diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json index d9d31f9ddf..95f365f895 100644 --- a/etc/policy.v3cloudsample.json +++ b/etc/policy.v3cloudsample.json @@ -16,12 +16,6 @@ "identity:update_service": "rule:cloud_admin", "identity:delete_service": "rule:cloud_admin", - "identity:get_endpoint": "rule:admin_required", - "identity:list_endpoints": "rule:admin_required", - "identity:create_endpoint": "rule:cloud_admin", - "identity:update_endpoint": "rule:cloud_admin", - "identity:delete_endpoint": "rule:cloud_admin", - "identity:get_limit_model": "", "identity:get_limit": "", "identity:list_limits": "", diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py index df3178bcef..068ea78914 100644 --- a/keystone/tests/unit/test_policy.py +++ b/keystone/tests/unit/test_policy.py @@ -206,6 +206,11 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:list_regions', 'identity:update_region', 'identity:delete_region', + 'identity:create_endpoint', + 'identity:get_endpoint', + 'identity:list_endpoints', + 'identity:update_endpoint', + 'identity:delete_endpoint', 'identity:create_mapping', 'identity:get_mapping', 'identity:list_mappings', diff --git a/releasenotes/notes/bug-1804482-aa95619320d098fa.yaml b/releasenotes/notes/bug-1804482-aa95619320d098fa.yaml new file mode 100644 index 0000000000..fee90acd07 --- /dev/null +++ b/releasenotes/notes/bug-1804482-aa95619320d098fa.yaml @@ -0,0 +1,15 @@ +--- +upgrade: + - | + [`bug 1804482 `_] + The endpoint policies defined in ``policy.v3cloudsample.json`` have + been removed. These policies are now obsolete after incorporating + system-scope into the endpoint API and implementing default roles. +fixes: + - | + [`bug 1804482 `_] + The endpoint policies in ``policy.v3cloudsample.json`` policy file + have been removed in favor of better defaults in code. These + policies weren't tested exhaustively and were misleading to users + and operators. +