Update git submodules
* Update neutron from branch 'master' to aef2f285e4f3cd379d16476698c85328e9a60551 - Merge "[S-RBAC] Fix policies for CUD subnets APIs" - [S-RBAC] Fix policies for CUD subnets APIs In new, secure RBAC policies for create subnet there was rule "ADMIN_OR_PROJECT_MEMBER" used and that was wrong as this rule is basically allows any member (PROJECT_MEMBER) create subnet in networks visible to them, not necessarily this project needs to be owner of that network. So it allowed users to create new subnets in the shared or provider networks as well. Now policy for create subnet is ADMIN OR NET_OWNER_MEMBER to avoid that. Additionally this patch also fixes policies for update and delete subnet APIs where there was rule NET_OWNER used and that effectively allowed to update or delete subnet to the network owner who has READER role only. Now this is also fixed by using NET_OWNER_MEMBER rule instead. Closes-Bug: #2023679 Change-Id: Ia494872b58f368581fb29fa40b7da17e1071db22
This commit is contained in:
parent
bbe709ee40
commit
8a8c712d53
2
neutron
2
neutron
|
@ -1 +1 @@
|
|||
Subproject commit 8887cdf5d3955021b4e9a51b7f88c75531650581
|
||||
Subproject commit aef2f285e4f3cd379d16476698c85328e9a60551
|
Loading…
Reference in New Issue