Reuse common system role definitions for roles API

We recently merged some changes that define common system roles in base.py. This commit reuses them for readable role operations. Change-Id: Ia04323d7fa23cb8170e4e8426cae7a12ba7bf286
2018-12-18 21:42:39 +00:00 · 2018-12-18 21:42:39 +00:00 · d437365444
parent adfee4eb79
commit d437365444
1 changed files with 2 additions and 2 deletions
--- a/keystone/common/policies/role.py
+++ b/keystone/common/policies/role.py
@ -35,7 +35,7 @@ relying on overrides in your deployment for the role API.
 role_policies = [
    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'get_role',
-        check_str='role:reader',
+        check_str=base.SYSTEM_READER,
        # FIXME(lbragstad): Roles should be considered a system-level resource.
        # The current RBAC design of OpenStack requires configuration
        # modification depending on the roles created in keystone. Once that is
@ -52,7 +52,7 @@ role_policies = [
        deprecated_since=versionutils.deprecated.STEIN),
    policy.DocumentedRuleDefault(
        name=base.IDENTITY % 'list_roles',
-        check_str='role:reader',
+        check_str=base.SYSTEM_READER,
        scope_types=['system'],
        description='List roles.',
        operations=[{'path': '/v3/roles',