Description
===========
Manila's security services API allows a user to retrieve all security services
in manila [1]. This sits behind a RBAC policy: "security_services:get_all_security_services" [2].
This RBAC policy currently defaults to "admin" [3] and the default will transition to system scoped admin users [3] in the future.
However, even when one changes the policy to a non admin user today, they will be unable to use this API query, because the code enforces that the caller has an administrator context [4]. This is undesirable to the way we want flexibility in our code wrt allowing deployers to tune RBAC policies to customize API access.
Steps to reproduce
==================
A chronological list of steps which will help reproduce the issue you hit:
* Created a policy.yaml file and set "security_service:get_all_security_services" to "rule:default" (meaning that all users can see all security services)
* as a regular non-admin user of a project, invoked "GET /security-services?all_tenants=True" API
Expected result
===============
Security services of all projects should be retrieved
Actual result
=============
Only security services of my own project were retrieved.
Additional comments http:// eavesdrop. openstack. org/meetings/ manila/ 2021/manila. 2021-02- 25-15.01. log.html