Prevent non-admin user specifying port's provider-security-groups
This is controlled via policy.json file, adding the relevant rules. Change-Id: I79e14418909a4e03f87ab3f2ad02945160daa43d
This commit is contained in:
parent
210eb89c4a
commit
e14b697cab
@ -45,6 +45,7 @@
|
||||
"create_port:binding:host_id": "rule:admin_only",
|
||||
"create_port:binding:profile": "rule:admin_only",
|
||||
"create_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
||||
"create_port:provider_security_groups": "rule:admin_only",
|
||||
"get_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
||||
"get_port:queue_id": "rule:admin_only",
|
||||
"get_port:binding:vif_type": "rule:admin_only",
|
||||
@ -57,6 +58,7 @@
|
||||
"update_port:binding:host_id": "rule:admin_only",
|
||||
"update_port:binding:profile": "rule:admin_only",
|
||||
"update_port:mac_learning_enabled": "rule:admin_or_network_owner or rule:context_is_advsvc",
|
||||
"update_port:provider_security_groups": "rule:admin_only",
|
||||
"delete_port": "rule:admin_or_owner or rule:context_is_advsvc",
|
||||
|
||||
"get_router:ha": "rule:admin_only",
|
||||
|
Loading…
Reference in New Issue
Block a user