openstack
/
keystone
Code Issues Proposed changes

Merge "Remove system assignment policies from policy.v3cloudsample.json"

This commit is contained in:
Zuul 2019-03-26 01:31:47 +00:00 committed by Gerrit Code Review
parent 140a0110c0 0dbc8a88e8
commit e3e5913846
2 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
etc/policy.v3cloudsample.json
View File

@ -72,16 +72,6 @@
"identity:list_role_inference_rules": "rule:cloud_admin",
"identity:check_implied_role": "rule:cloud_admin or rule:admin_and_matching_prior_role_domain_id",
"identity:list_system_grants_for_user": "rule:admin_required",
"identity:check_system_grant_for_user": "rule:admin_required",
"identity:create_system_grant_for_user": "rule:admin_required",
"identity:revoke_system_grant_for_user": "rule:admin_required",
"identity:list_system_grants_for_group": "rule:admin_required",
"identity:check_system_grant_for_group": "rule:admin_required",
"identity:create_system_grant_for_group": "rule:admin_required",
"identity:revoke_system_grant_for_group": "rule:admin_required",
"identity:check_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",
"identity:list_grants": "rule:cloud_admin or rule:domain_admin_for_list_grants or rule:project_admin_for_list_grants",
"identity:create_grant": "rule:cloud_admin or rule:domain_admin_for_grants or rule:project_admin_for_grants",

8
keystone/tests/unit/test_policy.py
View File

@ -201,6 +201,14 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:list_roles',
'identity:update_role',
'identity:delete_role',
'identity:list_system_grants_for_user',
'identity:check_system_grant_for_user',
'identity:create_system_grant_for_user',
'identity:revoke_system_grant_for_user',
'identity:list_system_grants_for_group',
'identity:check_system_grant_for_group',
'identity:create_system_grant_for_group',
'identity:revoke_system_grant_for_group',
'identity:create_region',
'identity:get_region',
'identity:list_regions',