Add a system-reader check string to base.py
This commit adds a new constant to base.py that models a common persona being implemented across OpenStack called system-reader. We can use this persona in future patches to update the default policies for the appropriate APIs. Change-Id: I12074fe328db71895bbdfda3c9e7c56cc6b6f40d
This commit is contained in:
parent
6edbdfa296
commit
12c41a0a73
|
@ -15,7 +15,14 @@ from oslo_policy import policy
|
|||
ROLE_ADMIN = 'role:admin'
|
||||
UNPROTECTED = ''
|
||||
|
||||
# This is a check string that represents a common persona for someone who has
|
||||
# read-only access to the deployment, ultimately a subset of authorization for
|
||||
# system users, or administrators.
|
||||
SYSTEM_READER = 'role:admin and system_scope:all'
|
||||
|
||||
rules = [
|
||||
# This can be removed once the deprecated policies in segregation.py have
|
||||
# been removed.
|
||||
policy.RuleDefault(
|
||||
name='context_is_admin',
|
||||
check_str=ROLE_ADMIN
|
||||
|
|
Loading…
Reference in New Issue