Fix incorrect policy rules
The template for Rocky+ contains incorrect policy rules. user_id and domain_id are not rules and are built-in to oslo.policy. Change-Id: Ia8678063ad332731c5d09dc908f0282a91badb4d Closes-Bug: #1827526
This commit is contained in:
parent
4573def42a
commit
2e927f2c42
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"admin_required": "role:Admin",
|
||||
"cloud_admin": "rule:admin_required and rule:domain_id:{{ admin_domain_id }}",
|
||||
"cloud_admin": "rule:admin_required and domain_id:{{ admin_domain_id }}",
|
||||
"service_role": "role:service",
|
||||
"service_or_admin": "rule:admin_required or rule:service_role",
|
||||
"owner" : "rule:user_id:%(user_id)s or rule:user_id:%(target.token.user_id)s",
|
||||
"admin_or_owner": "(rule:admin_required and rule:domain_id:%(target.token.user.domain.id)s) or rule:owner",
|
||||
"admin_and_matching_domain_id": "rule:admin_required and rule:domain_id:%(domain_id)s",
|
||||
"owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",
|
||||
"admin_or_owner": "(rule:admin_required and domain_id:%(target.token.user.domain.id)s) or rule:owner",
|
||||
"admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s",
|
||||
"service_admin_or_owner": "rule:service_or_admin or rule:owner",
|
||||
|
||||
"default": "rule:admin_required",
|
||||
|
@ -130,7 +130,7 @@
|
|||
"identity:revocation_list": "rule:service_or_admin",
|
||||
"identity:revoke_token": "rule:admin_or_owner",
|
||||
|
||||
"identity:create_trust": "rule:user_id:%(trust.trustor_user_id)s",
|
||||
"identity:create_trust": "user_id:%(trust.trustor_user_id)s",
|
||||
"identity:list_trusts": "",
|
||||
"identity:list_roles_for_trust": "",
|
||||
"identity:get_role_for_trust": "",
|
||||
|
|
Loading…
Reference in New Issue