Andrew Bogott has submitted this change and it was merged.
Change subject: Keystone policy.json: Allow anyone to read endpoints or
services.
......................................................................
Keystone policy.json: Allow anyone to read endpoints or services.
This is already effectively public since the catalog is public,
but it's useful to be able to query these specifically.
Change-Id: If59cb262b76b214d66a8a6cc3e5bf08d013861a6
---
M modules/openstack/files/kilo/keystone/policy.json
M modules/openstack/files/liberty/keystone/policy.json
2 files changed, 8 insertions(+), 8 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/openstack/files/kilo/keystone/policy.json
b/modules/openstack/files/kilo/keystone/policy.json
index a461c1a..16c5a6f 100644
--- a/modules/openstack/files/kilo/keystone/policy.json
+++ b/modules/openstack/files/kilo/keystone/policy.json
@@ -17,14 +17,14 @@
"identity:update_region": "rule:admin_required",
"identity:delete_region": "rule:admin_required",
- "identity:get_service": "rule:admin_required",
- "identity:list_services": "rule:admin_required",
+ "identity:get_service": "",
+ "identity:list_services": "",
"identity:create_service": "rule:admin_required",
"identity:update_service": "rule:admin_required",
"identity:delete_service": "rule:admin_required",
- "identity:get_endpoint": "rule:admin_required",
- "identity:list_endpoints": "rule:admin_required",
+ "identity:get_endpoint": "",
+ "identity:list_endpoints": "",
"identity:create_endpoint": "rule:admin_required",
"identity:update_endpoint": "rule:admin_required",
"identity:delete_endpoint": "rule:admin_required",
diff --git a/modules/openstack/files/liberty/keystone/policy.json
b/modules/openstack/files/liberty/keystone/policy.json
index a461c1a..16c5a6f 100644
--- a/modules/openstack/files/liberty/keystone/policy.json
+++ b/modules/openstack/files/liberty/keystone/policy.json
@@ -17,14 +17,14 @@
"identity:update_region": "rule:admin_required",
"identity:delete_region": "rule:admin_required",
- "identity:get_service": "rule:admin_required",
- "identity:list_services": "rule:admin_required",
+ "identity:get_service": "",
+ "identity:list_services": "",
"identity:create_service": "rule:admin_required",
"identity:update_service": "rule:admin_required",
"identity:delete_service": "rule:admin_required",
- "identity:get_endpoint": "rule:admin_required",
- "identity:list_endpoints": "rule:admin_required",
+ "identity:get_endpoint": "",
+ "identity:list_endpoints": "",
"identity:create_endpoint": "rule:admin_required",
"identity:update_endpoint": "rule:admin_required",
"identity:delete_endpoint": "rule:admin_required",
--
To view, visit https://gerrit.wikimedia.org/r/278080
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If59cb262b76b214d66a8a6cc3e5bf08d013861a6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
