From ca942e9732b555a576dd4411ed78bc1af44b8d30 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Fri, 5 May 2023 13:13:16 +0200 Subject: [PATCH] [S-RBAC] Get QoS rule types API available for READER role API call "get_rule_types" should be available in new policies for all users with READER role as this is kind of the same what was in the old policies (ANY). Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/882818 Closes-Bug: #2018585 Change-Id: I8281bd8a902bcaba1187565e9610d598e4ebc254 (cherry picked from commit 01de74dedfdc306b0331aae4f970f0c5bca5cb48) (cherry picked from commit c82eee0fd616b06cd97dace13d59c792755fc72f) --- neutron/conf/policies/qos.py | 6 +++++- neutron/tests/unit/conf/policies/test_qos.py | 6 ------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/neutron/conf/policies/qos.py b/neutron/conf/policies/qos.py index 96362fe5f5e..b06b5af6b62 100644 --- a/neutron/conf/policies/qos.py +++ b/neutron/conf/policies/qos.py @@ -103,7 +103,11 @@ policy.DocumentedRuleDefault( name='get_rule_type', - check_str=base.ADMIN, + # NOTE(ralonsoh): it can't be ADMIN_OR_PROJECT_READER constant from the + # base module because that is using "project_id" in the check string + # and the rule type resource don't belongs to any project thus such + # check string would fail enforcement. + check_str='role:reader', scope_types=['project'], description='Get available QoS rule types', operations=[ diff --git a/neutron/tests/unit/conf/policies/test_qos.py b/neutron/tests/unit/conf/policies/test_qos.py index 2b4d7aea031..ff655b298e9 100644 --- a/neutron/tests/unit/conf/policies/test_qos.py +++ b/neutron/tests/unit/conf/policies/test_qos.py @@ -210,12 +210,6 @@ def setUp(self): super(ProjectMemberQosRuleTypeTests, self).setUp() self.context = self.project_member_ctx - def test_get_rule_type(self): - self.assertRaises( - base_policy.PolicyNotAuthorized, - policy.enforce, - self.context, 'get_rule_type', self.target) - class ProjectReaderQosRuleTypeTests(ProjectMemberQosRuleTypeTests):