x
/
vmware-nsx
Code Issues Proposed changes

Prevent non-admin user specifying port's provider-security-groups 

This is controlled via policy.json file, adding the relevant rules.

Change-Id: I79e14418909a4e03f87ab3f2ad02945160daa43d
(cherry picked from commit e14b697cab)
This commit is contained in:
Roey Chen 2017-03-28 02:16:58 -07:00 committed by garyk
parent 1a821c7a4b
commit 36130e4387
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/policy.json
View File

@ -45,6 +45,7 @@
"create_port:binding:host_id": "rule:admin_only",
"create_port:binding:profile": "rule:admin_only",
"create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
"create_port:provider_security_groups": "rule:admin_only",
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
"get_port:queue_id": "rule:admin_only",
"get_port:binding:vif_type": "rule:admin_only",
@ -57,6 +58,7 @@
"update_port:binding:host_id": "rule:admin_only",
"update_port:binding:profile": "rule:admin_only",
"update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
"update_port:provider_security_groups": "rule:admin_only",
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
"get_router:ha": "rule:admin_only",