Remove project policies from policy.v3cloudsample.json
By incorporating system-scope, domain-scope, project-scope, and
default roles, we've effectively made these policies obsolete. We can
simplify what we maintain and provide a more consistent, unified view
of default project behavior by removing them.
Change-Id: I80221b72ce0f234440e6d6aaea51869bd5f1c6e7
Related-Bug: 1806762
(cherry picked from commit 546b7f1bba
)
This commit is contained in:
parent
24c875fe76
commit
3d3fa99a05
|
@ -17,14 +17,6 @@
|
|||
"identity:update_limit": "rule:admin_required",
|
||||
"identity:delete_limit": "rule:admin_required",
|
||||
|
||||
"admin_and_matching_target_project_domain_id": "rule:admin_required and domain_id:%(target.project.domain_id)s",
|
||||
"admin_and_matching_project_domain_id": "rule:admin_required and domain_id:%(project.domain_id)s",
|
||||
"identity:get_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id or project_id:%(target.project.id)s",
|
||||
"identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id",
|
||||
"identity:list_user_projects": "rule:owner or rule:admin_and_matching_domain_id",
|
||||
"identity:create_project": "rule:cloud_admin or rule:admin_and_matching_project_domain_id",
|
||||
"identity:update_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
|
||||
"identity:delete_project": "rule:cloud_admin or rule:admin_and_matching_target_project_domain_id",
|
||||
"identity:create_project_tag": "rule:admin_required",
|
||||
"identity:delete_project_tag": "rule:admin_required",
|
||||
"identity:get_project_tag": "rule:admin_required",
|
||||
|
|
|
@ -231,6 +231,12 @@ class PolicyJsonTestCase(unit.TestCase):
|
|||
'identity:list_domains',
|
||||
'identity:update_domain',
|
||||
'identity:delete_domain',
|
||||
'identity:create_project',
|
||||
'identity:get_project',
|
||||
'identity:list_projects',
|
||||
'identity:update_project',
|
||||
'identity:delete_project',
|
||||
'identity:list_user_projects',
|
||||
'identity:create_service',
|
||||
'identity:get_service',
|
||||
'identity:list_services',
|
||||
|
|
Loading…
Reference in New Issue