openstack/keystone
Code Issues Proposed changes
72bedeba7f
keystone/keystone
History
Lance Bragstad 72bedeba7f Make system members the same as system readers for credentials 
It was decided some time ago that allowing system-members the ability
to do certain things that system-readers can't do, but not as much as
system-admins, isn't really all that helpful.

Unfortunately, the credential API was one of the first APIs we
migrated to formally adopting scope types and default roles. The
credential update policy was still allowing system-members to access
it, despite us deciding against it.

This commit updates the policy to be consistent with the patterns we
use for default roles across the rest of keystone's API.

Change-Id: If11ded59cb191a4d8bf531689b8827c3bfbb39fa
2019-03-05 21:25:16 +00:00
..
api Merge "Add domain level limit support - API" 2019-03-01 12:28:18 +00:00
application_credential Fix app_cred schema spell nit 2019-01-10 17:09:39 +08:00
assignment Replace 'tenant_id' with 'project_id' 2019-02-04 16:17:52 +01:00
auth Emit CADF notifications on authentication for invalid users 2018-10-25 17:43:37 -07:00
catalog Region update extra support 2018-11-07 22:57:11 +00:00
cmd Merge "Replace 'tenant_id' with 'project_id'" 2019-02-05 04:04:48 +00:00
common Make system members the same as system readers for credentials 2019-03-05 21:25:16 +00:00
conf Merge "Implement JWS token provider" 2019-02-22 03:53:02 +00:00
credential Incorrect use of translation _() 2018-09-03 21:52:56 +05:30
endpoint_policy Convert policy API to flask 2018-08-31 07:14:32 +00:00
federation Fix wrong example for direct_maps 2019-02-11 22:46:48 +05:30
identity Merge "PY3: switch to using unicode text values" 2019-01-30 22:43:53 +00:00
limit Add domain level support for strict-two-level-model 2019-02-19 11:09:13 +08:00
locale Imported Translations from Zanata 2018-08-09 06:06:59 +00:00
models Add missing ws seperator between words 2018-11-19 14:36:40 +08:00
oauth1 Convert /v3/users to flask native dispatching 2018-10-11 15:27:45 -07:00
policy Convert policy API to flask 2018-08-31 07:14:32 +00:00
receipt Change __all__ list to tuple 2018-11-07 16:40:02 -06:00
resource Update project depth check 2019-02-19 11:09:13 +08:00
revoke Remove unused revoke_by_user_and_project 2018-09-14 04:08:01 +00:00
server populate request context with X.509 tokenless cred information 2019-02-11 09:21:15 -08:00
tests Make system members the same as system readers for credentials 2019-03-05 21:25:16 +00:00
token Merge "Implement JWS token provider" 2019-02-22 03:53:02 +00:00
trust Add abstract method in trusts base.py 2018-11-07 08:43:39 +05:30
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Implement auth receipts spec 2018-11-02 15:06:19 +01:00
i18n.py Update links in keystone 2017-09-12 15:18:13 +08:00
notifications.py Added request_id and global_request_id to basic notifications 2019-02-06 09:50:20 +03:00
version.py bump Keystone version for Stein 2019-01-22 15:34:06 +13:00