yahoo-eng-team team mailing list archive

[OpenStack Infra <1804483@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/619331
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cdbdcf85f76d4824fdf56f35c6d846b8f386dd5c
Submitter: Zuul
Branch:    master

commit cdbdcf85f76d4824fdf56f35c6d846b8f386dd5c
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Wed Nov 21 17:32:45 2018 +0000

    Update endpoint  policies for system admin
    
    The endpoint policies were not taking the default roles work we did
    last release into account. This commit changes the default policies
    to rely on the ``admin`` role to create and delete endpoints.
    Subsequent patches will incorporate:
    
     - domain user test coverage
     - project user test coverage
    
    Change-Id: Ia6dc4526ece07e7fee614ec91b0953db8f180c2e
    Related-Bug: 1804482
    Closes-Bug: 1804483


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1804483

Title:
  Endpoint API doesn't use default roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  In Rocky, keystone implemented support to ensure at least three
  default roles were available [0]. The endpoint API doesn't incorporate
  these defaults into its default policies [1], but it should.

  [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
  [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/endpoint.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1804483/+subscriptions