Browse Source

Remove registered limit policies from policy.v3cloudsample.json

By incorporating system-scope and default roles, we've effectively
made these policies obsolete. We can simplify what we maintain and
provide a more consistent, unified view of default registered limit
behavior by removing them.

Change-Id: I1ee7fb53a71361966584363687051615dc832329
Related-Bug: 1805880
changes/19/621019/7
Lance Bragstad 3 years ago
parent
commit
7af769278a
  1. 6
      etc/policy.v3cloudsample.json
  2. 7
      keystone/tests/unit/test_policy.py
  3. 14
      releasenotes/notes/bug-1805880-3fc6b30309a4370f.yaml

6
etc/policy.v3cloudsample.json

@ -28,12 +28,6 @@
"identity:update_endpoint": "rule:cloud_admin",
"identity:delete_endpoint": "rule:cloud_admin",
"identity:get_registered_limit": "",
"identity:list_registered_limits": "",
"identity:create_registered_limits": "rule:admin_required",
"identity:update_registered_limit": "rule:admin_required",
"identity:delete_registered_limit": "rule:admin_required",
"identity:get_limit_model": "",
"identity:get_limit": "",
"identity:list_limits": "",

7
keystone/tests/unit/test_policy.py

@ -185,7 +185,12 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:get_credential',
'identity:list_credentials',
'identity:update_credential',
'identity:delete_credential'
'identity:delete_credential',
'identity:create_registered_limits',
'identity:get_registered_limit',
'identity:list_registered_limits',
'identity:update_registered_limit',
'identity:delete_registered_limit'
]
policy_keys = self._get_default_policy_rules()
for p in removed_policies:

14
releasenotes/notes/bug-1805880-3fc6b30309a4370f.yaml

@ -0,0 +1,14 @@
---
upgrade:
- |
[`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_]
The registered limit policies defined in ``policy.v3cloudsample.json``
have been removed. These policies are now obsolete after incorporating
system-scope into the registered limit API and implementing default roles.
fixes:
- |
[`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_]
The registered limit policies in ``policy.v3cloudsample.json`` policy
file have been removed in favor of better defaults in code. These
policies weren't tested exhaustively and were misleading to users
and operators.
Loading…
Cancel
Save