openstack
/
keystone
Code Issues Proposed changes

Merge "Reuse common system role definitions for roles API"

This commit is contained in:
Zuul 2019-02-22 15:00:22 +00:00 committed by Gerrit Code Review
parent fd4b8c586d d437365444
commit 2a380f001e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keystone/common/policies/role.py
View File

@ -35,7 +35,7 @@ relying on overrides in your deployment for the role API.
role_policies = [
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'get_role',
check_str='role:reader',
check_str=base.SYSTEM_READER,
# FIXME(lbragstad): Roles should be considered a system-level resource.
# The current RBAC design of OpenStack requires configuration
# modification depending on the roles created in keystone. Once that is
@ -52,7 +52,7 @@ role_policies = [
deprecated_since=versionutils.deprecated.STEIN),
policy.DocumentedRuleDefault(
name=base.IDENTITY % 'list_roles',
check_str='role:reader',
check_str=base.SYSTEM_READER,
scope_types=['system'],
description='List roles.',
operations=[{'path': '/v3/roles',