diff options
author | Ghanshyam Mann <gmann@ghanshyammann.com> | 2020-04-07 00:27:17 -0500 |
---|---|---|
committer | Ghanshyam Mann <gmann@ghanshyammann.com> | 2020-04-07 00:27:17 -0500 |
commit | e8c47191b6a11a1ef32268c2a6395d6347f71995 (patch) | |
tree | 35869a7b67d8848e7c54362711b8d509bd7c5481 /nova/tests/unit/test_policy.py | |
parent | b216cffd151f19dc755029a50130303b3eb2f5d0 (diff) | |
download | nova-e8c47191b6a11a1ef32268c2a6395d6347f71995.tar.gz |
Add new default roles in server tags policies
This adds new defaults roles in server metadata API policies
- to system admin or project member for update and delete.
- to system and project reader for get
Also add tests to simulates the future where we drop the deprecation
fall back in the policy by overriding the rules with a version where
there are no deprecated rule options. Operators can do the same by
adding overrides in their policy files that match the default but
stop the rule deprecation fallback from happening.
Partial implement blueprint policy-defaults-refresh
Change-Id: Id81e617f089f7f7d654e6df6a106ea9d5100b9f6
Diffstat (limited to 'nova/tests/unit/test_policy.py')
-rw-r--r-- | nova/tests/unit/test_policy.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nova/tests/unit/test_policy.py b/nova/tests/unit/test_policy.py index 73d5ef1ddc..3dcffe619a 100644 --- a/nova/tests/unit/test_policy.py +++ b/nova/tests/unit/test_policy.py @@ -435,8 +435,6 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "os_compute_api:os-server-password", "os_compute_api:os-server-tags:delete", "os_compute_api:os-server-tags:delete_all", -"os_compute_api:os-server-tags:index", -"os_compute_api:os-server-tags:show", "os_compute_api:os-server-tags:update", "os_compute_api:os-server-tags:update_all", "os_compute_api:os-server-groups:index", @@ -480,6 +478,8 @@ class RealRolePolicyTestCase(test.NoDBTestCase): "os_compute_api:os-attach-interfaces:show", "os_compute_api:os-instance-actions:list", "os_compute_api:os-instance-actions:show", +"os_compute_api:os-server-tags:index", +"os_compute_api:os-server-tags:show", ) self.allow_nobody_rules = ( |