Merge "Remove mapping policies from policy.v3cloudsample.json"

This commit is contained in:
Zuul 2019-02-21 08:59:24 +00:00 committed by Gerrit Code Review
commit 1d0c87cbb2
3 changed files with 20 additions and 7 deletions

View File

@ -195,12 +195,6 @@
"identity:list_protocols": "rule:cloud_admin",
"identity:delete_protocol": "rule:cloud_admin",
"identity:create_mapping": "rule:cloud_admin",
"identity:get_mapping": "rule:cloud_admin",
"identity:list_mappings": "rule:cloud_admin",
"identity:delete_mapping": "rule:cloud_admin",
"identity:update_mapping": "rule:cloud_admin",
"identity:get_auth_catalog": "",
"identity:get_auth_projects": "",
"identity:get_auth_domains": "",

View File

@ -200,7 +200,12 @@ class PolicyJsonTestCase(unit.TestCase):
'identity:get_region',
'identity:list_regions',
'identity:update_region',
'identity:delete_region'
'identity:delete_region',
'identity:create_mapping',
'identity:get_mapping',
'identity:list_mappings',
'identity:update_mapping',
'identity:delete_mapping'
]
policy_keys = self._get_default_policy_rules()
for p in removed_policies:

View File

@ -0,0 +1,14 @@
---
upgrade:
- |
[`bug 1804519 <https://bugs.launchpad.net/keystone/+bug/1804519>`_]
The federated mapping policies defined in ``policy.v3cloudsample.json``
have been removed. These policies are now obsolete after incorporating
system-scope into the mapping API and implementing default roles.
fixes:
- |
[`bug 1804519 <https://bugs.launchpad.net/keystone/+bug/1804519>`_]
The federated mapping policies in ``policy.v3cloudsample.json`` policy file
have been removed in favor of better defaults in code. These policies
weren't tested exhaustively and were misleading to users and operators.