Browse Source

Merge "Remove system policy and its association from policy.v3cloudsample.json"

changes/44/680844/2
Zuul 1 week ago
parent
commit
6ef5272501
2 changed files with 17 additions and 18 deletions
  1. 0
    17
      etc/policy.v3cloudsample.json
  2. 17
    1
      keystone/tests/unit/test_policy.py

+ 0
- 17
etc/policy.v3cloudsample.json View File

@@ -59,29 +59,12 @@
59 59
     "admin_on_project_filter": "rule:admin_required and project_id:%(scope.project.id)s",
60 60
     "admin_on_domain_of_project_filter": "rule:admin_required and domain_id:%(target.project.domain_id)s",
61 61
     "identity:list_role_assignments_for_tree": "rule:cloud_admin or rule:admin_on_domain_of_project_filter",
62
-    "identity:get_policy": "rule:cloud_admin",
63
-    "identity:list_policies": "rule:cloud_admin",
64
-    "identity:create_policy": "rule:cloud_admin",
65
-    "identity:update_policy": "rule:cloud_admin",
66
-    "identity:delete_policy": "rule:cloud_admin",
67 62
 
68 63
     "identity:check_token": "rule:admin_or_owner",
69 64
     "identity:validate_token": "rule:service_admin_or_owner",
70 65
     "identity:validate_token_head": "rule:service_or_admin",
71 66
     "identity:revoke_token": "rule:admin_or_owner",
72 67
 
73
-    "identity:create_policy_association_for_endpoint": "rule:cloud_admin",
74
-    "identity:check_policy_association_for_endpoint": "rule:cloud_admin",
75
-    "identity:delete_policy_association_for_endpoint": "rule:cloud_admin",
76
-    "identity:create_policy_association_for_service": "rule:cloud_admin",
77
-    "identity:check_policy_association_for_service": "rule:cloud_admin",
78
-    "identity:delete_policy_association_for_service": "rule:cloud_admin",
79
-    "identity:create_policy_association_for_region_and_service": "rule:cloud_admin",
80
-    "identity:check_policy_association_for_region_and_service": "rule:cloud_admin",
81
-    "identity:delete_policy_association_for_region_and_service": "rule:cloud_admin",
82
-    "identity:get_policy_for_endpoint": "rule:cloud_admin",
83
-    "identity:list_endpoints_for_policy": "rule:cloud_admin",
84
-
85 68
     "identity:create_domain_config": "rule:cloud_admin",
86 69
     "identity:get_domain_config": "rule:cloud_admin",
87 70
     "identity:update_domain_config": "rule:cloud_admin",

+ 17
- 1
keystone/tests/unit/test_policy.py View File

@@ -323,7 +323,23 @@ class PolicyJsonTestCase(unit.TestCase):
323 323
             'identity:list_users_in_group',
324 324
             'identity:remove_user_from_group',
325 325
             'identity:check_user_in_group',
326
-            'identity:add_user_to_group'
326
+            'identity:add_user_to_group',
327
+            'identity:get_policy',
328
+            'identity:list_policies',
329
+            'identity:create_policy',
330
+            'identity:update_policy',
331
+            'identity:delete_policy',
332
+            'identity:create_policy_association_for_endpoint',
333
+            'identity:check_policy_association_for_endpoint',
334
+            'identity:delete_policy_association_for_endpoint',
335
+            'identity:create_policy_association_for_service',
336
+            'identity:check_policy_association_for_service',
337
+            'identity:delete_policy_association_for_service',
338
+            'identity:create_policy_association_for_region_and_service',
339
+            'identity:check_policy_association_for_region_and_service',
340
+            'identity:delete_policy_association_for_region_and_service',
341
+            'identity:get_policy_for_endpoint',
342
+            'identity:list_endpoints_for_policy'
327 343
         ]
328 344
         policy_keys = self._get_default_policy_rules()
329 345
         for p in removed_policies:

Loading…
Cancel
Save