27 lines
1.4 KiB
YAML
27 lines
1.4 KiB
YAML
---
|
|
upgrade:
|
|
- |
|
|
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
|
|
The domain policies defined in ``policy.v3cloudsample.json``
|
|
have been removed. These policies are now obsolete after incorporating
|
|
system-scope into the domain API and implementing default roles.
|
|
Additionally, the ``identity:get_domain`` policy in
|
|
``policy.v3cloudsample.json`` has been relaxed slightly to allow all
|
|
users with role assignments on a domain to retrieve that domain,
|
|
as opposed to only allowing users with the ``admin`` role to access
|
|
that policy.
|
|
|
|
All policies in ``policy.v3cloudsample.json`` that are redundant with the
|
|
defaults in code have been removed. This improves maintainability and
|
|
leaves the ``policy.v3cloudsample.json`` policy file with only
|
|
overrides. These overrides will eventually be moved into code or new
|
|
defaults in keystone directly. If you're using the policies removed
|
|
from ``policy.v3cloudsample.json`` please check to see if you can migrate
|
|
to the new defaults or continue maintaining the policy as an override.
|
|
fixes:
|
|
- |
|
|
[`bug 1806762 <https://bugs.launchpad.net/keystone/+bug/1806762>`_]
|
|
The domain policies in ``policy.v3cloudsample.json`` policy file
|
|
have been removed in favor of better defaults in code. These policies
|
|
weren't tested exhaustively and were misleading to users and operators.
|