openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Colleen Murphy b100825a03 Move list_roles_for_trust enforcement to policies 
Without this change, policy enforcement for the GET
/OS-TRUST/trusts/{trust_id}/roles API is hardcoded in the flask
dispatcher code. This is a problem because this enforcement can't be
controlled by the operator, as is the norm. Moreover, it makes the
transition to system-scope and default-roles-aware policies more
difficult because there's no sensible migration from "" to a logical
role-based check string.

This converts the hardcoded enforcement to enforcement via default
policies for GET /OS-TRUST/trusts/{trust_id}/roles. The API specifically
blocks the is_admin user from using it, and since policies aren't loaded
for the is_admin user we need to continue explicitly blocking it.

This change does not use the formal oslo.policy deprecation system
because "" OR'd with the new default is entirely useless as a policy.

Change-Id: Ib339852c9d619b8cbf7a00d45da461377991ba6f
Partial-bug: #1818850
Partial-bug: #1818846
 		2019-08-16 15:20:15 -07:00
..
api Move list_roles_for_trust enforcement to policies 2019-08-16 15:20:15 -07:00
application_credential Add manager support for app cred access rules 2019-08-01 12:57:49 -07:00
assignment Merge "Remove [token]/ infer_roles" 2019-05-23 07:30:46 +00:00
auth Emit CADF notifications on authentication for invalid users 2018-10-25 17:43:37 -07:00
catalog Allow to filter endpoint groups by name 2019-07-18 08:57:50 +02:00
cmd Move list_roles_for_trust enforcement to policies 2019-08-16 15:20:15 -07:00
common Move list_roles_for_trust enforcement to policies 2019-08-16 15:20:15 -07:00
conf Merge "Deprecate keystone.conf.memcache socket_timeout" 2019-08-01 21:47:10 +00:00
credential Update misleading comment about fernet credential encryption 2019-06-20 15:13:06 +00:00
endpoint_policy Convert policy API to flask 2018-08-31 07:14:32 +00:00
federation Add new attribute to the federation protocol API 2019-07-19 10:46:23 -07:00
identity Fix missing print format and missing ws between words 2019-08-06 08:29:34 +08:00
limit Drop limit columns 2019-07-05 06:59:58 +00:00
locale Imported Translations from Zanata 2018-08-09 06:06:59 +00:00
models Allows to use application credentials through group membership 2019-08-06 09:54:09 -07:00
oauth1 Revert "Blacklist bandit 1.6.0" 2019-05-14 21:09:32 +00:00
policy Convert policy API to flask 2018-08-31 07:14:32 +00:00
receipt Change __all__ list to tuple 2018-11-07 16:40:02 -06:00
resource Allow an explicit_domain_id parameter when creating a domain 2019-04-09 16:29:52 +00:00
revoke Remove unused revoke_by_user_and_project 2018-09-14 04:08:01 +00:00
server Fix typo: RBACKEnforcer -> RBACEnforcer 2019-07-31 17:57:00 -07:00
tests Move list_roles_for_trust enforcement to policies 2019-08-16 15:20:15 -07:00
token Fix unscoped federated token formatter 2019-04-16 15:35:39 -07:00
trust Move redelegation fields out of extras 2019-04-12 20:27:34 -07:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Merge "Remove [signing] config" 2019-07-26 18:41:19 +00:00
i18n.py Update links in keystone 2017-09-12 15:18:13 +08:00
notifications.py Revert "Blacklist bandit 1.6.0" 2019-05-14 21:09:32 +00:00
version.py bump Keystone version for Stein 2019-01-22 15:34:06 +13:00