yahoo-eng-team team mailing list archive

[OpenStack Infra <1844664@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/683153
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c9148db371dfa449830d2fbe7c1345135ebddf3f
Submitter: Zuul
Branch:    master

commit c9148db371dfa449830d2fbe7c1345135ebddf3f
Author: Vishakha Agarwal <agarwalvishakha18@xxxxxxxxx>
Date:   Thu Sep 19 18:45:30 2019 +0530

    Implement scope type checking for Project Endpoints
    
    This change updates the Project Endpoints policies to understand
    the scope types for Project Endpoints. This adds the test cases
    too.
    
    Change-Id: Id18036325b2f5b8836076408ecdd64523b19cbba
    Closes-Bug: #1844664


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1844664

Title:
  Project Endpoints should account for system scope and default roles

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Project resources in keystone can be tagged with endpoints. Operations
  for managing project endpoints should only be managed by system
  administrators and not project-level or domain-level users.

  The policies that protect the project endpoints should understand
  system-scope [0].

  [0]
  https://opendev.org/openstack/keystone/src/commit/18e0080af3dcc0a96ff5d98aeb5f517080a35fb2/keystone/common/policies/project_endpoint.py#L19-L66

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1844664/+subscriptions