[openstack-dev] [keystone] Does the policy.json for trustsworks?

William M Edmonds edmondsw at us.ibm.com
Mon Sep 18 20:57:47 UTC 2017

Adrian Turjak <adriant at catalyst.net.nz> wrote on 09/18/2017 01:39:20 AM:
> Bug submitted:
> https://urldefense.proofpoint.com/v2/url?


> Note that this is an odd one, since the current state (while unhelpful)
> is safe, fixing it has a chance of exposing an API to users that
> shouldn't be able to use it if operators don't update their policy file
> to match the new default we'd add.

I think we're actually mostly ok here. The one rule that looks off is the
one that I think you may have thought was correct... create_trust. I
updated the bug with reasoning. Please take a look and comment if I've
missed something or you've got further questions. Specific examples that
you've tried and got unexpected results would provide useful talking
points. Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170918/87c5e9d7/attachment.html>

More information about the OpenStack-dev mailing list