Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[S-RBAC] Allow admin user to do all API requests by default
By default ADMIN user in the new Secure RBAC policies should behave in the same way as in the legacy rules so basically every API operation for any project should be allowed for ADMIN user. In the new rules there are roles like PROJECT_MEMBER and PROJECT_READER and those personas don't inherits directly from ADMIN which means that if something is possible to e.g. PROJECT_MEMBER it isn't automatically also allowed to ADMIN and we need to explicitly allow ADMIN user to do such requests. It was done like that for many of API calls already but not for all of them (probably by mistake). This patch introduces new composite check ADMIN_OR_PROJECT_MEMBER and uses it in the check strings where ADMIN or PROJECT_MEMBER user is allowed to use the API. It also changes some of the check strings which used "policy_or" to combine ADMIN and PROJECT_MEMBER or PROJECT_READER so that those composite checks ADMIN_OR_PROJECT_MEMBER and ADMIN_OR_PROJECT_READER are used everywhere. Closes-Bug: #1997089 Change-Id: Iab5cd6c7aa07ca8527c5fa8396c9ed0da65b4fa7
- Loading branch information
Showing
31 changed files
with
435 additions
and
273 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.