ea7acd8036
Currently, the trusts API only allows the "project" scope type, and
moreover inconsistently enforces different actions based on admin status
or trustor/trustee relationship: for example, an "admin" can list all
trusts but not filter by trustor or trustee and cannot get details for a
single trust, not can they list or get trust roles. This patch changes
the behavior of the trusts API to allow a system reader to list and get
details for trusts and trust roles, where previously only a trustor or
trustee could do so. This helps make the different actions in the trusts
API consistent with one another and makes the API more useful to a
deployment auditor. A subsequent patch will add system admin
functionality.
This change does not use the oslo.policy deprecation feature for the
'identity:list_trusts_for_trustor' or 'identity:list_trusts_for_trustee'
policies as those are new policies introduced in
|
||
---|---|---|
.. | ||
v3 | ||
__init__.py |