Remove obsolete protocol policies from policy.v3cloudsample.json

Bug #1804518 reported by Lance Bragstad on 2018-11-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Lance Bragstad

Bug Description

Once support for scope types landed in the protocol API policies, the policies in policy.v3cloudsample.json became obsolete [0][1].

We should add formal protection for the policies with enforce_scope = True in keystone.tests.unit.protection.v3 and remove the old policies from the v3 sample policy file.

This will reduce confusion by having a true default policy for protocols.

[0] https://review.openstack.org/#/c/526161/
[1] https://git.openstack.org/cgit/openstack/keystone/tree/etc/policy.v3cloudsample.json?id=fb73912d87b61c419a86c0a9415ebdcf1e186927#n204

Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
tags: added: policy
Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: Triaged → In Progress

Reviewed: https://review.openstack.org/625357
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=24b8db9e064713e7350f83cd77ed197b050b1fe1
Submitter: Zuul
Branch: master

commit 24b8db9e064713e7350f83cd77ed197b050b1fe1
Author: Lance Bragstad <email address hidden>
Date: Fri Dec 14 21:54:42 2018 +0000

    Remove protocol policies from v3cloudsample.json

    By incorporating system-scope and default roles, we've effectively
    made these policies obsolete. We can simplify what we maintain and
    provide a more consistent, unified view of default protocol
    behavior by removing them.

    Related-Bug: 1806762
    Closes-Bug: 1804518
    Change-Id: Ia839555d8211596213311c4246135cdae4f46ab2

Changed in keystone:
status: In Progress → Fix Released
Colleen Murphy (krinkle) on 2019-03-02
Changed in keystone:
milestone: none → stein-3

This issue was fixed in the openstack/keystone 15.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers