I figure that match after I submitted the bug report, but I forgot to add my finding, that there is special API request for user changing his own password https://github.com/openstack/keystone/blob/stable/icehouse/keystone/contrib/user_crud/core.py and that the action that I was referring to in the bug report is admin only (at least from the point of view of default policy rules).
My main confusion come from the policy rule identity:change_password, which span for both action but doesn't really work with the admin action, which i think it's confusing !
As far as I can tell in V3 things are better, with action POST /users/{user_id}/password to change own password (b/c it require knowing the original password and that's what the default policy.v3.json authorize "identity:change_password": "rule:owner"), and as admin changing a user password by sending update user action i.e. PATCH /users/{user_id}, right ?
I figure that match after I submitted the bug report, but I forgot to add my finding, that there is special API request for user changing his own password https:/ /github. com/openstack/ keystone/ blob/stable/ icehouse/ keystone/ contrib/ user_crud/ core.py and that the action that I was referring to in the bug report is admin only (at least from the point of view of default policy rules).
My main confusion come from the policy rule identity: change_ password, which span for both action but doesn't really work with the admin action, which i think it's confusing !
As far as I can tell in V3 things are better, with action POST /users/ {user_id} /password to change own password (b/c it require knowing the original password and that's what the default policy.v3.json authorize "identity: change_ password" : "rule:owner"), and as admin changing a user password by sending update user action i.e. PATCH /users/{user_id}, right ?
Thanks,