diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json index e79e5a1a47..fe3a583617 100644 --- a/etc/policy.v3cloudsample.json +++ b/etc/policy.v3cloudsample.json @@ -17,14 +17,6 @@ "identity:update_limit": "rule:admin_required", "identity:delete_limit": "rule:admin_required", - "admin_and_matching_target_project_domain_id": "rule:admin_required and domain_id:%(target.project.domain_id)s", - "admin_and_matching_project_domain_id": "rule:admin_required and domain_id:%(project.domain_id)s", - "identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s", - "identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id", - "identity:list_user_projects": "rule:owner or rule:admin_and_matching_domain_id", - "identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id", - "identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id", - "identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id", "identity:create_project_tag": "rule:admin_required", "identity:delete_project_tag": "rule:admin_required", "identity:get_project_tag": "rule:admin_required", diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py index 9462ba2ece..fc137ba473 100644 --- a/keystone/tests/unit/test_policy.py +++ b/keystone/tests/unit/test_policy.py @@ -231,6 +231,12 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:list_domains', 'identity:update_domain', 'identity:delete_domain', + 'identity:create_project', + 'identity:get_project', + 'identity:list_projects', + 'identity:update_project', + 'identity:delete_project', + 'identity:list_user_projects', 'identity:create_service', 'identity:get_service', 'identity:list_services',