[MediaWiki-commits] [Gerrit] operations/puppet[production]: Keystone: Make the project list public
Andrew Bogott has submitted this change and it was merged. Change subject: Keystone: Make the project list public .. Keystone: Make the project list public This will allow the 'observer' role (which has no explicit rights) to enumerate projects. Bug: T150092 Change-Id: Ica7a4cc14b2ae581fcaa270fb01d93b98565df62 --- M modules/openstack/files/liberty/keystone/policy.json M modules/openstack/files/mitaka/keystone/policy.json 2 files changed, 2 insertions(+), 2 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/files/liberty/keystone/policy.json b/modules/openstack/files/liberty/keystone/policy.json index 7d7910a..e0cde3e 100644 --- a/modules/openstack/files/liberty/keystone/policy.json +++ b/modules/openstack/files/liberty/keystone/policy.json @@ -34,7 +34,7 @@ "identity:delete_domain": "rule:admin_required", "identity:get_project": "rule:admin_required", -"identity:list_projects": "rule:admin_required", +"identity:list_projects": "", "identity:list_user_projects": "", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", diff --git a/modules/openstack/files/mitaka/keystone/policy.json b/modules/openstack/files/mitaka/keystone/policy.json index 7d7910a..e0cde3e 100644 --- a/modules/openstack/files/mitaka/keystone/policy.json +++ b/modules/openstack/files/mitaka/keystone/policy.json @@ -34,7 +34,7 @@ "identity:delete_domain": "rule:admin_required", "identity:get_project": "rule:admin_required", -"identity:list_projects": "rule:admin_required", +"identity:list_projects": "", "identity:list_user_projects": "", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", -- To view, visit https://gerrit.wikimedia.org/r/320826 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ica7a4cc14b2ae581fcaa270fb01d93b98565df62 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott Gerrit-Reviewer: Alex Monk Gerrit-Reviewer: Andrew Bogott Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Keystone: Make the project list public
Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/320826 Change subject: Keystone: Make the project list public .. Keystone: Make the project list public This will allow the 'observer' role (which has no explicit rights) to enumerate projects. Bug: T150092 Change-Id: Ica7a4cc14b2ae581fcaa270fb01d93b98565df62 --- M modules/openstack/files/liberty/keystone/policy.json M modules/openstack/files/mitaka/keystone/policy.json 2 files changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/26/320826/1 diff --git a/modules/openstack/files/liberty/keystone/policy.json b/modules/openstack/files/liberty/keystone/policy.json index 7d7910a..e0cde3e 100644 --- a/modules/openstack/files/liberty/keystone/policy.json +++ b/modules/openstack/files/liberty/keystone/policy.json @@ -34,7 +34,7 @@ "identity:delete_domain": "rule:admin_required", "identity:get_project": "rule:admin_required", -"identity:list_projects": "rule:admin_required", +"identity:list_projects": "", "identity:list_user_projects": "", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", diff --git a/modules/openstack/files/mitaka/keystone/policy.json b/modules/openstack/files/mitaka/keystone/policy.json index 7d7910a..e0cde3e 100644 --- a/modules/openstack/files/mitaka/keystone/policy.json +++ b/modules/openstack/files/mitaka/keystone/policy.json @@ -34,7 +34,7 @@ "identity:delete_domain": "rule:admin_required", "identity:get_project": "rule:admin_required", -"identity:list_projects": "rule:admin_required", +"identity:list_projects": "", "identity:list_user_projects": "", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", -- To view, visit https://gerrit.wikimedia.org/r/320826 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ica7a4cc14b2ae581fcaa270fb01d93b98565df62 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits