Remove obsolete idp policies from policy.v3cloudsample.json

Bug #1804517 reported by Lance Bragstad on 2018-11-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Lance Bragstad

Bug Description

Once support for scope types landed in the identity provider API policies, the policies in policy.v3cloudsample.json became obsolete [0][1].

We should add formal protection for the policies with enforce_scope = True in keystone.tests.unit.protection.v3 and remove the old policies from the v3 sample policy file.

This will reduce confusion by having a true default policy for identity providers.

[0] https://review.openstack.org/#/c/526145/
[1] https://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.v3cloudsample.json?id=fb73912d87b61c419a86c0a9415ebdcf1e186927#n198

tags: added: policy
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
description: updated

Related fix proposed to branch: master
Review: https://review.openstack.org/619372

Related fix proposed to branch: master
Review: https://review.openstack.org/619373

Related fix proposed to branch: master
Review: https://review.openstack.org/619374

Related fix proposed to branch: master
Review: https://review.openstack.org/619375

Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers