Merge "Remove idp policies from policy.v3cloudsample.json"
This commit is contained in:
commit
5b410cfd81
|
@ -183,12 +183,6 @@
|
|||
"identity:add_endpoint_group_to_project": "rule:admin_required",
|
||||
"identity:remove_endpoint_group_from_project": "rule:admin_required",
|
||||
|
||||
"identity:create_identity_provider": "rule:cloud_admin",
|
||||
"identity:list_identity_providers": "rule:cloud_admin",
|
||||
"identity:get_identity_provider": "rule:cloud_admin",
|
||||
"identity:update_identity_provider": "rule:cloud_admin",
|
||||
"identity:delete_identity_provider": "rule:cloud_admin",
|
||||
|
||||
"identity:create_protocol": "rule:cloud_admin",
|
||||
"identity:update_protocol": "rule:cloud_admin",
|
||||
"identity:get_protocol": "rule:cloud_admin",
|
||||
|
|
|
@ -205,7 +205,12 @@ class PolicyJsonTestCase(unit.TestCase):
|
|||
'identity:get_mapping',
|
||||
'identity:list_mappings',
|
||||
'identity:update_mapping',
|
||||
'identity:delete_mapping'
|
||||
'identity:delete_mapping',
|
||||
'identity:create_identity_provider',
|
||||
'identity:get_identity_provider',
|
||||
'identity:list_identity_providers',
|
||||
'identity:update_identity_provider',
|
||||
'identity:delete_identity_provider'
|
||||
]
|
||||
policy_keys = self._get_default_policy_rules()
|
||||
for p in removed_policies:
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
[`bug 1804517 <https://bugs.launchpad.net/keystone/+bug/1804517>`_]
|
||||
The federated identity provider policies defined in
|
||||
``policy.v3cloudsample.json`` have been removed. These policies
|
||||
are now obsolete after incorporating system-scope into the
|
||||
identity provider API and implementing default roles.
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1804517 <https://bugs.launchpad.net/keystone/+bug/1804517>`_]
|
||||
The federated identity provider policies in
|
||||
``policy.v3cloudsample.json`` policy file have been removed in
|
||||
favor of better defaults in code. These policies weren't tested
|
||||
exhaustively and were misleading to users and operators.
|
||||
|
Loading…
Reference in New Issue