[openstack-dev] [keystone] Does the policy.json for trustsworks?
William M Edmonds
edmondsw at us.ibm.com
Mon Sep 18 20:57:47 UTC 2017
Adrian Turjak <adriant at catalyst.net.nz> wrote on 09/18/2017 01:39:20 AM:
> Bug submitted:
> Note that this is an odd one, since the current state (while unhelpful)
> is safe, fixing it has a chance of exposing an API to users that
> shouldn't be able to use it if operators don't update their policy file
> to match the new default we'd add.
I think we're actually mostly ok here. The one rule that looks off is the
one that I think you may have thought was correct... create_trust. I
updated the bug with reasoning. Please take a look and comment if I've
missed something or you've got further questions. Specific examples that
you've tried and got unexpected results would provide useful talking
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev