Bug submitted:
https://bugs.launchpad.net/keystone/+bug/1717847
Note that this is an odd one, since the current state (while unhelpful)
is safe, fixing it has a chance of exposing an API to users that
shouldn't be able to use it if operators don't update their policy file
to match the new default
Hi,
On 13.09.2017 18:54, Adrian Turjak wrote:
> Hello Keystone devs!
>
> I've been playing with some policy changes and realised that the trust
> policy rules were mostly blank. Which, based on how the policy logic
> works means that any authed user can list trusts:
> https://github.com/openstack
Hello Keystone devs!
I've been playing with some policy changes and realised that the trust
policy rules were mostly blank. Which, based on how the policy logic
works means that any authed user can list trusts:
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json#L137-L1