yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #77197
[Bug 1804463] Re: Service API doesn't use default roles
Reviewed: https://review.openstack.org/619279
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f377351ac89f674b3893e2a5f82bbe31186350ce
Submitter: Zuul
Branch: master
commit f377351ac89f674b3893e2a5f82bbe31186350ce
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Wed Nov 21 15:15:11 2018 +0000
Update service policies for system admin
The service policies were not taking the default roles work we did
last release into account. This commit changes the default policies
to rely on the ``admin`` role to create and delete services.
Subsequent patches will incorporate:
- domain user test coverage
- project user test coverage
Change-Id: I58bbe6848c9e8e63656a6c706c84d1747c72a71e
Related-Bug: 1804462
Closes-Bug: 1804463
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1804463
Title:
Service API doesn't use default roles
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
In Rocky, keystone implemented support to ensure at least three
default roles were available [0]. The services API doesn't incorporate
these defaults into its default policies [1], but it should.
[0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
[1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/service.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1804463/+subscriptions
References