Reviewed: https://review.opendev.org/682266 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d4a6023de5bdfe5a6e9214579a35e083a45c1151 Submitter: Zuul Branch: master
commit d4a6023de5bdfe5a6e9214579a35e083a45c1151 Author: Lance Bragstad <[email protected]> Date: Mon Sep 16 02:52:12 2019 +0000 Remove policy.v3cloudsample.json We've make all the default policies keystone supports better by incorporating default roles and scope types. These changes have made the ``policy.v3cloudsample.json`` file obsolete. Let's simply things for users, operators, and develpers by removing it. A follow-on patch will remove the test_v3_protection.py file since those behaviors are passing all the protection tests with the default policies in code. Related-Bug: 1805880 Closes-Bug: 1630434 Closes-Bug: 1806762 Change-Id: Ie45955f5cc54563cc9704d7cb2b656b5544ae030 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1630434 Title: policy.v3cloudsample.json doesn't allow domain admin list role assignments on project Status in OpenStack Identity (keystone): Fix Released Bug description: My OpenStack version is Mitaka. With an admin domain-scoped token, a domain admin cannot list role assignments on the project in the domain. The error messages are: { "error": { "code": 403, "message": "You are not authorized to perform the requested action: identity:list_role_assignments", "title": "Forbidden" } } I am currently using a workaround: adding include_subtree=true to use "identity:list_role_assignments_for_tree". To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1630434/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
