fix identity:get_identity_providers typo
Changes identity:get_identity_providers policy rule to identity:get_identity_provider to match what is checked by the code. Conflicts: keystone/common/policies/identity_provider.py There was a conflict backporting this change since the policy-in-code work in new in Pike. The conflict was resolved by removing the policy-in-code change and making it manually against the old etc/policy.json file. Change-Id: I0841abd30fd15c034b5836e42a18938634b509b1 Closes-Bug: #1703369 (cherry picked from commitb7119637a0
) (cherry picked from commit8038f545da
)
This commit is contained in:
parent
c1a8abb9f8
commit
bd49c3ef6d
|
@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project DELETE /v3/OS-EP-FILT
|
|||
|
||||
identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers
|
||||
identity:get_identity_providers GET /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
identity:get_identity_provider GET /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
|
||||
|
||||
|
|
|
@ -147,7 +147,7 @@
|
|||
|
||||
"identity:create_identity_provider": "rule:admin_required",
|
||||
"identity:list_identity_providers": "rule:admin_required",
|
||||
"identity:get_identity_providers": "rule:admin_required",
|
||||
"identity:get_identity_provider": "rule:admin_required",
|
||||
"identity:update_identity_provider": "rule:admin_required",
|
||||
"identity:delete_identity_provider": "rule:admin_required",
|
||||
|
||||
|
|
|
@ -172,7 +172,7 @@
|
|||
|
||||
"identity:create_identity_provider": "rule:cloud_admin",
|
||||
"identity:list_identity_providers": "rule:cloud_admin",
|
||||
"identity:get_identity_providers": "rule:cloud_admin",
|
||||
"identity:get_identity_provider": "rule:cloud_admin",
|
||||
"identity:update_identity_provider": "rule:cloud_admin",
|
||||
"identity:delete_identity_provider": "rule:cloud_admin",
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
[`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_]
|
||||
There was a typo for the identity:get_identity_provider rule in the
|
||||
default ``policy.json`` file in previous releases. The default value for
|
||||
that rule was the same as the default value for the default rule
|
||||
(restricted to admin) so this typo was not readily apparent. Anyone
|
||||
customizing this rule should review their settings and confirm that
|
||||
they did not copy that typo. More context regarding the purpose of this
|
||||
backport can be found in the bug report.
|
Loading…
Reference in New Issue