Activity log for bug #1818725

Date Who What changed Old value New value Message
2019-03-05 21:09:49 Lance Bragstad bug added bug
2019-03-05 21:09:58 Lance Bragstad keystone: status New Triaged
2019-03-05 21:10:11 Lance Bragstad keystone: importance Undecided Medium
2019-03-05 21:11:22 Lance Bragstad description In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The application credentials API doesn't incorporate these defaults into its default policies [1], but it should. For example, system users should be able to manage any application credential, regardless of the user. Users who are not system users should only be able to manage their application credentials. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/application_credential.py?id=6e3f1f6e46787ed4542609c935c13cb85e91d7fc In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The application credentials API doesn't incorporate these defaults into its default policies [1], but it should. For example, system administrators should be able to clean up application credentials regardless of users, but system members or readers should only be able to list or get application credentials. Users who are not system users should only be able to manage their application credentials. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/application_credential.py?id=6e3f1f6e46787ed4542609c935c13cb85e91d7fc
2019-03-05 21:11:39 Lance Bragstad tags default-roles policy
2019-03-12 14:32:20 Colleen Murphy keystone: milestone stein-rc1
2019-03-20 21:37:10 Colleen Murphy keystone: milestone stein-rc1
2019-07-15 23:58:48 OpenStack Infra keystone: status Triaged In Progress
2019-07-15 23:58:48 OpenStack Infra keystone: assignee Guang Yee (guang-yee)
2019-07-25 17:27:46 OpenStack Infra keystone: status In Progress Fix Released