[MediaWiki-commits] [Gerrit] Update keystone policy.json to allow the 'observer' role to ... - change (operations/puppet)

Wed, 04 Nov 2015 16:39:07 -0800 

Andrew Bogott has submitted this change and it was merged.

Change subject: Update keystone policy.json to allow the 'observer' role to 
observe.
......................................................................


Update keystone policy.json to allow the 'observer' role to observe.

Bug: T104588
Change-Id: Icebee3a5868864c4e967d8ccd9c3a922a983ffe2
---
M modules/openstack/files/kilo/keystone/policy.json
1 file changed, 5 insertions(+), 3 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/files/kilo/keystone/policy.json 
b/modules/openstack/files/kilo/keystone/policy.json
index daba0ec..38cf350 100644
--- a/modules/openstack/files/kilo/keystone/policy.json
+++ b/modules/openstack/files/kilo/keystone/policy.json
@@ -1,9 +1,11 @@
 {
     "admin_required": "role:admin or is_admin:1",
     "service_role": "role:service",
+    "observer_role": "role:observer",
     "service_or_admin": "rule:admin_required or rule:service_role",
     "owner" : "user_id:%(user_id)s",
     "admin_or_owner": "rule:admin_required or rule:owner",
+    "admin_or_observer": "rule:admin_required or rule:observer_role",
     "token_subject": "user_id:%(target.token.user_id)s",
     "admin_or_token_subject": "rule:admin_required or rule:token_subject",
  
@@ -33,9 +35,9 @@
     "identity:update_domain": "rule:admin_required",
     "identity:delete_domain": "rule:admin_required",
  
-    "identity:get_project": "rule:admin_required",
-    "identity:list_projects": "rule:admin_required",
-    "identity:list_user_projects": "rule:admin_or_owner",
+    "identity:get_project": "rule:admin_or_observer",
+    "identity:list_projects": "rule:admin_or_observer",
+    "identity:list_user_projects": "rule:admin_or_observer",
     "identity:create_project": "rule:admin_required",
     "identity:update_project": "rule:admin_required",
     "identity:delete_project": "rule:admin_required",

-- 
To view, visit https://gerrit.wikimedia.org/r/251151
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Icebee3a5868864c4e967d8ccd9c3a922a983ffe2
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to