The policy and policy endpoint APIs don't use default roles

Bug #1805409 reported by Lance Bragstad on 2018-11-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Wishlist
Unassigned

Bug Description

In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The policy and policy endpoint APIs don't incorporate these defaults into its default policies [1][2], but it should.

However, both of these APIs are deprecated, which doesn't make this a high priority item. Opening this bug to be consistent in documenting gaps in default role implementations across keystone.

[0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
[1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927
[2] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy_association.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927

Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
tags: added: default-roles policy
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers