Merge "Remove registered limit policies from policy.v3cloudsample.json"

etc/policy.v3cloudsample.json

@@ -28,12 +28,6 @@
     "identity:update_endpoint": "rule:cloud_admin",
     "identity:delete_endpoint": "rule:cloud_admin",
 
-    "identity:get_registered_limit": "",
-    "identity:list_registered_limits": "",
-    "identity:create_registered_limits": "rule:admin_required",
-    "identity:update_registered_limit": "rule:admin_required",
-    "identity:delete_registered_limit": "rule:admin_required",
-
     "identity:get_limit_model": "",
     "identity:get_limit": "",
     "identity:list_limits": "",

keystone/tests/unit/test_policy.py

@@ -185,7 +185,12 @@ class PolicyJsonTestCase(unit.TestCase):
             'identity:get_credential',
             'identity:list_credentials',
             'identity:update_credential',
-            'identity:delete_credential'
+            'identity:delete_credential',
+            'identity:create_registered_limits',
+            'identity:get_registered_limit',
+            'identity:list_registered_limits',
+            'identity:update_registered_limit',
+            'identity:delete_registered_limit'
         ]
         policy_keys = self._get_default_policy_rules()
         for p in removed_policies:

releasenotes/notes/bug-1805880-3fc6b30309a4370f.yaml

@@ -0,0 +1,14 @@
+---
+upgrade:
+  - |
+    [`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_]
+    The registered limit policies defined in ``policy.v3cloudsample.json``
+    have been removed. These policies are now obsolete after incorporating
+    system-scope into the registered limit API and implementing default roles.
+fixes:
+  - |
+    [`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_]
+    The registered limit policies in ``policy.v3cloudsample.json`` policy
+    file have been removed in favor of better defaults in code. These
+    policies weren't tested exhaustively and were misleading to users
+    and operators.