Reviewed: https://review.openstack.org/619331 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cdbdcf85f76d4824fdf56f35c6d846b8f386dd5c Submitter: Zuul Branch: master
commit cdbdcf85f76d4824fdf56f35c6d846b8f386dd5c Author: Lance Bragstad <[email protected]> Date: Wed Nov 21 17:32:45 2018 +0000 Update endpoint policies for system admin The endpoint policies were not taking the default roles work we did last release into account. This commit changes the default policies to rely on the ``admin`` role to create and delete endpoints. Subsequent patches will incorporate: - domain user test coverage - project user test coverage Change-Id: Ia6dc4526ece07e7fee614ec91b0953db8f180c2e Related-Bug: 1804482 Closes-Bug: 1804483 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1804483 Title: Endpoint API doesn't use default roles Status in OpenStack Identity (keystone): Fix Released Bug description: In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The endpoint API doesn't incorporate these defaults into its default policies [1], but it should. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/endpoint.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1804483/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
