From 67eefcf381b252b75ba7b4e7f8c9023522e2862c Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Mon, 3 Aug 2020 13:02:44 +0800
Subject: [PATCH] Correct limits and os-availability-zone's policy setting

In nova latest code, limits and os-availability-zone have been
updated to could be listed as any user by below patches:
limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b
os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b
And target project id is set to {}. So user cannot be matched as
"owner", and lead to API access failure.
Update policy to be the same as latest nova code to avoid the error.

Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
 horizon/values.yaml | 4 ++--
 nova/values.yaml    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/horizon/values.yaml b/horizon/values.yaml
index 4897e3f58b..fac210813e 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -1744,7 +1744,7 @@ conf:
         'os_compute_api:ips:discoverable': '@'
         'os_compute_api:ips:index': 'rule:admin_or_owner'
         'os_compute_api:ips:show': 'rule:admin_or_owner'
-        'os_compute_api:limits': 'rule:admin_or_owner'
+        'os_compute_api:limits': '@'
         'os_compute_api:limits:discoverable': '@'
         'os_compute_api:os-access-ips': 'rule:admin_or_owner'
         'os_compute_api:os-access-ips:discoverable': '@'
@@ -1773,7 +1773,7 @@ conf:
         'os_compute_api:os-attach-interfaces:discoverable': '@'
         'os_compute_api:os-availability-zone:detail': 'rule:admin_api'
         'os_compute_api:os-availability-zone:discoverable': '@'
-        'os_compute_api:os-availability-zone:list': 'rule:admin_or_owner'
+        'os_compute_api:os-availability-zone:list': '@'
         'os_compute_api:os-baremetal-nodes': 'rule:admin_api'
         'os_compute_api:os-baremetal-nodes:discoverable': '@'
         'os_compute_api:os-block-device-mapping-v1:discoverable': '@'
diff --git a/nova/values.yaml b/nova/values.yaml
index 4f3d54090c..7be618fe38 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -908,7 +908,7 @@ conf:
     os_compute_api:os-attach-interfaces:discoverable: "@"
     os_compute_api:os-attach-interfaces:create: rule:admin_or_owner
     os_compute_api:os-attach-interfaces:delete: rule:admin_or_owner
-    os_compute_api:os-availability-zone:list: rule:admin_or_owner
+    os_compute_api:os-availability-zone:list: "@"
     os_compute_api:os-availability-zone:discoverable: "@"
     os_compute_api:os-availability-zone:detail: rule:admin_api
     os_compute_api:os-baremetal-nodes:discoverable: "@"
@@ -1016,7 +1016,7 @@ conf:
     os_compute_api:os-keypairs:show: rule:admin_api or user_id:%(user_id)s
     os_compute_api:os-keypairs: rule:admin_or_owner
     os_compute_api:limits:discoverable: "@"
-    os_compute_api:limits: rule:admin_or_owner
+    os_compute_api:limits: "@"
     os_compute_api:os-lock-server:discoverable: "@"
     os_compute_api:os-lock-server:lock: rule:admin_or_owner
     os_compute_api:os-lock-server:unlock:unlock_override: rule:admin_api