Tokenless auth does not support system scope
Bug #1814570 reported by
Guang Yee
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
One of the most useful features of X.509 tokenless is to enable services to validate user tokens without having to obtain a service auth token. However, with the migration to system scope, this feature is effectively broken as the default policies had been updated to require a system-scoped token for these operations. We'll need to update the X.509 tokenless feature to support system-scoped token. Perhaps this can also be done by using a new header to convey the system scope intention?
| tags: | added: x509 |
| Changed in keystone: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
To post a comment you must log in.
