From 42f1c52620d05dcd7cd7f0c7bc7c1fcc0e13b3cd Mon Sep 17 00:00:00 2001 From: jh629g Date: Wed, 22 Apr 2020 13:19:16 -0500 Subject: [PATCH] Collapse policy.json files RMS has three rules which were not included into the top level policy.json. These rules have been moved to the top level in order to fix 403 against uuid server. RMS specific policy.json was not pointed at by any code, so with this fix the file has been removed. Change-Id: I8bf507a6336b8b07885e3e11490f1324bf29c5d4 --- etc/policy.json | 6 ++- .../region_manager/rms/etc/policy.json | 38 ------------------- 2 files changed, 5 insertions(+), 39 deletions(-) delete mode 100755 orm/services/region_manager/rms/etc/policy.json diff --git a/etc/policy.json b/etc/policy.json index 0521d612..68a33e8a 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -117,5 +117,9 @@ "tenant:update": "rule:admin", "tenant:delete": "rule:admin", - "metadata:create": "rule:admin_or_support" + "uuid:get_one": "", + "uuid:delete": "rule:admin", + + "configuration:get": "rule:admin_or_support_or_viewer", + "log:update": "rule:admin" } diff --git a/orm/services/region_manager/rms/etc/policy.json b/orm/services/region_manager/rms/etc/policy.json deleted file mode 100755 index 1cc4f735..00000000 --- a/orm/services/region_manager/rms/etc/policy.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "default": "!", - - "admin": "role:admin and tenant:admin or role:admin and tenant:service", - "admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:service", - "admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:service", - - "admin_or_support": "rule:admin or rule:admin_support", - "admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer", - - "lcp:get_one": "", - "lcp:get_all": "", - - "uuid:get_one": "", - "uuid:delete": "rule:admin", - - "region:get_one": "", - "region:get_all": "", - "region:create": "rule:admin_or_support", - "region:update": "rule:admin", - "region:delete": "rule:admin", - - "group:get_one": "", - "group:get_all": "", - "group:create": "rule:admin_or_support", - "group:update": "rule:admin", - "group:delete": "rule:admin", - - "configuration:get": "rule:admin_or_support_or_viewer", - "log:update": "rule:admin", - - "metadata:get": "rule:admin_or_support_or_viewer", - "metadata:create": "rule:admin_or_support", - "metadata:update": "rule:admin", - "metadata:delete": "rule:admin", - - "status:put": "rule:admin" -}