yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1541540] [NEW] Implied role "root_role" config needs to be expanded

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Wed, 03 Feb 2016 18:24:16 -0000
Reply-to: Bug 1541540 <1541540@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The "root_role" option is insufficient for blocking "implied" roles.
This needs to be expanded to where a list opt makes sense. There will
likely be many cases where more than one role should never be allowed to
be implied, for example "domain admin" if the domain admin needs to come
from SSO.

Suggest making it an option that is a listopt and calling it something
not "root_role".

** Affects: keystone
     Importance: High
     Assignee: Adam Young (ayoung)
         Status: Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1541540

Title:
  Implied role "root_role" config needs to be expanded

Status in OpenStack Identity (keystone):
  Triaged

Bug description:
  The "root_role" option is insufficient for blocking "implied" roles.
  This needs to be expanded to where a list opt makes sense. There will
  likely be many cases where more than one role should never be allowed
  to be implied, for example "domain admin" if the domain admin needs to
  come from SSO.

  Suggest making it an option that is a listopt and calling it something
  not "root_role".

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1541540/+subscriptions

Follow ups

[Bug 1541540] Re: Implied role "root_role" config needs to be expanded
From: OpenStack Infra, 2016-02-12