Reviewed: https://review.openstack.org/605850 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7fa424f1de1ac29c2d34d02cae04b845df5837b1 Submitter: Zuul Branch: master
commit 7fa424f1de1ac29c2d34d02cae04b845df5837b1 Author: Lance Bragstad <[email protected]> Date: Thu Sep 27 18:26:48 2018 +0000 Implement system admin role in domains API This commit introduces the system admin role to the API, making it consistent with other system-admin policy definitions. Subsequent patches will include domain support for: - domain user test coverage - project user test coverage Change-Id: Ic9a789dc3f34d9735de3b4bc4bd48b41190cbfba Closes-Bug: 1794376 Partial-Bug: 968696 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1794376 Title: Domains API should account for system-scope and default roles Status in OpenStack Identity (keystone): Fix Released Bug description: Keystone domains are an important resource that only system administrators, members, or readers should be able to manage. We should update the domain policies to include system-scoped test coverage and consumption of the new default roles in keystone. System administrators should be able to: - GET /v3/domains/ - GET /v3/damains/{domain_id} - POST /v3/domains/ - PATCH /v3/domains/{domain_id} - DELETE /v3/domains/{domain_id} System members should be able to: - GET /v3/domains/ - GET /v3/damains/{domain_id} - PATCH /v3/domains/{domain_id} System readers should be able to: - GET /v3/domains/ - GET /v3/damains/{domain_id} To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1794376/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
