diff options
| -rw-r--r-- | etc/policy.v3cloudsample.json | 5 | ||||
| -rw-r--r-- | keystone/tests/unit/test_policy.py | 4 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1805880-0032024ea6b83563.yaml | 14 |
3 files changed, 18 insertions, 5 deletions
diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json index 8b82c1cf6..8e1273227 100644 --- a/etc/policy.v3cloudsample.json +++ b/etc/policy.v3cloudsample.json @@ -8,11 +8,6 @@ "default": "rule:admin_required", - "identity:get_limit": "", - "identity:create_limits": "rule:admin_required", - "identity:update_limit": "rule:admin_required", - "identity:delete_limit": "rule:admin_required", - "domain_admin_matches_domain_role": "rule:admin_required and domain_id:%(role.domain_id)s", "get_domain_roles": "rule:domain_admin_matches_target_domain_role or rule:project_admin_matches_target_domain_role", "domain_admin_matches_target_domain_role": "rule:admin_required and domain_id:%(target.role.domain_id)s", diff --git a/keystone/tests/unit/test_policy.py b/keystone/tests/unit/test_policy.py index bc1e1805e..fe0b8bba2 100644 --- a/keystone/tests/unit/test_policy.py +++ b/keystone/tests/unit/test_policy.py @@ -206,6 +206,7 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:create_group', 'identity:create_identity_provider', 'identity:create_implied_role', + 'identity:create_limits', 'identity:create_mapping', 'identity:create_policy', 'identity:create_policy_association_for_endpoint', @@ -237,6 +238,7 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:delete_identity_provider', 'identity:delete_implied_role', 'identity:delete_mapping', + 'identity:delete_limit', 'identity:delete_policy', 'identity:delete_policy_association_for_endpoint', 'identity:delete_policy_association_for_region_and_service', @@ -276,6 +278,7 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:get_group', 'identity:get_identity_provider', 'identity:get_implied_role', + 'identity:get_limit', 'identity:get_limit_model', 'identity:get_mapping', 'identity:get_policy', @@ -354,6 +357,7 @@ class PolicyJsonTestCase(unit.TestCase): 'identity:update_endpoint_group', 'identity:update_group', 'identity:update_identity_provider', + 'identity:update_limit', 'identity:update_mapping', 'identity:update_policy', 'identity:update_project', diff --git a/releasenotes/notes/bug-1805880-0032024ea6b83563.yaml b/releasenotes/notes/bug-1805880-0032024ea6b83563.yaml new file mode 100644 index 000000000..b00e4f680 --- /dev/null +++ b/releasenotes/notes/bug-1805880-0032024ea6b83563.yaml @@ -0,0 +1,14 @@ +--- +upgrade: + - | + [`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_] + The limit policies defined in ``policy.v3cloudsample.json`` + have been removed. These policies are now obsolete after incorporating + system-scope into the limit API and implementing default roles. +fixes: + - | + [`bug 1805880 <https://bugs.launchpad.net/keystone/+bug/1805880>`_] + The limit policies in ``policy.v3cloudsample.json`` policy + file have been removed in favor of better defaults in code. These + policies weren't tested exhaustively and were misleading to users + and operators. |