keystone/releasenotes/notes/bug-1806762-c3bfc71cb9bb94f...

27 lines
1.4 KiB
YAML

---
upgrade:
- |
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
The domain policies defined in ``policy.v3cloudsample.json``
have been removed. These policies are now obsolete after incorporating
system-scope into the domain API and implementing default roles.
Additionally, the ``identity:get_domain`` policy in
``policy.v3cloudsample.json`` has been relaxed slightly to allow all
users with role assignments on a domain to retrieve that domain,
as opposed to only allowing users with the ``admin`` role to access
that policy.
All policies in ``policy.v3cloudsample.json`` that are redundant with the
defaults in code have been removed. This improves maintainability and
leaves the ``policy.v3cloudsample.json`` policy file with only
overrides. These overrides will eventually be moved into code or new
defaults in keystone directly. If you're using the policies removed
from ``policy.v3cloudsample.json`` please check to see if you can migrate
to the new defaults or continue maintaining the policy as an override.
fixes:
- |
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
The domain policies in ``policy.v3cloudsample.json`` policy file
have been removed in favor of better defaults in code. These policies
weren't tested exhaustively and were misleading to users and operators.