The identity:revocation_list policy should be deprecated for removal
Bug #1818845 reported by
Lance Bragstad
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Lance Bragstad | ||
Bug Description
This API doesn't actually return anything useful. It either gives you a 410 or 403 depending on how keystone is configured. It also doesn't enforce anything.
We don't need a policy for this anymore and we're safe to deprecate identity:
| tags: | added: default-roles policy |
| Changed in keystone: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| summary: |
- The revocation list API doesn't use default roles + The revocation list API doesn't use default roles or proper scope types |
| description: | updated |
| summary: |
- The revocation list API doesn't use default roles or proper scope types + The identity:revocation_list policy should be deprecated for removal |
| description: | updated |
| tags: |
added: low-hanging-fruit removed: default-roles |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| assignee: | nobody → Lance Bragstad (lbragstad) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 16.0.0.0rc1 | #3 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/