Andrew Bogott has submitted this change and it was merged.
Change subject: Designate policy: redefine "admin_or_member" rule
......................................................................
Designate policy: redefine "admin_or_member" rule
The existing 'member' rule doesn't make much sense to
me, and seems to misfire. This needs more investigation,
but this simple explicit rule should work in the meantime.
Change-Id: I4ec48e8acb58e1c12955756f66dbce519e6648a1
---
M modules/openstack/files/liberty/designate/policy.json
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/openstack/files/liberty/designate/policy.json
b/modules/openstack/files/liberty/designate/policy.json
index 3f5422d..99d7d29 100644
--- a/modules/openstack/files/liberty/designate/policy.json
+++ b/modules/openstack/files/liberty/designate/policy.json
@@ -1,7 +1,7 @@
{
"admin": "role:admin or is_admin:True",
"member": "tenant:%(tenant_id)s",
- "admin_or_member": "rule:admin or rule:member",
+ "admin_or_member": "rule:admin or role:user or role:projectadmin",
"admin_or_projectadmin": "rule:admin or role:projectadmin",
"target": "tenant:%(target_tenant_id)s",
"member_or_target":"rule:target or rule:member",
--
To view, visit https://gerrit.wikimedia.org/r/279731
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4ec48e8acb58e1c12955756f66dbce519e6648a1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
