Relax the requirement for mappings to result in group memberships
Bug #1601929 reported by
Steve Martinelli
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Ron De Rose |
Bug Description
With the introduction of shadow users, we should not require mappings to result in group memberships. This should not require an API change, but would allow for much simpler mappings to be used (literally just assigning a unique ID, and nothing more), which would be sufficient to allow federated users to receive manually assigned concrete role assignments (a process that operators are already familiar with).
Changed in keystone: | |
status: | Triaged → In Progress |
Changed in keystone: | |
milestone: | next → newton-3 |
Changed in keystone: | |
assignee: | Ron De Rose (ronald-de-rose) → Steve Martinelli (stevemar) |
Changed in keystone: | |
assignee: | Steve Martinelli (stevemar) → Ron De Rose (ronald-de-rose) |
To post a comment you must log in.
We support that today already I think. Just add the "type" attribute.
"type": "local"
Is this for ephemeral users?