← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1951632] [NEW] RFE: Create a role for service-to-service communication

 

Public bug reported:

In Rocky, keystone added a default role hierarchy. This was part of a
large initiative to improve RBAC across all OpenStack projects. Through
the process of adopting the default roles implemented in Rocky,
OpenStack developers and operators have acknowledged that several
OpenStack service accounts have too much authorization.

Having a service-specific default role will make it easier to implement
the principle of least privilege to service accounts and harden
OpenStack default security posture.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1951632

Title:
  RFE: Create a role for service-to-service communication

Status in OpenStack Identity (keystone):
  New

Bug description:
  In Rocky, keystone added a default role hierarchy. This was part of a
  large initiative to improve RBAC across all OpenStack projects.
  Through the process of adopting the default roles implemented in
  Rocky, OpenStack developers and operators have acknowledged that
  several OpenStack service accounts have too much authorization.

  Having a service-specific default role will make it easier to
  implement the principle of least privilege to service accounts and
  harden OpenStack default security posture.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1951632/+subscriptions