[MediaWiki-commits] [Gerrit] keystone policy changes: - change (operations/puppet)

Andrew Bogott (Code Review) Mon, 15 Feb 2016 08:49:10 -0800

Andrew Bogott has submitted this change and it was merged.

Change subject: keystone policy changes:
......................................................................



keystone policy changes:

Allow anyone to 'list' and 'get' projects and users.

Bug:  T123310
Change-Id: I61f05cef2009b3956b750ac44ac69d340e6ce727
---
M modules/openstack/files/kilo/keystone/policy.json
1 file changed, 7 insertions(+), 7 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/openstack/files/kilo/keystone/policy.json 
b/modules/openstack/files/kilo/keystone/policy.json
index 38cf350..220e31f 100644
--- a/modules/openstack/files/kilo/keystone/policy.json
+++ b/modules/openstack/files/kilo/keystone/policy.json
@@ -35,15 +35,15 @@
     "identity:update_domain": "rule:admin_required",
     "identity:delete_domain": "rule:admin_required",
  
-    "identity:get_project": "rule:admin_or_observer",
-    "identity:list_projects": "rule:admin_or_observer",
-    "identity:list_user_projects": "rule:admin_or_observer",
+    "identity:get_project": "",
+    "identity:list_projects": "",
+    "identity:list_user_projects": "",
     "identity:create_project": "rule:admin_required",
     "identity:update_project": "rule:admin_required",
     "identity:delete_project": "rule:admin_required",
  
     "identity:get_user": "rule:admin_required",
-    "identity:list_users": "rule:admin_required",
+    "identity:list_users": "",
     "identity:create_user": "rule:admin_required",
     "identity:update_user": "rule:admin_required",
     "identity:delete_user": "rule:admin_required",
@@ -71,8 +71,8 @@
     "identity:ec2_create_credential": "rule:admin_or_owner",
     "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and 
user_id:%(target.credential.user_id)s)",
  
-    "identity:get_role": "rule:admin_required",
-    "identity:list_roles": "rule:admin_required",
+    "identity:get_role": "",
+    "identity:list_roles": "",
     "identity:create_role": "rule:admin_required",
     "identity:update_role": "rule:admin_required",
     "identity:delete_role": "rule:admin_required",
@@ -101,7 +101,7 @@
     "identity:list_trusts": "",
     "identity:list_roles_for_trust": "",
     "identity:get_role_for_trust": "",
-    "identity:delete_trust": "",
+    "identity:delete_trust": "rule:admin_required",
  
     "identity:create_consumer": "rule:admin_required",
     "identity:get_consumer": "rule:admin_required",

-- 
To view, visit https://gerrit.wikimedia.org/r/270597
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I61f05cef2009b3956b750ac44ac69d340e6ce727
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] keystone policy changes: - change (operations/puppet)

Reply via email to