OpenStack Identity (keystone)

  1. Bug #1805363
  2. Activity log

Activity log for bug #1805363

Date Who What changed Old value New value Message
2018-11-27 11:04:04 Lance Bragstad bug added bug
2018-11-27 11:04:12 Lance Bragstad keystone: status New Triaged
2018-11-27 11:04:14 Lance Bragstad keystone: importance Undecided Medium
2018-11-27 11:04:22 Lance Bragstad tags default-roles policy
2019-03-05 21:15:28 Lance Bragstad description In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The consumer API doesn't incorporate these defaults into its default policies [1], but it should. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/consumer.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The consumer API doesn't incorporate these defaults into its default policies [1], but it should. The oauth consumer API is system-specific, and shouldn't be accessible to domain or project users. For example, system administrators should be able to create, delete, and update consumers, while members and readers should only be able to get and list consumers. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/consumer.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927
2019-07-23 14:18:44 Lance Bragstad keystone: importance Medium Low
2019-09-07 02:27:20 OpenStack Infra keystone: status Triaged In Progress
2019-09-07 02:27:20 OpenStack Infra keystone: assignee Colleen Murphy (krinkle)
2019-09-14 16:16:27 OpenStack Infra keystone: status In Progress Fix Released