Remove service provider policies from v3cloudsample.json

By incorporating system-scope and default roles, we've effectively
made these policies obsolete. We can simplify what we maintain and
provide a more consistent, unified view of default service provider
behavior by removing them.

Change-Id: I01b0e7152ae282c49644b3bad1bcb2c8119aed58
Closes-Bug: 1804520
This commit is contained in:
Lance Bragstad 2018-11-26 20:57:53 +00:00
parent e647d6f697
commit 6bac9930eb
3 changed files with 19 additions and 7 deletions

View File

@ -207,12 +207,6 @@
"identity:delete_mapping": "rule:cloud_admin",
"identity:update_mapping": "rule:cloud_admin",
"identity:create_service_provider": "rule:cloud_admin",
"identity:list_service_providers": "rule:cloud_admin",
"identity:get_service_provider": "rule:cloud_admin",
"identity:update_service_provider": "rule:cloud_admin",
"identity:delete_service_provider": "rule:cloud_admin",
"identity:get_auth_catalog": "",
"identity:get_auth_projects": "",
"identity:get_auth_domains": "",

View File

@ -190,7 +190,12 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:get_registered_limit',
'identity:list_registered_limits',
'identity:update_registered_limit',
'identity:delete_registered_limit'
'identity:delete_registered_limit',
'identity:create_service_provider',
'identity:get_service_provider',
'identity:list_service_providers',
'identity:update_service_provider',
'identity:delete_service_provider'
]
policy_keys = self._get_default_policy_rules()
for p in removed_policies:

View File

@ -0,0 +1,13 @@
---
upgrade:
- |
[`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
The federated service provider policies defined in ``policy.v3cloudsample.json``
have been removed. These policies are now obsolete after incorporating
system-scope into the service provider API and implementing default roles.
fixes:
- |
[`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
The federated service provider policies in ``policy.v3cloudsample.json`` policy file
have been removed in favor of better defaults in code. These policies
weren't tested exhaustively and were misleading to users and operators.