yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1818845] Re: The identity:revocation_list policy should be deprecated for removal

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1818845@xxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Jul 2019 19:10:01 -0000
Reply-to: Bug 1818845 <1818845@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/672334
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0bf2d68520f57a44510f19aed50a26d217fe52dc
Submitter: Zuul
Branch:    master

commit 0bf2d68520f57a44510f19aed50a26d217fe52dc
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Tue Jul 23 17:21:19 2019 +0000

    Deprecate identity:revocation_list policy for removal
    
    This policy doesn't actually protect anything. We can safely deprecate
    it for removal and simplify policy files.
    
    Change-Id: Iff604f6d77b9b0b91e63d4f4b1572dbb18f43947
    Closes-Bug: 1818845


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1818845

Title:
  The identity:revocation_list policy should be deprecated for removal

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  This API doesn't actually return anything useful. It either gives you
  a 410 or 403 depending on how keystone is configured. It also doesn't
  enforce anything.

  We don't need a policy for this anymore and we're safe to deprecate
  identity:revocation_list for removal.

  https://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/token_revocation.py#L17-L29

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1818845/+subscriptions

References

[Bug 1818845] [NEW] The revocation list API doesn't use default roles or proper scope types
From: Lance Bragstad, 2019-03-06