Project Endpoints should account for system scope and default roles
Bug #1844664 reported by
Vishakha Agarwal
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Colleen Murphy |
Bug Description
Project resources in keystone can be tagged with endpoints. Operations for managing project endpoints should only be managed by system administrators and not project-level or domain-level users.
The policies that protect the project endpoints should understand system-scope [0].
Changed in keystone: | |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
summary: |
- Project Endpoints should account for system scopes + Project Endpoints should account for system scope and default roles |
tags: | added: policy |
tags: | added: default-roles system-scope |
Changed in keystone: | |
importance: | Undecided → High |
milestone: | none → train-rc1 |
Changed in keystone: | |
assignee: | Vishakha Agarwal (vishakha.agarwal) → Colleen Murphy (krinkle) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/683153
Review: https:/