EC2 credential API doesn't use default roles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Vishakha Agarwal |
Bug Description
In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The EC2 credentials API doesn't incorporate these defaults into its default policies [1], but it should.
For example, system administrators should be able to clean up credentials regardless of users, but system members or readers should only be able to list or get credentials. Users who are not system users should only be able to manage their credentials.
[0] http://
[1] http://
tags: | added: default-roles policy |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in keystone: | |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
Changed in keystone: | |
status: | In Progress → Fix Released |
https:/ /review. opendev. org/607820