** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1818732
Title:
EC2 credential API doesn't use default roles
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
In Rocky, keystone implemented support to ensure at least three
default roles were available [0]. The EC2 credentials API doesn't
incorporate these defaults into its default policies [1], but it
should.
For example, system administrators should be able to clean up
credentials regardless of users, but system members or readers should
only be able to list or get credentials. Users who are not system
users should only be able to manage their credentials.
[0]
http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html
[1]
http://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/policies/ec2_credential.py?id=6e3f1f6e46787ed4542609c935c13cb85e91d7fc
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1818732/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
