commit 45317c80f57f6b459e38d3c63ee98cbd0b3161e9
author Tomáš Pecka <tomas.pecka@cesnet.cz> Thu Jan 18 09:29:41 2024 +0100
committer Jan Kundrát <jan.kundrat@cesnet.cz> Fri Jan 19 14:02:57 2024 +0100
tree ff00347cfbe4ee36514c8778ea7cd115a3563b07
parent cbe2a7575ab5a07f267844802730413e01c59e68

velia: NACM rules for account self-management

Bring in the NACM rules to enable users change their passwords and keys
and disable peeking at other users keys and last password change
timestamp.

Depends-on: https://gerrit.cesnet.cz/c/CzechLight/velia/+/6821
Change-Id: I9a08495d03dc76f2f42fe75b93ffff6100875cf1

tests/czechlight-cfg-fs/data/v0_sdn-roadm-add-drop_empty/expected.json

diff --git a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-add-drop_empty/expected.json b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-add-drop_empty/expected.json
index a27d57f..4d48c7b 100644
--- a/tests/czechlight-cfg-fs/data/v0_sdn-roadm-add-drop_empty/expected.json
+++ b/tests/czechlight-cfg-fs/data/v0_sdn-roadm-add-drop_empty/expected.json
@@ -916,6 +916,21 @@
             "action": "permit"
           }
         ]
+      },
+      {
+        "name": "Authentication details of current user",
+        "group": [
+          "*"
+        ],
+        "rule": [
+          {
+            "name": "Allow reading and executing actions in the context of the current user",
+            "access-operations": "read exec",
+            "module-name": "czechlight-system",
+            "action": "permit",
+            "path": "/czechlight-system:authentication/users[name=$USER]"
+          }
+        ]
       }
     ]
   }