Reviewed: https://review.opendev.org/682503 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8e67249d5bfb07b0a236189f62b3f338532f0df0 Submitter: Zuul Branch: master
commit 8e67249d5bfb07b0a236189f62b3f338532f0df0 Author: Lance Bragstad <lbrags...@gmail.com> Date: Mon Sep 16 22:11:06 2019 +0000 Add default roles and scope checking to project tags This commit makes it so that project tags adhere to system-scope and also incorporates default roles into the policy checks by default. Change-Id: Ie36df5677a08d7d95f056f3ea00eda05e1315ea5 Closes-Bug: 1844194 Closes-Bug: 1844193 Related-Bug: 1806762 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1844193 Title: Project tags should account for different scopes. Status in OpenStack Identity (keystone): Fix Released Bug description: Project resources in keystone can be tagged with simple strings called tags. Operations for managing a project's tags should only be managed by system administrators and not project-level or domain-level users. The policies that protect project tags should understand system-scope [0]. [0] https://opendev.org/openstack/keystone/src/commit/18e0080af3dcc0a96ff5d98aeb5f517080a35fb2/keystone/common/policies/project.py#L147-L210 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1844193/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp