yahoo-eng-team team mailing list archive

[OpenStack Infra <1804522@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/620158
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7ce5e3e24e8291c0af387a72ce7b47c3b28a9f74
Submitter: Zuul
Branch:    master

commit 7ce5e3e24e8291c0af387a72ce7b47c3b28a9f74
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Mon Nov 26 20:43:09 2018 +0000

    Update service provider  policies for system admin
    
    This change makes the policy definitions for admin service
    provider operations consistent with the other service provider
    policies. Subsequent patches will incorporate:
    
     - domain users test coverage
     - project users test coverage
    
    Change-Id: I621192f089d1b29e2585d0030716348274e50bf1
    Related-Bug: 1804520
    Closes-Bug: 1804522


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1804522

Title:
  Service provider API doesn't use default roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  In Rocky, keystone implemented support to ensure at least three
  default roles were available [0]. The service provider (federation)
  API doesn't incorporate these defaults into its default policies [1],
  but it should.

  [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
  [1] https://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/service_provider.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1804522/+subscriptions