fix identity:get_identity_providers typo

Changes identity:get_identity_providers policy rule to
identity:get_identity_provider to match what is checked by the code.

Conflicts:
  keystone/common/policies/identity_provider.py

There was a conflict backporting this change since the policy-in-code
work in new in Pike. The conflict was resolved by removing the
policy-in-code change and making it manually against the old
etc/policy.json file.

Change-Id: I0841abd30fd15c034b5836e42a18938634b509b1
Closes-Bug: #1703369
(cherry picked from commit b7119637a0)
(cherry picked from commit 8038f545da)
This commit is contained in:
Matthew Edmonds 2017-07-10 09:20:18 -04:00 committed by Lance Bragstad
parent c1a8abb9f8
commit bd49c3ef6d
4 changed files with 14 additions and 3 deletions

View File

@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project DELETE /v3/OS-EP-FILT
identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers
identity:get_identity_providers GET /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:get_identity_provider GET /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}
identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}

View File

@ -147,7 +147,7 @@
"identity:create_identity_provider": "rule:admin_required",
"identity:list_identity_providers": "rule:admin_required",
"identity:get_identity_providers": "rule:admin_required",
"identity:get_identity_provider": "rule:admin_required",
"identity:update_identity_provider": "rule:admin_required",
"identity:delete_identity_provider": "rule:admin_required",

View File

@ -172,7 +172,7 @@
"identity:create_identity_provider": "rule:cloud_admin",
"identity:list_identity_providers": "rule:cloud_admin",
"identity:get_identity_providers": "rule:cloud_admin",
"identity:get_identity_provider": "rule:cloud_admin",
"identity:update_identity_provider": "rule:cloud_admin",
"identity:delete_identity_provider": "rule:cloud_admin",

View File

@ -0,0 +1,11 @@
---
security:
- |
[`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_]
There was a typo for the identity:get_identity_provider rule in the
default ``policy.json`` file in previous releases. The default value for
that rule was the same as the default value for the default rule
(restricted to admin) so this typo was not readily apparent. Anyone
customizing this rule should review their settings and confirm that
they did not copy that typo. More context regarding the purpose of this
backport can be found in the bug report.