Public bug reported: In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The policy and policy endpoint APIs don't incorporate these defaults into its default policies [1][2], but it should.
However, both of these APIs are deprecated, which doesn't make this a high priority item. Opening this bug to be consistent in documenting gaps in default role implementations across keystone. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 [2] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy_association.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 ** Affects: keystone Importance: Wishlist Status: Triaged ** Tags: default-roles policy ** Changed in: keystone Status: New => Triaged ** Changed in: keystone Importance: Undecided => Wishlist ** Tags added: default-roles policy -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1805409 Title: The policy and policy endpoint APIs don't use default roles Status in OpenStack Identity (keystone): Triaged Bug description: In Rocky, keystone implemented support to ensure at least three default roles were available [0]. The policy and policy endpoint APIs don't incorporate these defaults into its default policies [1][2], but it should. However, both of these APIs are deprecated, which doesn't make this a high priority item. Opening this bug to be consistent in documenting gaps in default role implementations across keystone. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 [2] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/policy_association.py?id=fb73912d87b61c419a86c0a9415ebdcf1e186927 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1805409/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp