Correct limits and os-availability-zone's policy setting

In nova latest code, limits and os-availability-zone have been updated to could be listed as any user by below patches: limits: 4d37ffc111ae8bb43bd33fe995bc3686b065131b os-availability-zone: b8c2de86ed46caf7768027e82519c2418989c36b And target project id is set to {}. So user cannot be matched as "owner", and lead to API access failure. Update policy to be the same as latest nova code to avoid the error. Change-Id: I3621be0fa42388180a7ac3e4bc7f7683a0c15b68 Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-08-03 13:02:44 +08:00 · 2020-08-03 13:02:44 +08:00 · 67eefcf381
commit 67eefcf381
parent dffc936932
2 changed files with 4 additions and 4 deletions
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@ -1744,7 +1744,7 @@ conf:
        'os_compute_api:ips:discoverable': '@'
        'os_compute_api:ips:index': 'rule:admin_or_owner'
        'os_compute_api:ips:show': 'rule:admin_or_owner'
-        'os_compute_api:limits': 'rule:admin_or_owner'
+        'os_compute_api:limits': '@'
        'os_compute_api:limits:discoverable': '@'
        'os_compute_api:os-access-ips': 'rule:admin_or_owner'
        'os_compute_api:os-access-ips:discoverable': '@'
@ -1773,7 +1773,7 @@ conf:
        'os_compute_api:os-attach-interfaces:discoverable': '@'
        'os_compute_api:os-availability-zone:detail': 'rule:admin_api'
        'os_compute_api:os-availability-zone:discoverable': '@'
-        'os_compute_api:os-availability-zone:list': 'rule:admin_or_owner'
+        'os_compute_api:os-availability-zone:list': '@'
        'os_compute_api:os-baremetal-nodes': 'rule:admin_api'
        'os_compute_api:os-baremetal-nodes:discoverable': '@'
        'os_compute_api:os-block-device-mapping-v1:discoverable': '@'
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -908,7 +908,7 @@ conf:
    os_compute_api:os-attach-interfaces:discoverable: "@"
    os_compute_api:os-attach-interfaces:create: rule:admin_or_owner
    os_compute_api:os-attach-interfaces:delete: rule:admin_or_owner
-    os_compute_api:os-availability-zone:list: rule:admin_or_owner
+    os_compute_api:os-availability-zone:list: "@"
    os_compute_api:os-availability-zone:discoverable: "@"
    os_compute_api:os-availability-zone:detail: rule:admin_api
    os_compute_api:os-baremetal-nodes:discoverable: "@"
@ -1016,7 +1016,7 @@ conf:
    os_compute_api:os-keypairs:show: rule:admin_api or user_id:%(user_id)s
    os_compute_api:os-keypairs: rule:admin_or_owner
    os_compute_api:limits:discoverable: "@"
-    os_compute_api:limits: rule:admin_or_owner
+    os_compute_api:limits: "@"
    os_compute_api:os-lock-server:discoverable: "@"
    os_compute_api:os-lock-server:lock: rule:admin_or_owner
    os_compute_api:os-lock-server:unlock:unlock_override: rule:admin_api