yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #08025
[Bug 1267096] [NEW] v3/credentials API is admin-only
Public bug reported:
The default policy makes v3/credentials admin-only:
https://github.com/openstack/keystone/blob/master/etc/policy.json#L53
But in the docs, we say "generic credential storage per user" which
implies it's a user accessible interface.
Also, for the ec2 credential storage to work as a replacement for the
ec2tokens API, it needs to be user-accessible.
Seems like a more appropriate restriction would be to enforce that the
user_id in the request matches the token, or the user is admin, e.g use
"admin_or_owner" instead of "admin_required"
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1267096
Title:
v3/credentials API is admin-only
Status in OpenStack Identity (Keystone):
New
Bug description:
The default policy makes v3/credentials admin-only:
https://github.com/openstack/keystone/blob/master/etc/policy.json#L53
But in the docs, we say "generic credential storage per user" which
implies it's a user accessible interface.
Also, for the ec2 credential storage to work as a replacement for the
ec2tokens API, it needs to be user-accessible.
Seems like a more appropriate restriction would be to enforce that the
user_id in the request matches the token, or the user is admin, e.g
use "admin_or_owner" instead of "admin_required"
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1267096/+subscriptions
Follow ups
References