bb141b1fb4
The policies contained in policy.v3cloudsample.json pre-dated any of the work to move policy defaults into code. Since deploying a policy file is now optional, we can remove the redundant policies from this file and make it more maintainable by not repeating ourselves and violating the DRY principal. The only policies left are ones that are testing workarounds for bug 968696. Meanwhile, we're pursuing fixes for scope types and default roles: http://tinyurl.com/y5kj6fn9 These fixes are specific to certain resources to make reviews more understandable for reviewers. As fixes for those bugs land, we will be removing the remaining checks in this file, since the behavior will be captured in new default check strings or in code. Eventually, we will delete this file entirely since we will have defaults in code that work for `admins`, `members`, and `readers` on projects, domains, and the deployment system. Change-Id: Ibbabe8fdc7989f15aa0edda2bf7b550a0dc16f83 Partial-Bug: 1806762 |
||
|---|---|---|
| .. | ||
| default_catalog.templates | ||
| logging.conf.sample | ||
| policy.v3cloudsample.json | ||
| README.txt | ||
| sso_callback_template.html | ||
To generate the sample keystone.conf and keystone.policy.yaml files, run the
following commands from the top level of the keystone directory:
tox -egenconfig
tox -egenpolicy
For a pre-generated example of the latest files, see:
https://docs.openstack.org/keystone/latest/configuration/samples/index.html