The identity:revocation_list policy should be deprecated for removal
Bug #1818845 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Lance Bragstad |
Bug Description
This API doesn't actually return anything useful. It either gives you a 410 or 403 depending on how keystone is configured. It also doesn't enforce anything.
We don't need a policy for this anymore and we're safe to deprecate identity:
tags: | added: default-roles policy |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
summary: |
- The revocation list API doesn't use default roles + The revocation list API doesn't use default roles or proper scope types |
description: | updated |
summary: |
- The revocation list API doesn't use default roles or proper scope types + The identity:revocation_list policy should be deprecated for removal |
description: | updated |
tags: |
added: low-hanging-fruit removed: default-roles |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/672334
Review: https:/