Andrew Bogott has submitted this change and it was merged. Change subject: keystone policy changes: ......................................................................
keystone policy changes: Allow anyone to 'list' and 'get' projects and users. Bug: T123310 Change-Id: I61f05cef2009b3956b750ac44ac69d340e6ce727 --- M modules/openstack/files/kilo/keystone/policy.json 1 file changed, 7 insertions(+), 7 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/openstack/files/kilo/keystone/policy.json b/modules/openstack/files/kilo/keystone/policy.json index 38cf350..220e31f 100644 --- a/modules/openstack/files/kilo/keystone/policy.json +++ b/modules/openstack/files/kilo/keystone/policy.json @@ -35,15 +35,15 @@ "identity:update_domain": "rule:admin_required", "identity:delete_domain": "rule:admin_required", - "identity:get_project": "rule:admin_or_observer", - "identity:list_projects": "rule:admin_or_observer", - "identity:list_user_projects": "rule:admin_or_observer", + "identity:get_project": "", + "identity:list_projects": "", + "identity:list_user_projects": "", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", "identity:delete_project": "rule:admin_required", "identity:get_user": "rule:admin_required", - "identity:list_users": "rule:admin_required", + "identity:list_users": "", "identity:create_user": "rule:admin_required", "identity:update_user": "rule:admin_required", "identity:delete_user": "rule:admin_required", @@ -71,8 +71,8 @@ "identity:ec2_create_credential": "rule:admin_or_owner", "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", - "identity:get_role": "rule:admin_required", - "identity:list_roles": "rule:admin_required", + "identity:get_role": "", + "identity:list_roles": "", "identity:create_role": "rule:admin_required", "identity:update_role": "rule:admin_required", "identity:delete_role": "rule:admin_required", @@ -101,7 +101,7 @@ "identity:list_trusts": "", "identity:list_roles_for_trust": "", "identity:get_role_for_trust": "", - "identity:delete_trust": "", + "identity:delete_trust": "rule:admin_required", "identity:create_consumer": "rule:admin_required", "identity:get_consumer": "rule:admin_required", -- To view, visit https://gerrit.wikimedia.org/r/270597 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I61f05cef2009b3956b750ac44ac69d340e6ce727 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits