yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #90667
[Bug 1999068] [NEW] Keystone App Creds Access Rules don´t work
Public bug reported:
Hi,
we just tested Application Credentials with Access Rules. We tried to
delegate a subset of the admin permissions to the application
credentials for managing users, projects and domains. Unfortunately it
seems that the Access Rules that we defined for "identity" were not
working.
Example:
openstack application credential create test-appcred --role admin --access-rules '[{
"method": "GET",
"path": "/v3/domains",
"service": "identity"
}]'
With that access rule it was still allowed to create domains, users,
projects, groups. For the other OpenStack Services no requests were
possible, as expected.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1999068
Title:
Keystone App Creds Access Rules don´t work
Status in OpenStack Identity (keystone):
New
Bug description:
Hi,
we just tested Application Credentials with Access Rules. We tried to
delegate a subset of the admin permissions to the application
credentials for managing users, projects and domains. Unfortunately it
seems that the Access Rules that we defined for "identity" were not
working.
Example:
openstack application credential create test-appcred --role admin --access-rules '[{
"method": "GET",
"path": "/v3/domains",
"service": "identity"
}]'
With that access rule it was still allowed to create domains, users,
projects, groups. For the other OpenStack Services no requests were
possible, as expected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1999068/+subscriptions
