Public bug reported:
The "root_role" option is insufficient for blocking "implied" roles.
This needs to be expanded to where a list opt makes sense. There will
likely be many cases where more than one role should never be allowed to
be implied, for example "domain admin" if the domain admin needs to come
from SSO.
Suggest making it an option that is a listopt and calling it something
not "root_role".
** Affects: keystone
Importance: High
Assignee: Adam Young (ayoung)
Status: Triaged
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1541540
Title:
Implied role "root_role" config needs to be expanded
Status in OpenStack Identity (keystone):
Triaged
Bug description:
The "root_role" option is insufficient for blocking "implied" roles.
This needs to be expanded to where a list opt makes sense. There will
likely be many cases where more than one role should never be allowed
to be implied, for example "domain admin" if the domain admin needs to
come from SSO.
Suggest making it an option that is a listopt and calling it something
not "root_role".
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1541540/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
