Public bug reported: In Rocky, keystone added a default role hierarchy. This was part of a large initiative to improve RBAC across all OpenStack projects. Through the process of adopting the default roles implemented in Rocky, OpenStack developers and operators have acknowledged that several OpenStack service accounts have too much authorization.
Having a service-specific default role will make it easier to implement the principle of least privilege to service accounts and harden OpenStack default security posture. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1951632 Title: RFE: Create a role for service-to-service communication Status in OpenStack Identity (keystone): New Bug description: In Rocky, keystone added a default role hierarchy. This was part of a large initiative to improve RBAC across all OpenStack projects. Through the process of adopting the default roles implemented in Rocky, OpenStack developers and operators have acknowledged that several OpenStack service accounts have too much authorization. Having a service-specific default role will make it easier to implement the principle of least privilege to service accounts and harden OpenStack default security posture. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1951632/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp