Remove service provider policies from v3cloudsample.json
By incorporating system-scope and default roles, we've effectively made these policies obsolete. We can simplify what we maintain and provide a more consistent, unified view of default service provider behavior by removing them. Change-Id: I01b0e7152ae282c49644b3bad1bcb2c8119aed58 Closes-Bug: 1804520
This commit is contained in:
parent
e647d6f697
commit
6bac9930eb
@ -207,12 +207,6 @@
|
||||
"identity:delete_mapping": "rule:cloud_admin",
|
||||
"identity:update_mapping": "rule:cloud_admin",
|
||||
|
||||
"identity:create_service_provider": "rule:cloud_admin",
|
||||
"identity:list_service_providers": "rule:cloud_admin",
|
||||
"identity:get_service_provider": "rule:cloud_admin",
|
||||
"identity:update_service_provider": "rule:cloud_admin",
|
||||
"identity:delete_service_provider": "rule:cloud_admin",
|
||||
|
||||
"identity:get_auth_catalog": "",
|
||||
"identity:get_auth_projects": "",
|
||||
"identity:get_auth_domains": "",
|
||||
|
@ -190,7 +190,12 @@ class PolicyJsonTestCase(unit.TestCase):
|
||||
'identity:get_registered_limit',
|
||||
'identity:list_registered_limits',
|
||||
'identity:update_registered_limit',
|
||||
'identity:delete_registered_limit'
|
||||
'identity:delete_registered_limit',
|
||||
'identity:create_service_provider',
|
||||
'identity:get_service_provider',
|
||||
'identity:list_service_providers',
|
||||
'identity:update_service_provider',
|
||||
'identity:delete_service_provider'
|
||||
]
|
||||
policy_keys = self._get_default_policy_rules()
|
||||
for p in removed_policies:
|
||||
|
13
releasenotes/notes/bug-1804520-d124599967923052.yaml
Normal file
13
releasenotes/notes/bug-1804520-d124599967923052.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
[`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
|
||||
The federated service provider policies defined in ``policy.v3cloudsample.json``
|
||||
have been removed. These policies are now obsolete after incorporating
|
||||
system-scope into the service provider API and implementing default roles.
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1804520 <https://bugs.launchpad.net/keystone/+bug/1804520>`_]
|
||||
The federated service provider policies in ``policy.v3cloudsample.json`` policy file
|
||||
have been removed in favor of better defaults in code. These policies
|
||||
weren't tested exhaustively and were misleading to users and operators.
|
Loading…
Reference in New Issue
Block a user