OpenStack Identity (keystone)

OS-EP-FILTER API doesn't use default roles

Bug #1818744 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Triaged
Low
Unassigned

Bug Description

In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The OS-EP-FILTER API doesn't incorporate these defaults into its default policies [1], but it should. The association between projects and endpoints are system-specific actions, but it should be possible for system-members and system-readers to view those associations.

[0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
[1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/project_endpoint.py?id=6e3f1f6e46787ed4542609c935c13cb85e91d7fc

Lance Bragstad (lbragstad)
Changed in keystone:
status: New → Triaged
importance: Undecided → Low
tags: added: default-roles policy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.