fix identity:get_identity_providers typo

Changes identity:get_identity_providers policy rule to
identity:get_identity_provider to match what is checked by the code.

Change-Id: I0841abd30fd15c034b5836e42a18938634b509b1
Closes-Bug: #1703369
This commit is contained in:
Matthew Edmonds 2017-07-10 09:20:18 -04:00
parent 805b42ac4e
commit b7119637a0
4 changed files with 14 additions and 3 deletions

View File

@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project DELETE /v3/OS-EP-FILT
identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers
identity:get_identity_providers GET /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:get_identity_provider GET /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}

View File

@ -174,7 +174,7 @@
"identity:create_identity_provider": "rule:cloud_admin",
"identity:list_identity_providers": "rule:cloud_admin",
"identity:get_identity_providers": "rule:cloud_admin",
"identity:get_identity_provider": "rule:cloud_admin",
"identity:update_identity_provider": "rule:cloud_admin",
"identity:delete_identity_provider": "rule:cloud_admin",

View File

@ -37,7 +37,7 @@ identity_provider_policies = [
]
),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_identity_providers',
name=base.IDENTITY % 'get_identity_provider',
check_str=base.RULE_ADMIN_REQUIRED,
description='Get identity provider.',
operations=[

View File

@ -0,0 +1,11 @@
---
security:
- |
[`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_]
There was a typo for the identity:get_identity_provider rule in the
default ``policy.json`` file in previous releases. The default value for
that rule was the same as the default value for the default rule
(restricted to admin) so this typo was not readily apparent. Anyone
customizing this rule should review their settings and confirm that
they did not copy that typo. Particularly given that the default rule
is being removed in Pike with the move of policy into code.