Reviewed: https://review.openstack.org/279703 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f984518971fe2c91630016c8e726ae00e5d41e6a Submitter: Jenkins Branch: master
commit f984518971fe2c91630016c8e726ae00e5d41e6a Author: John Dennis <jden...@redhat.com> Date: Thu Feb 11 11:31:36 2016 -0500 Convert assignment.root_role config option to list of strings The assigment.root_role config option was previously a single string which specified a role name that was prohibited from being added as an implied role. By default it was 'admin'. For greater flexibility we now permit a list of role names that are prohibited from being implied. Summary of changes: * Change assigment.root_role from cfg.StrOpt to cfg.ListOpt. ListOpt is preferred over MultiStrOpt because of config file formatting. Update help for option. * Change assigment.root_role name to assignment.prohibited_implied_role * Change test for implied role name from string equality to membership in list of strings. * Expand ImpliedRolesTests.test_root_role_as_implied_role_forbidden() unit test to test 2 prohibited implied role names and 1 valid implied. role name. Change-Id: Idfe14080e2f1ec1e89b85d8f5f00aad187f1fd22 Closes-Bug: #1541540 Signed-off-by: John Dennis <jden...@redhat.com> ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1541540 Title: Implied role "root_role" config needs to be expanded Status in OpenStack Identity (keystone): Fix Released Bug description: The "root_role" option is insufficient for blocking "implied" roles. This needs to be expanded to where a list opt makes sense. There will likely be many cases where more than one role should never be allowed to be implied, for example "domain admin" if the domain admin needs to come from SSO. Suggest making it an option that is a listopt and calling it something not "root_role". To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1541540/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp