yahoo-eng-team team mailing list archive

[OpenStack Infra <1804463@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/619279
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f377351ac89f674b3893e2a5f82bbe31186350ce
Submitter: Zuul
Branch:    master

commit f377351ac89f674b3893e2a5f82bbe31186350ce
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Wed Nov 21 15:15:11 2018 +0000

    Update service policies for system admin
    
    The service policies were not taking the default roles work we did
    last release into account. This commit changes the default policies
    to rely on the ``admin`` role to create and delete services.
    Subsequent patches will incorporate:
    
     - domain user test coverage
     - project user test coverage
    
    Change-Id: I58bbe6848c9e8e63656a6c706c84d1747c72a71e
    Related-Bug: 1804462
    Closes-Bug: 1804463


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1804463

Title:
  Service API doesn't use default roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  In Rocky, keystone implemented support to ensure at least three
  default roles were available [0]. The services API doesn't incorporate
  these defaults into its default policies [1], but it should.

  [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
  [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/service.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1804463/+subscriptions