summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.opendev.org>2023-05-16 12:02:28 +0000
committerGerrit Code Review <review@openstack.org>2023-05-16 12:02:28 +0000
commitae4084c1735f63de7fc685ee51502f5d0d9db67c (patch)
tree1404a3b6463941fb5893c2a3101f720e109e476d
parenta06b44e12da4ab8fb037b34593f33c4df7dbafa1 (diff)
parent01de74dedfdc306b0331aae4f970f0c5bca5cb48 (diff)
downloadneutron-ae4084c1735f63de7fc685ee51502f5d0d9db67c.tar.gz
Merge "[S-RBAC] Get QoS rule types API available for READER role"
Diffstat
-rw-r--r--neutron/conf/policies/qos.py6
-rw-r--r--neutron/tests/unit/conf/policies/test_qos.py6
2 files changed, 5 insertions, 7 deletions
diff --git a/neutron/conf/policies/qos.py b/neutron/conf/policies/qos.py
index 2fc9d0975c..c507a7bdb9 100644
--- a/neutron/conf/policies/qos.py
+++ b/neutron/conf/policies/qos.py
@@ -104,7 +104,11 @@ rules = [
policy.DocumentedRuleDefault(
name='get_rule_type',
- check_str=base.ADMIN,
+ # NOTE(ralonsoh): it can't be ADMIN_OR_PROJECT_READER constant from the
+ # base module because that is using "project_id" in the check string
+ # and the rule type resource don't belongs to any project thus such
+ # check string would fail enforcement.
+ check_str='role:reader',
scope_types=['project'],
description='Get available QoS rule types',
operations=[
diff --git a/neutron/tests/unit/conf/policies/test_qos.py b/neutron/tests/unit/conf/policies/test_qos.py
index 2b4d7aea03..ff655b298e 100644
--- a/neutron/tests/unit/conf/policies/test_qos.py
+++ b/neutron/tests/unit/conf/policies/test_qos.py
@@ -210,12 +210,6 @@ class ProjectMemberQosRuleTypeTests(AdminQosRuleTypeTests):
super(ProjectMemberQosRuleTypeTests, self).setUp()
self.context = self.project_member_ctx
- def test_get_rule_type(self):
- self.assertRaises(
- base_policy.PolicyNotAuthorized,
- policy.enforce,
- self.context, 'get_rule_type', self.target)
-
class ProjectReaderQosRuleTypeTests(ProjectMemberQosRuleTypeTests):
View Lorry Controller Status