1d4e402528
This change makes the policy definitions for admin limit operations consistent with the other limit policies. Subsequent patches will incorporate: - domain user test coverage - project user test coverage Change-Id: Id3f6159af505fbe81ff83cfaa346f2178f2d8e77 Closes-Bug: 1805372 Related-Bug: 1805880
31 lines
1.2 KiB
YAML
31 lines
1.2 KiB
YAML
---
|
|
features:
|
|
- |
|
|
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
|
|
The registered limit and limit API now support the ``admin``,
|
|
``member``, and ``reader`` default roles.
|
|
upgrade:
|
|
- |
|
|
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
|
|
Several of the registered limit and limit policies have been
|
|
deprecated. The following policies now use ``role:admin and
|
|
system_scope:all`` instead of ``rule:admin_required``:
|
|
|
|
* ``identity:create_registered_limits``
|
|
* ``identity:update_registered_limit``
|
|
* ``identity:delete_registered_limit``
|
|
* ``identity:create_limits``
|
|
* ``identity:update_limit``
|
|
* ``identity:delete_limit``
|
|
|
|
These policies are not being formally deprecated because the
|
|
unified limits API is still considered experimental. These
|
|
new default automatically account for system-scope. Please
|
|
consider these new defaults if your deployment overrides the
|
|
registered limit or limit policies.
|
|
security:
|
|
- |
|
|
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
|
|
The registered limit and limit APIs now uses system-scope and default roles
|
|
to provide better accessibility to users in a secure way.
|