Browse Source

Remove protocol policies from v3cloudsample.json

By incorporating system-scope and default roles, we've effectively
made these policies obsolete. We can simplify what we maintain and
provide a more consistent, unified view of default protocol
behavior by removing them.

Related-Bug: 1806762
Closes-Bug: 1804518
Change-Id: Ia839555d8211596213311c4246135cdae4f46ab2
changes/57/625357/7
Lance Bragstad 3 years ago
parent
commit
24b8db9e06
  1. 6
      etc/policy.v3cloudsample.json
  2. 5
      keystone/tests/unit/test_policy.py
  3. 17
      releasenotes/notes/bug-1806762-daed3e27f58f0f6d.yaml

6
etc/policy.v3cloudsample.json

@ -171,12 +171,6 @@
"identity:add_endpoint_group_to_project": "rule:admin_required",
"identity:remove_endpoint_group_from_project": "rule:admin_required",
"identity:create_protocol": "rule:cloud_admin",
"identity:update_protocol": "rule:cloud_admin",
"identity:get_protocol": "rule:cloud_admin",
"identity:list_protocols": "rule:cloud_admin",
"identity:delete_protocol": "rule:cloud_admin",
"identity:get_auth_catalog": "",
"identity:get_auth_projects": "",
"identity:get_auth_domains": "",

5
keystone/tests/unit/test_policy.py

@ -216,6 +216,11 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:list_identity_providers',
'identity:update_identity_provider',
'identity:delete_identity_provider',
'identity:create_protocol',
'identity:get_protocol',
'identity:list_protocols',
'identity:update_protocol',
'identity:delete_protocol',
'identity:create_domain',
'identity:get_domain',
'identity:list_domains',

17
releasenotes/notes/bug-1806762-daed3e27f58f0f6d.yaml

@ -0,0 +1,17 @@
---
upgrade:
- |
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
[`bug 1804518 <https://bugs.launchpad.net/keystone/+bug/1804518>`_]
The protocol policies defined in the ``policy.v3cloudsample.json``
policy file have been removed. These policies are now obsolete after
incorporating system-scope into the federated protocol API and
implementing default roles.
fixes:
- |
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
[`bug 1804518 <https://bugs.launchpad.net/keystone/+bug/1804518>`_]
The federated protocol policies in the ``policy.v3cloudsample.json``
policy file have been removed in favor of better defaults in code.
These policies weren't tested exhaustively and were misleading to
users and operators.
Loading…
Cancel
Save