[PS-292] fix: update new neutron policy rules (#1793)

commit: 46cdeb164779e3938a19f88b2ecaf308006ae3ca [log] [tgz]
author: Rico Lin <rlin@vexxhost.com> Thu Aug 22 00:36:53 2024 +0800
committer: GitHub <noreply@github.com> Wed Aug 21 16:36:53 2024 +0000
tree: 67e1e4bbfeb78ca14896fd5450cd3cc29f6df8cd
parent: 7306024593c7166c9ff2b8603082ca8bfe1aacf4 [diff]
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index d205166..c4a78c3 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml

@@ -112,5 +112,5 @@
   conf:
     policy:
       delete_port: "((rule:admin_only) or (rule:service_api) or role:member and rule:network_owner or role:member and project_id:%(project_id)s) and http://neutron-server:9697/port-delete"
-      update_port:mac_address: "((rule:admin_only) or (rule:service_api)) and http://neutron-server:9697/port-update"
-      update_port:fixed_ips: "((rule:admin_only) or (rule:service_api) or role:member and rule:network_owner) and http://neutron-server:9697/port-update"
+      update_port:mac_address: "((rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s) and http://neutron-server:9697/port-update"
+      update_port:fixed_ips: "((rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s or role:member and rule:network_owner) and http://neutron-server:9697/port-update"
commit	46cdeb164779e3938a19f88b2ecaf308006ae3ca	[log] [tgz]
author	Rico Lin <rlin@vexxhost.com>	Thu Aug 22 00:36:53 2024 +0800
committer	GitHub <noreply@github.com>	Wed Aug 21 16:36:53 2024 +0000
tree	67e1e4bbfeb78ca14896fd5450cd3cc29f6df8cd
parent	7306024593c7166c9ff2b8603082ca8bfe1aacf4 [diff]