diff options
| author | Jenkins <jenkins@review.openstack.org> | 2017-07-21 00:12:50 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2017-07-21 00:12:50 +0000 |
| commit | 439872bc196260fe62e52235e0717040fd934394 (patch) | |
| tree | c66f97635b028d17a4b8a145ffe6a7b6012cf799 | |
| parent | fa76aa5f5df0b627ec13e04eb27357288978f702 (diff) | |
| parent | 6c96675d63257d7ef2c27c5598c642efa7a25d08 (diff) | |
| download | keystone-11.0.3.tar.gz | |
Merge "fix identity:get_identity_providers typo" into stable/ocata11.0.3
| -rw-r--r-- | doc/source/policy_mapping.rst | 2 | ||||
| -rw-r--r-- | etc/policy.json | 2 | ||||
| -rw-r--r-- | etc/policy.v3cloudsample.json | 2 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml | 11 |
4 files changed, 14 insertions, 3 deletions
diff --git a/doc/source/policy_mapping.rst b/doc/source/policy_mapping.rst index d3368fc92..eed57fde4 100644 --- a/doc/source/policy_mapping.rst +++ b/doc/source/policy_mapping.rst @@ -146,7 +146,7 @@ identity:remove_endpoint_group_from_project DELETE /v3/OS-EP-FILT identity:create_identity_provider PUT /v3/OS-FEDERATION/identity_providers/{idp_id} identity:list_identity_providers GET /v3/OS-FEDERATION/identity_providers -identity:get_identity_providers GET /v3/OS-FEDERATION/identity_providers/{idp_id} +identity:get_identity_provider GET /v3/OS-FEDERATION/identity_providers/{idp_id} identity:update_identity_provider PATCH /v3/OS-FEDERATION/identity_providers/{idp_id} identity:delete_identity_provider DELETE /v3/OS-FEDERATION/identity_providers/{idp_id} diff --git a/etc/policy.json b/etc/policy.json index ddf239627..efa84e9a3 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -147,7 +147,7 @@ "identity:create_identity_provider": "rule:admin_required", "identity:list_identity_providers": "rule:admin_required", - "identity:get_identity_providers": "rule:admin_required", + "identity:get_identity_provider": "rule:admin_required", "identity:update_identity_provider": "rule:admin_required", "identity:delete_identity_provider": "rule:admin_required", diff --git a/etc/policy.v3cloudsample.json b/etc/policy.v3cloudsample.json index 9ba717380..6c5bc0b1c 100644 --- a/etc/policy.v3cloudsample.json +++ b/etc/policy.v3cloudsample.json @@ -174,7 +174,7 @@ "identity:create_identity_provider": "rule:cloud_admin", "identity:list_identity_providers": "rule:cloud_admin", - "identity:get_identity_providers": "rule:cloud_admin", + "identity:get_identity_provider": "rule:cloud_admin", "identity:update_identity_provider": "rule:cloud_admin", "identity:delete_identity_provider": "rule:cloud_admin", diff --git a/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml new file mode 100644 index 000000000..2d93d16ec --- /dev/null +++ b/releasenotes/notes/bug-1703369-9a901d627a1e0316.yaml @@ -0,0 +1,11 @@ +--- +security: + - | + [`bug 1703369 <https://bugs.launchpad.net/keystone/+bug/1703369>`_] + There was a typo for the identity:get_identity_provider rule in the + default ``policy.json`` file in previous releases. The default value for + that rule was the same as the default value for the default rule + (restricted to admin) so this typo was not readily apparent. Anyone + customizing this rule should review their settings and confirm that + they did not copy that typo. More context regarding the purpose of this + backport can be found in the bug report. |