In case when user's security group contains rules created e.g.
by admin, and such rules has got admin's tenant as tenant_id,
owner of security group should be able to see those rules.
Some time ago this was addressed for request:
GET /v2.0/security-groups/<sec_group_id>
But it is also required to behave in same way for
GET /v2.0/security-group-rules
So this patch fixes this behaviour for listing of security
group rules.
To achieve that this patch also adds new policy rule:
ADMIN_OWNER_OR_SG_OWNER which is similar to already existing
ADMIN_OWNER_OR_NETWORK_OWNER used e.g. for listing or creating
ports.
Conflicts: etc/policy.json neutron/policy.py
Change-Id: I09114712582d2d38d14cf1683b87a8ce3a8e8c3c
Closes-Bug: #1824248
(cherry picked from commit b898d2e3c08b50e576ee849fbe8614c66f360c62)
(cherry picked from commit 36d1086569627af5dafd734333a7ebc4bc060d77)
Reviewed: https:/ /review. opendev. org/688719 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=e00ebee0531 8edbd18f49df0fd 34697d0e1417ed
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit e00ebee05318edb d18f49df0fd3469 7d0e1417ed
Author: Slawek Kaplonski <email address hidden>
Date: Thu Sep 12 22:02:52 2019 +0200
List SG rules which belongs to tenant's SG
In case when user's security group contains rules created e.g.
by admin, and such rules has got admin's tenant as tenant_id,
owner of security group should be able to see those rules.
Some time ago this was addressed for request:
GET /v2.0/security- groups/ <sec_group_ id>
But it is also required to behave in same way for
GET /v2.0/security- group-rules
So this patch fixes this behaviour for listing of security OWNER_OR_ SG_OWNER which is similar to already existing OWNER_OR_ NETWORK_ OWNER used e.g. for listing or creating
group rules.
To achieve that this patch also adds new policy rule:
ADMIN_
ADMIN_
ports.
Conflicts:
etc/policy. json
neutron/ policy. py
Change-Id: I09114712582d2d 38d14cf1683b87a 8ce3a8e8c3c 576ee849fbe8614 c66f360c62) 5dafd734333a7eb c4bc060d77)
Closes-Bug: #1824248
(cherry picked from commit b898d2e3c08b50e
(cherry picked from commit 36d1086569627af