Skip to content

Commit 399eacb

Browse files
Zuulopenstack-gerrit
Zuul
authored and
openstack-gerrit
committed
Merge "Reorder subnet RBAC policy check strings" into stable/2024.1
2 parents 346d433 + f25cc2f commit 399eacb

File tree

1 file changed

+16
-10
lines changed

1 file changed

+16
-10
lines changed

neutron/conf/policies/subnet.py

Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -95,17 +95,19 @@
9595
policy.DocumentedRuleDefault(
9696
name='get_subnet',
9797
check_str=neutron_policy.policy_or(
98-
base.ADMIN_OR_NET_OWNER_MEMBER,
9998
base.PROJECT_READER,
100-
'rule:shared'),
99+
'rule:shared',
100+
base.ADMIN_OR_NET_OWNER_MEMBER,
101+
),
101102
scope_types=['project'],
102103
description='Get a subnet',
103104
operations=ACTION_GET,
104105
deprecated_rule=policy.DeprecatedRule(
105106
name='get_subnet',
106107
check_str=neutron_policy.policy_or(
108+
'rule:shared',
107109
neutron_policy.RULE_ADMIN_OR_OWNER,
108-
'rule:shared'),
110+
),
109111
deprecated_reason=DEPRECATED_REASON,
110112
deprecated_since=versionutils.deprecated.WALLABY)
111113
),
@@ -124,18 +126,19 @@
124126
policy.DocumentedRuleDefault(
125127
name='get_subnets_tags',
126128
check_str=neutron_policy.policy_or(
127-
base.ADMIN_OR_NET_OWNER_MEMBER,
128129
base.PROJECT_READER,
129-
'rule:shared'),
130+
'rule:shared',
131+
base.ADMIN_OR_NET_OWNER_MEMBER,
132+
),
130133
scope_types=['project'],
131134
description='Get the subnet tags',
132135
operations=ACTION_GET_TAGS,
133136
),
134137
policy.DocumentedRuleDefault(
135138
name='update_subnet',
136139
check_str=neutron_policy.policy_or(
137-
base.ADMIN_OR_NET_OWNER_MEMBER,
138-
base.PROJECT_MEMBER),
140+
base.PROJECT_MEMBER,
141+
base.ADMIN_OR_NET_OWNER_MEMBER),
139142
scope_types=['project'],
140143
description='Update a subnet',
141144
operations=ACTION_PUT,
@@ -172,17 +175,19 @@
172175
policy.DocumentedRuleDefault(
173176
name='update_subnets_tags',
174177
check_str=neutron_policy.policy_or(
178+
base.PROJECT_MEMBER,
175179
base.ADMIN_OR_NET_OWNER_MEMBER,
176-
base.PROJECT_MEMBER),
180+
),
177181
scope_types=['project'],
178182
description='Update the subnet tags',
179183
operations=ACTION_PUT_TAGS,
180184
),
181185
policy.DocumentedRuleDefault(
182186
name='delete_subnet',
183187
check_str=neutron_policy.policy_or(
188+
base.PROJECT_MEMBER,
184189
base.ADMIN_OR_NET_OWNER_MEMBER,
185-
base.PROJECT_MEMBER),
190+
),
186191
scope_types=['project'],
187192
description='Delete a subnet',
188193
operations=ACTION_DELETE,
@@ -195,8 +200,9 @@
195200
policy.DocumentedRuleDefault(
196201
name='delete_subnets_tags',
197202
check_str=neutron_policy.policy_or(
203+
base.PROJECT_MEMBER,
198204
base.ADMIN_OR_NET_OWNER_MEMBER,
199-
base.PROJECT_MEMBER),
205+
),
200206
scope_types=['project'],
201207
description='Delete the subnet tags',
202208
operations=ACTION_DELETE_TAGS,

0 commit comments

Comments
 (0)