The policy and policy endpoint APIs don't use default roles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Vishakha Agarwal |
Bug Description
In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The policy and policy endpoint APIs don't incorporate these defaults into its default policies [1][2], but it should.
However, both of these APIs are deprecated, which doesn't make this a high priority item. Opening this bug to be consistent in documenting gaps in default role implementations across keystone.
[0] http://
[1] http://
[2] http://
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
tags: | added: default-roles policy |
Changed in keystone: | |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
This could also include support for only system-scope, since domain or project scoped users shouldn't be accessing this endpoint.