Remove system assignment policies from policy.v3cloudsample.json

By relying on system-scope and default roles, these policies are now
obsolete.

Change-Id: I7a17c2baa6e23b6a5d8fe21668a66ea8c8a89232
Partial-Bug: 1806762
(cherry picked from commit 0dbc8a88e8)
This commit is contained in:
Lance Bragstad 2019-03-21 19:28:08 +00:00 committed by Colleen Murphy
parent 56e4812793
commit b7a64a9315
2 changed files with 8 additions and 10 deletions

View File

@ -80,16 +80,6 @@
"identity:list_role_inference_rules": "rule:cloud_admin",
"identity:check_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:list_system_grants_for_user": "rule:admin_required",
"identity:check_system_grant_for_user": "rule:admin_required",
"identity:create_system_grant_for_user": "rule:admin_required",
"identity:revoke_system_grant_for_user": "rule:admin_required",
"identity:list_system_grants_for_group": "rule:admin_required",
"identity:check_system_grant_for_group": "rule:admin_required",
"identity:create_system_grant_for_group": "rule:admin_required",
"identity:revoke_system_grant_for_group": "rule:admin_required",
"identity:check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
"identity:list_grants": "rule:cloud_admin or rule:domain_admin_for_list_grants or rule:project_admin_for_list_grants",
"identity:create_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",

View File

@ -201,6 +201,14 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:list_roles',
'identity:update_role',
'identity:delete_role',
'identity:list_system_grants_for_user',
'identity:check_system_grant_for_user',
'identity:create_system_grant_for_user',
'identity:revoke_system_grant_for_user',
'identity:list_system_grants_for_group',
'identity:check_system_grant_for_group',
'identity:create_system_grant_for_group',
'identity:revoke_system_grant_for_group',
'identity:create_region',
'identity:get_region',
'identity:list_regions',