d02a8d836c
This patchset eliminates different behaviour between policy_authority and requirements_authority. Problem description: `rbac_test_roles = [member,]` Policy authority: `update_port: role:member and role:viewer` Results in 403/False (we are member but not viewer). Requirements authority: ``` req_auth: update_port: - member - viewer ``` Results in 200/True (member in update_port list). Proposed solution: Change requirements_authority file sytax to support comma separated roles to be considered as logical and. Depends-On: https://review.openstack.org/#/c/606110/ Change-Id: I2e2a4a2020f5e85af15f1836d69386bc91a2d2ec Co-Authored-By: Felipe Monteiro <felipe.monteiro@att.com> |
||
---|---|---|
.. | ||
admin_rbac_policy.json | ||
alt_admin_rbac_policy.json | ||
custom_rbac_policy.json | ||
custom_rbac_policy.yaml | ||
rbac_roles.yaml | ||
tenant_rbac_policy.json |