Remove empty rules from policies for API access
Empty policy rule means that API method is allowed by anybody. Default rule is used only if such rule is not defined in policy.json. This patch changes empty rules to admin_api or admin_or_owner. Closes-Bug: #1477621 Closes-Bug: #1491495 Change-Id: I512e65e62da7dab5834a21ef9fd967ed6e9bb695
This commit is contained in:
parent
19cee43def
commit
e065e70a69
|
@ -6,36 +6,36 @@
|
|||
"admin_api": "is_admin:True",
|
||||
|
||||
"volume:create": "",
|
||||
"volume:delete": "",
|
||||
"volume:delete": "rule:admin_or_owner",
|
||||
"volume:get": "rule:admin_or_owner",
|
||||
"volume:get_all": "",
|
||||
"volume:get_volume_metadata": "",
|
||||
"volume:delete_volume_metadata": "",
|
||||
"volume:update_volume_metadata": "",
|
||||
"volume:get_all": "rule:admin_or_owner",
|
||||
"volume:get_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:delete_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:update_volume_metadata": "rule:admin_or_owner",
|
||||
"volume:get_volume_admin_metadata": "rule:admin_api",
|
||||
"volume:update_volume_admin_metadata": "rule:admin_api",
|
||||
"volume:get_snapshot": "",
|
||||
"volume:get_all_snapshots": "",
|
||||
"volume:delete_snapshot": "",
|
||||
"volume:update_snapshot": "",
|
||||
"volume:extend": "",
|
||||
"volume:update_readonly_flag": "",
|
||||
"volume:retype": "",
|
||||
"volume:update": "",
|
||||
"volume:get_snapshot": "rule:admin_or_owner",
|
||||
"volume:get_all_snapshots": "rule:admin_or_owner",
|
||||
"volume:delete_snapshot": "rule:admin_or_owner",
|
||||
"volume:update_snapshot": "rule:admin_or_owner",
|
||||
"volume:extend": "rule:admin_or_owner",
|
||||
"volume:update_readonly_flag": "rule:admin_or_owner",
|
||||
"volume:retype": "rule:admin_or_owner",
|
||||
"volume:update": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:types_manage": "rule:admin_api",
|
||||
"volume_extension:types_extra_specs": "rule:admin_api",
|
||||
"volume_extension:volume_type_access": "",
|
||||
"volume_extension:volume_type_access": "rule:admin_or_owner",
|
||||
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",
|
||||
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",
|
||||
"volume_extension:volume_type_encryption": "rule:admin_api",
|
||||
"volume_extension:volume_encryption_metadata": "rule:admin_or_owner",
|
||||
"volume_extension:extended_snapshot_attributes": "",
|
||||
"volume_extension:volume_image_metadata": "",
|
||||
"volume_extension:extended_snapshot_attributes": "rule:admin_or_owner",
|
||||
"volume_extension:volume_image_metadata": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:quotas:show": "",
|
||||
"volume_extension:quotas:show": "rule:admin_api",
|
||||
"volume_extension:quotas:update": "rule:admin_api",
|
||||
"volume_extension:quota_classes": "",
|
||||
"volume_extension:quota_classes": "rule:admin_api",
|
||||
|
||||
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",
|
||||
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",
|
||||
|
@ -51,7 +51,7 @@
|
|||
"volume_extension:volume_tenant_attribute": "rule:admin_or_owner",
|
||||
"volume_extension:volume_mig_status_attribute": "rule:admin_api",
|
||||
"volume_extension:hosts": "rule:admin_api",
|
||||
"volume_extension:services:index": "",
|
||||
"volume_extension:services:index": "rule:admin_api",
|
||||
"volume_extension:services:update" : "rule:admin_api",
|
||||
|
||||
"volume_extension:volume_manage": "rule:admin_api",
|
||||
|
@ -59,10 +59,10 @@
|
|||
|
||||
"volume_extension:capabilities": "rule:admin_api",
|
||||
|
||||
"volume:create_transfer": "",
|
||||
"volume:create_transfer": "rule:admin_or_owner",
|
||||
"volume:accept_transfer": "",
|
||||
"volume:delete_transfer": "",
|
||||
"volume:get_all_transfers": "",
|
||||
"volume:delete_transfer": "rule:admin_or_owner",
|
||||
"volume:get_all_transfers": "rule:admin_or_owner",
|
||||
|
||||
"volume_extension:replication:promote": "rule:admin_api",
|
||||
"volume_extension:replication:reenable": "rule:admin_api",
|
||||
|
@ -73,10 +73,10 @@
|
|||
"volume:list_replication_targets": "rule:admin_api",
|
||||
|
||||
"backup:create" : "",
|
||||
"backup:delete": "",
|
||||
"backup:get": "",
|
||||
"backup:get_all": "",
|
||||
"backup:restore": "",
|
||||
"backup:delete": "rule:admin_or_owner",
|
||||
"backup:get": "rule:admin_or_owner",
|
||||
"backup:get_all": "rule:admin_or_owner",
|
||||
"backup:restore": "rule:admin_or_owner",
|
||||
"backup:backup-import": "rule:admin_api",
|
||||
"backup:backup-export": "rule:admin_api",
|
||||
|
||||
|
|
Loading…
Reference in New Issue