -104,7 +104,11 @@ rules = [
 
     policy.DocumentedRuleDefault(
         name='get_rule_type',
-        check_str=base.ADMIN,
+        # NOTE(ralonsoh): it can't be ADMIN_OR_PROJECT_READER constant from the
+        # base module because that is using "project_id" in the check string
+        # and the rule type resource don't belongs to any project thus such
+        # check string would fail enforcement.
+        check_str='role:reader',
         scope_types=['project'],
         description='Get available QoS rule types',
         operations=[
author	Zuul <zuul@review.opendev.org>	2023-05-16 12:02:28 +0000
committer	Gerrit Code Review <review@openstack.org>	2023-05-16 12:02:28 +0000
commit	ae4084c1735f63de7fc685ee51502f5d0d9db67c (patch)
tree	1404a3b6463941fb5893c2a3101f720e109e476d /neutron/conf
parent	a06b44e12da4ab8fb037b34593f33c4df7dbafa1 (diff)
parent	01de74dedfdc306b0331aae4f970f0c5bca5cb48 (diff)
download	neutron-ae4084c1735f63de7fc685ee51502f5d0d9db67c.tar.gz