EC2 credential API doesn't use default roles
Bug #1818732 reported by
Lance Bragstad
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Low
|
Vishakha Agarwal | ||
Bug Description
In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The EC2 credentials API doesn't incorporate these defaults into its default policies [1], but it should.
For example, system administrators should be able to clean up credentials regardless of users, but system members or readers should only be able to list or get credentials. Users who are not system users should only be able to manage their credentials.
[0] http://
[1] http://
| tags: | added: default-roles policy |
| Changed in keystone: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| Changed in keystone: | |
| assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
Revision history for this message
| Colleen Murphy (krinkle) wrote | #1 |
| Changed in keystone: | |
| status: | Triaged → In Progress |
Revision history for this message
| Colleen Murphy (krinkle) wrote | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
https:/