summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Edmonds <edmondsw@us.ibm.com>2017-07-10 09:20:18 -0400
committerLance Bragstad <lbragstad@gmail.com>2017-07-20 18:25:30 +0000
commitbd49c3ef6daa474e9c84c0d8721c0f6812ee3d2c (patch)
tree1bb447b68c60bc9b56ba1c74fb03ef5f1b931156
parentc1a8abb9f813b4c81151a9247e16ef069a8ae538 (diff)
fix identity:get_identity_providers typonewton-eol10.0.3
Changes identity:get_identity_providers policy rule to identity:get_identity_provider to match what is checked by the code. Conflicts: keystone/common/policies/identity_provider.py There was a conflict backporting this change since the policy-in-code work in new in Pike. The conflict was resolved by removing the policy-in-code change and making it manually against the old etc/policy.json file. Change-Id: I0841abd30fd15c034b5836e42a18938634b509b1 Closes-Bug: #1703369 (cherry picked from commit b7119637a04d0a07fa6419a407f433c01bbd1db2) (cherry picked from commit 8038f545daa31354e08a4063209295439005c0b8)
Notes
Notes (review): Code-Review+1: Matthew Edmonds <edmondsw@us.ibm.com> Code-Review+2: Morgan Fainberg <morgan.fainberg@gmail.com> Workflow+1: Morgan Fainberg <morgan.fainberg@gmail.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Fri, 21 Jul 2017 00:12:58 +0000 Reviewed-on: https://review.openstack.org/485695 Project: openstack/keystone Branch: refs/heads/stable/newton
-rw-r--r--doc/source/policy_mapping.rst2
-rw-r--r--etc/policy.json2
-rw-r--r--etc/policy.v3cloudsample.json2
-rw-r--r--releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml11
4 files changed, 14 insertions, 3 deletions
diff --git a/doc/source/policy_mapping.rst b/doc/source/policy_mapping.rst
index 71f87fd..9857089 100644
--- a/doc/source/policy_mapping.rst
+++ b/doc/source/policy_mapping.rst
@@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project DELETE /v3/OS-EP-FILT
146 146
147identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id} 147identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
148identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers 148identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers
149identity:get_identity_providers GET /v3/OS-FEDERATION/identity_providers/{idp_id} 149identity:get_identity_provider GET /v3/OS-FEDERATION/identity_providers/{idp_id}
150identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id} 150identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
151identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id} 151identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}
152 152
diff --git a/etc/policy.json b/etc/policy.json
index 1e37bef..8cde9ed 100644
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -147,7 +147,7 @@
147 147
148 "identity:create_identity_provider": "rule:admin_required", 148 "identity:create_identity_provider": "rule:admin_required",
149 "identity:list_identity_providers": "rule:admin_required", 149 "identity:list_identity_providers": "rule:admin_required",
150 "identity:get_identity_providers": "rule:admin_required", 150 "identity:get_identity_provider": "rule:admin_required",
151 "identity:update_identity_provider": "rule:admin_required", 151 "identity:update_identity_provider": "rule:admin_required",
152 "identity:delete_identity_provider": "rule:admin_required", 152 "identity:delete_identity_provider": "rule:admin_required",
153 153
diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json
index 2facd21..815aa90 100644
--- a/etc/policy.v3cloudsample.json
+++ b/etc/policy.v3cloudsample.json
@@ -172,7 +172,7 @@
172 172
173 "identity:create_identity_provider": "rule:cloud_admin", 173 "identity:create_identity_provider": "rule:cloud_admin",
174 "identity:list_identity_providers": "rule:cloud_admin", 174 "identity:list_identity_providers": "rule:cloud_admin",
175 "identity:get_identity_providers": "rule:cloud_admin", 175 "identity:get_identity_provider": "rule:cloud_admin",
176 "identity:update_identity_provider": "rule:cloud_admin", 176 "identity:update_identity_provider": "rule:cloud_admin",
177 "identity:delete_identity_provider": "rule:cloud_admin", 177 "identity:delete_identity_provider": "rule:cloud_admin",
178 178
diff --git a/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml
new file mode 100644
index 0000000..2d93d16
--- /dev/null
+++ b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml
@@ -0,0 +1,11 @@
1---
2security:
3 - |
4 [`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_]
5 There was a typo for the identity:get_identity_provider rule in the
6 default ``policy.json`` file in previous releases. The default value for
7 that rule was the same as the default value for the default rule
8 (restricted to admin) so this typo was not readily apparent. Anyone
9 customizing this rule should review their settings and confirm that
10 they did not copy that typo. More context regarding the purpose of this
11 backport can be found in the bug report.