Public bug reported:
In Rocky, keystone added a default role hierarchy. This was part of a
large initiative to improve RBAC across all OpenStack projects. Through
the process of adopting the default roles implemented in Rocky,
OpenStack developers and operators have acknowledged that several
OpenStack service accounts have too much authorization.
Having a service-specific default role will make it easier to implement
the principle of least privilege to service accounts and harden
OpenStack default security posture.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1951632
Title:
RFE: Create a role for service-to-service communication
Status in OpenStack Identity (keystone):
New
Bug description:
In Rocky, keystone added a default role hierarchy. This was part of a
large initiative to improve RBAC across all OpenStack projects.
Through the process of adopting the default roles implemented in
Rocky, OpenStack developers and operators have acknowledged that
several OpenStack service accounts have too much authorization.
Having a service-specific default role will make it easier to
implement the principle of least privilege to service accounts and
harden OpenStack default security posture.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1951632/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
