openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/common/policies
History
Lance Bragstad 72bedeba7f Make system members the same as system readers for credentials 
It was decided some time ago that allowing system-members the ability
to do certain things that system-readers can't do, but not as much as
system-admins, isn't really all that helpful.

Unfortunately, the credential API was one of the first APIs we
migrated to formally adopting scope types and default roles. The
credential update policy was still allowing system-members to access
it, despite us deciding against it.

This commit updates the policy to be consistent with the patterns we
use for default roles across the rest of keystone's API.

Change-Id: If11ded59cb191a4d8bf531689b8827c3bfbb39fa
 		2019-03-05 21:25:16 +00:00
..
__init__.py Add Application Credentials controller 2018-01-27 11:55:05 +01:00
access_token.py Add scope_types to oauth policies 2018-01-05 22:25:05 +00:00
application_credential.py Add Application Credentials controller 2018-01-27 11:55:05 +01:00
auth.py Implement GET /v3/auth/system 2018-01-24 01:09:16 +00:00
base.py Add scope checks to common system role definitions 2018-12-18 21:20:29 +00:00
consumer.py Add scope_types to oauth policies 2018-01-05 22:25:05 +00:00
credential.py Make system members the same as system readers for credentials 2019-03-05 21:25:16 +00:00
domain.py Allow project users to retrieve domains 2019-01-21 20:46:05 +00:00
domain_config.py Add scope_types to domain config policies 2018-01-19 20:17:30 +00:00
ec2_credential.py Document scope_types for ec2 policies 2018-01-19 22:30:35 +00:00
endpoint.py Update endpoint policies for system admin 2019-01-08 22:32:20 +00:00
endpoint_group.py Add scope_types to endpoint group policies 2018-01-05 21:47:10 +00:00
grant.py Merge "Add scope_types to grant policies" 2018-01-26 21:48:27 +00:00
group.py Implement system admin role in groups API 2019-02-11 17:50:03 +00:00
identity_provider.py Update idp policies for system admin 2019-01-08 22:15:32 +00:00
implied_role.py Add scope_types to implied role policies 2018-01-04 21:32:18 +00:00
limit.py Add domain level limit support - API 2019-02-19 11:09:13 +08:00
mapping.py Update mapping policies for system admin 2019-01-08 22:26:20 +00:00
policy.py Add scope_types for policy policies 2018-01-05 22:25:55 +00:00
policy_association.py Add scope_types to policy association policies 2018-01-04 20:37:30 +00:00
project.py Implement system admin role in project API 2019-01-07 20:48:11 +00:00
project_endpoint.py Add scope_types to project endpoint policies 2018-01-04 21:04:09 +00:00
protocol.py Implement system admin role in protocol API 2019-01-08 20:39:34 +00:00
region.py Add tests for domain users interacting with regions 2019-02-11 17:51:10 +00:00
registered_limit.py Allow domain users to access the registered limits API 2019-01-08 18:16:07 +00:00
revoke_event.py Add scope_types for revoke event policies 2018-01-04 21:14:16 +00:00
role.py Update role policies for system admin 2019-01-08 20:48:28 +00:00
role_assignment.py Implement system reader for role_assignments 2019-02-27 15:52:18 +00:00
service.py Update service policies for system admin 2019-02-22 16:53:52 +00:00
service_provider.py Update service provider policies for system admin 2019-01-04 17:58:31 +00:00
token.py Remove v2.0 policies 2018-02-20 22:38:17 +00:00
token_revocation.py Add scope_types to token revocation policies 2018-01-05 21:53:24 +00:00
trust.py Add scope_types to trust policies 2018-01-23 16:36:24 +00:00
user.py Implement system admin role in users API 2019-02-04 19:56:01 +00:00