OpenStack Identity (keystone)

Lack of documentation for role inheritance

Bug #1737863 reported by Amelia Cordwell on 2017-12-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Medium	Unassigned

Bug Description

- [ ] This doc is inaccurate in this way: ______
- [X] This is a doc addition request.
- [ ] I have a fix to the document that I can paste below including example: input and output.

It can be seen in code and through running tests on the API that the scope of role assignments can be filtered by inheritance scope. This is documented and included in the client but not on the API reference.

Relevant line in client:
https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/role_assignments.py#L70

-----------------------------------
Release: v3.8 on 'Thu Dec 7 13:25:34 2017, commit cfbc2aa'
SHA:
Source: https://git.openstack.org/cgit/openstack/keystone/tree/api-ref/source/v3/index.rst
URL: https://developer.openstack.org/api-ref/identity/v3/index.html

Tags:

Revision history for this message

wangxiyuan (wangxiyuan) wrote on 2017-12-13:

It is included here:
https://developer.openstack.org/api-ref/identity/v3/index.html#list-role-assignments

I guess you mean here:
https://developer.openstack.org/api-ref/identity/v3/index.html#id318

I think the first one is duplicated. And the second one missed "scope.OS-INHERIT:inherited_to"

Revision history for this message

Amelia Cordwell (ameliacordwell) wrote on 2017-12-13:

That makes sense I was only looking at the one under roles, and missed the detail down on the other one.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-01-02:

Based on the first comment, is there anything to clarify in the documentation for this bug?

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-01-08:

I suppose we could add a section to the administrator guides [0] that explains role inheritance and how it works. I don't see any documentation describing inheritance outside of the one query parameter in the API reference.

[0] https://docs.openstack.org/keystone/latest/#administrator-guides

summary:	- role_assignments API reference does not document inherit scope behavoir + Lack of documentation for role inheritance
Changed in keystone:
status:	New → Confirmed
importance:	Undecided → Medium
tags:	added: documentation office-hours

Triveni Gurram (triveni12) on 2020-07-13

Changed in keystone:
assignee:	nobody → Triveni Gurram (triveni12)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-15: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/741085

Changed in keystone:
status:	Confirmed → In Progress

Triveni Gurram (triveni12) on 2020-08-18

Changed in keystone:
assignee:	Triveni Gurram (triveni12) → nobody

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2022-01-21: Change abandoned on keystone (master)

Change abandoned by "Gage Hugo <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/keystone/+/741085
Reason: Abandoning since there hasn't been any recent activity, if anyone wants to continue this work, please feel free to restore this or create a new change.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.