Reviewed: https://review.opendev.org/677004 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=9be1caff97355099d25170fe390dd15d6f592d56 Submitter: Zuul Branch: master
commit 9be1caff97355099d25170fe390dd15d6f592d56 Author: Colleen Murphy <[email protected]> Date: Fri Aug 16 11:14:16 2019 -0700 Implement system admin for trusts API This change enables a system admin to delete trusts. Previously, only the trustor or the is_admin admin could delete a trust. This changes makes the trusts API more useful to system administrators who need to clean up trusts and makes the API consistent with others. This does not enable system admins to create trusts. A trust can only be scoped to a project, so creating one is inherently a project-scoped action. If trusts later gain the ability to be scoped to the system or domains, we can add those scopes to the create_trust scope_types. Change-Id: Idf13b862f345388bb2372609787947eb43d7ba75 Closes-bug: #1818846 Closes-bug: #1818850 Related-Bug: #968696 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1818846 Title: The trust API doesn't use default roles Status in OpenStack Identity (keystone): Fix Released Bug description: In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The trust API doesn't incorporate these defaults into its default policies [1], but it should. It would be useful for system members and readers to diagnose issues with trusts, instead of requiring system administrators to do everything. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/trust.py?id=6e3f1f6e46787ed4542609c935c13cb85e91d7fc To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1818846/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
