Identity provider API doesn't use default roles

Bug #1804516 reported by Lance Bragstad on 2018-11-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Lance Bragstad

Bug Description

In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The identity provider (federation) API doesn't incorporate these defaults into its default policies [1], but it should.

[0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
[1] https://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/identity_provider.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927

Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
tags: added: default-roles policy

Related fix proposed to branch: master
Review: https://review.openstack.org/619372

Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers