yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #76282
[Bug 1794376] Re: Domains API should account for system-scope and default roles
Reviewed: https://review.openstack.org/605850
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7fa424f1de1ac29c2d34d02cae04b845df5837b1
Submitter: Zuul
Branch: master
commit 7fa424f1de1ac29c2d34d02cae04b845df5837b1
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Thu Sep 27 18:26:48 2018 +0000
Implement system admin role in domains API
This commit introduces the system admin role to the API, making it
consistent with other system-admin policy definitions.
Subsequent patches will include domain support for:
- domain user test coverage
- project user test coverage
Change-Id: Ic9a789dc3f34d9735de3b4bc4bd48b41190cbfba
Closes-Bug: 1794376
Partial-Bug: 968696
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1794376
Title:
Domains API should account for system-scope and default roles
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
Keystone domains are an important resource that only system
administrators, members, or readers should be able to manage. We
should update the domain policies to include system-scoped test
coverage and consumption of the new default roles in keystone.
System administrators should be able to:
- GET /v3/domains/
- GET /v3/damains/{domain_id}
- POST /v3/domains/
- PATCH /v3/domains/{domain_id}
- DELETE /v3/domains/{domain_id}
System members should be able to:
- GET /v3/domains/
- GET /v3/damains/{domain_id}
- PATCH /v3/domains/{domain_id}
System readers should be able to:
- GET /v3/domains/
- GET /v3/damains/{domain_id}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1794376/+subscriptions
References