[MediaWiki-commits] [Gerrit] Keystone policy: restrict get_project to admins. - change (operations/puppet)

Andrew Bogott (Code Review) Mon, 07 Mar 2016 08:02:40 -0800

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/275512


Change subject: Keystone policy:  restrict get_project to admins.
......................................................................

Keystone policy:  restrict get_project to admins.

In Horizon, a get_project call requires admin access,
so permitting this produces a link that doesn't work.

I'm pretty sure that restricting this doesn't break anything
for anyone else.

Change-Id: Ic3ba30d4d2a3e59c0ec416c3fa6f2a3ac762d647
---
M modules/openstack/files/kilo/keystone/policy.json
M modules/openstack/files/liberty/keystone/policy.json
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/12/275512/1

diff --git a/modules/openstack/files/kilo/keystone/policy.json 
b/modules/openstack/files/kilo/keystone/policy.json
index d05dc71..a461c1a 100644
--- a/modules/openstack/files/kilo/keystone/policy.json
+++ b/modules/openstack/files/kilo/keystone/policy.json
@@ -35,7 +35,7 @@
     "identity:update_domain": "rule:admin_required",
     "identity:delete_domain": "rule:admin_required",
  
-    "identity:get_project": "",
+    "identity:get_project": "rule:admin_required",
     "identity:list_projects": "rule:admin_required",
     "identity:list_user_projects": "",
     "identity:create_project": "rule:admin_required",
diff --git a/modules/openstack/files/liberty/keystone/policy.json 
b/modules/openstack/files/liberty/keystone/policy.json
index d05dc71..a461c1a 100644
--- a/modules/openstack/files/liberty/keystone/policy.json
+++ b/modules/openstack/files/liberty/keystone/policy.json
@@ -35,7 +35,7 @@
     "identity:update_domain": "rule:admin_required",
     "identity:delete_domain": "rule:admin_required",
  
-    "identity:get_project": "",
+    "identity:get_project": "rule:admin_required",
     "identity:list_projects": "rule:admin_required",
     "identity:list_user_projects": "",
     "identity:create_project": "rule:admin_required",

-- 
To view, visit https://gerrit.wikimedia.org/r/275512
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic3ba30d4d2a3e59c0ec416c3fa6f2a3ac762d647
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Keystone policy: restrict get_project to admins. - change (operations/puppet)

Reply via email to