Allow users with "admin" role to get projects

This patch modifies the policy for identity:get_project to allow a user with the "admin" role to retrieve any project by project_id for Secure RBAC (Phase 1) Change-Id: I6442557701284572759da1354e6547f57186935f
2024-02-01 15:34:42 -05:00 · 2024-02-01 15:34:42 -05:00 · 0340121042
parent 5a97b7d847
commit 0340121042
1 changed files with 1 additions and 1 deletions
--- a/keystone/common/policies/project.py
+++ b/keystone/common/policies/project.py
@ -154,7 +154,7 @@ automatically.
 project_policies = [
    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'get_project',
-        check_str=SYSTEM_READER_OR_DOMAIN_READER_OR_PROJECT_USER,
+        check_str=ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_OR_PROJECT_USER,
        scope_types=['system', 'domain', 'project'],
        description='Show project details.',
        operations=[{'path': '/v3/projects/{project_id}',