Tokenless auth does not support system scope
Bug #1814570 reported by
Guang Yee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
One of the most useful features of X.509 tokenless is to enable services to validate user tokens without having to obtain a service auth token. However, with the migration to system scope, this feature is effectively broken as the default policies had been updated to require a system-scoped token for these operations. We'll need to update the X.509 tokenless feature to support system-scoped token. Perhaps this can also be done by using a new header to convey the system scope intention?
tags: | added: x509 |
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
To post a comment you must log in.