Merge "[S-RBAC] Fix new policies for FIP PFs APIs" into stable/zed

Author: Zuul

neutron/conf/policies/floatingip_port_forwarding.py

@@ -29,9 +29,7 @@
 rules = [
     policy.DocumentedRuleDefault(
         name='create_floatingip_port_forwarding',
-        check_str=base.policy_or(
-            base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+        check_str=base.ADMIN_OR_PARENT_OWNER_MEMBER,
         scope_types=['project'],
         description='Create a floating IP port forwarding',
         operations=[
@@ -48,9 +46,7 @@
     ),
     policy.DocumentedRuleDefault(
         name='get_floatingip_port_forwarding',
-        check_str=base.policy_or(
-            base.ADMIN_OR_PROJECT_READER,
-            base.RULE_PARENT_OWNER),
+        check_str=base.ADMIN_OR_PARENT_OWNER_READER,
         scope_types=['project'],
         description='Get a floating IP port forwarding',
         operations=[
@@ -71,9 +67,7 @@
     ),
     policy.DocumentedRuleDefault(
         name='update_floatingip_port_forwarding',
-        check_str=base.policy_or(
-            base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+        check_str=base.ADMIN_OR_PARENT_OWNER_MEMBER,
         scope_types=['project'],
         description='Update a floating IP port forwarding',
         operations=[
@@ -90,9 +84,7 @@
     ),
     policy.DocumentedRuleDefault(
         name='delete_floatingip_port_forwarding',
-        check_str=base.policy_or(
-            base.ADMIN_OR_PROJECT_MEMBER,
-            base.RULE_PARENT_OWNER),
+        check_str=base.ADMIN_OR_PARENT_OWNER_MEMBER,
         scope_types=['project'],
         description='Delete a floating IP port forwarding',
         operations=[