Remove endpoint policies from policy.v3cloudsample.json
By incorporating system-scope and default roles, we've effectively made these policies obsolete. We can simplify what we maintain and provide a more consistent, unified view of default endpoint behavior by removing them. Change-Id: I423e54c359b787efdda70f5d141f21e9103f3524 Closes-Bug: 1804482
This commit is contained in:
parent
00663f93b7
commit
6c6c6049f5
|
@ -16,12 +16,6 @@
|
|||
"identity:update_service": "rule:cloud_admin",
|
||||
"identity:delete_service": "rule:cloud_admin",
|
||||
|
||||
"identity:get_endpoint": "rule:admin_required",
|
||||
"identity:list_endpoints": "rule:admin_required",
|
||||
"identity:create_endpoint": "rule:cloud_admin",
|
||||
"identity:update_endpoint": "rule:cloud_admin",
|
||||
"identity:delete_endpoint": "rule:cloud_admin",
|
||||
|
||||
"identity:get_limit_model": "",
|
||||
"identity:get_limit": "",
|
||||
"identity:list_limits": "",
|
||||
|
|
|
@ -201,6 +201,11 @@ class PolicyJsonTestCase(unit.TestCase):
|
|||
'identity:list_regions',
|
||||
'identity:update_region',
|
||||
'identity:delete_region',
|
||||
'identity:create_endpoint',
|
||||
'identity:get_endpoint',
|
||||
'identity:list_endpoints',
|
||||
'identity:update_endpoint',
|
||||
'identity:delete_endpoint',
|
||||
'identity:create_mapping',
|
||||
'identity:get_mapping',
|
||||
'identity:list_mappings',
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
upgrade:
|
||||
- |
|
||||
[`bug 1804482 <https://bugs.launchpad.net/keystone/+bug/1804482>`_]
|
||||
The endpoint policies defined in ``policy.v3cloudsample.json`` have
|
||||
been removed. These policies are now obsolete after incorporating
|
||||
system-scope into the endpoint API and implementing default roles.
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1804482 <https://bugs.launchpad.net/keystone/+bug/1804482>`_]
|
||||
The endpoint policies in ``policy.v3cloudsample.json`` policy file
|
||||
have been removed in favor of better defaults in code. These
|
||||
policies weren't tested exhaustively and were misleading to users
|
||||
and operators.
|
||||
|
Loading…
Reference in New Issue