f3b69e4b4c
This change updates the policies for the regions API to include system administrators and includes appropriate test coverage. A subsequent set of patches will introduce test coverage for: - domains user test coverage - project users test coverage Related-Bug: 1804292 Closes-Bug: 1804446 Change-Id: I84dd7fc69a2eab9ab8c2130f26a2fb664d5663a5
30 lines
1.3 KiB
YAML
30 lines
1.3 KiB
YAML
---
|
|
features:
|
|
- |
|
|
[`bug 1804446 <https://bugs.launchpad.net/keystone/+bug/1804446>`_]
|
|
The regions API now supports the ``admin``, ``member``, and
|
|
``reader`` default roles.
|
|
upgrade:
|
|
- |
|
|
[`bug 1804446 <https://bugs.launchpad.net/keystone/+bug/1804446>`_]
|
|
The regions API uses new default policies that make it more
|
|
accessible to end users and administrators in a secure way. Please
|
|
consider these new defaults if your deployment overrides
|
|
region policies.
|
|
deprecations:
|
|
- |
|
|
[`bug 1804446 <https://bugs.launchpad.net/keystone/+bug/1804446>`_]
|
|
The ``identity:create_region``, ``identity:update_region``, and
|
|
``identity:delete_region`` policies now use ``role:admin and
|
|
system_scope:all`` instead of ``rule:admin_required``. These new
|
|
defaults automatically account for system-scope and support a
|
|
read-only role, making it easier for system administrators to delegate
|
|
subsets of responsibility without compromising security. Please
|
|
consider these new defaults if your deployment overrides the region
|
|
policies.
|
|
security:
|
|
- |
|
|
[`bug 1804446 <https://bugs.launchpad.net/keystone/+bug/1804446>`_]
|
|
The regions API now uses system-scope and default roles to
|
|
provide better accessibility to users in a secure way.
|