[openstack-dev] [keystone] Does the policy.json for trustsworks?
William M Edmonds
edmondsw at us.ibm.com
Mon Sep 18 20:57:47 UTC 2017
Adrian Turjak <adriant at catalyst.net.nz> wrote on 09/18/2017 01:39:20 AM:
>
> Bug submitted:
>
> https://urldefense.proofpoint.com/v2/url?
>
u=https-3A__bugs.launchpad.net_keystone_-2Bbug_1717847&d=DwIGaQ&c=jf_iaSHvJObTbx-
>
siA1ZOg&r=uPMq7DJxi29v-9CkM5RT0pxLlwteWvldJgmFhLURdvg&m=pc-9BTikvQSYJU9gcS334Ut4ER1gN6c2hXl3vGzdTPY&s=9S9InbF78aSW8ums9lJm8snzR6XbHYUibLuPMFLmnFU&e=
>
> Note that this is an odd one, since the current state (while unhelpful)
> is safe, fixing it has a chance of exposing an API to users that
> shouldn't be able to use it if operators don't update their policy file
> to match the new default we'd add.
>
>
I think we're actually mostly ok here. The one rule that looks off is the
one that I think you may have thought was correct... create_trust. I
updated the bug with reasoning. Please take a look and comment if I've
missed something or you've got further questions. Specific examples that
you've tried and got unexpected results would provide useful talking
points. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170918/87c5e9d7/attachment.html>
More information about the OpenStack-dev
mailing list