keystone/releasenotes/notes/bug-1705485-7a1ad17b9cc99b9...

20 lines
983 B
YAML

---
upgrade:
- |
[`bug 1705485 <https://bugs.launchpad.net/keystone/+bug/1705485>`_]
The `change_password` protection policy can be removed from file-based
policies. This policy is no longer used to protect the self-service
password change API since the logic was moved into code. Note that the
administrative password reset functionality is still protected via policy
on the `update_user` API.
fixes:
- |
[`bug 1705485 <https://bugs.launchpad.net/keystone/+bug/1705485>`_]
A `previous change <https://review.opendev.org/#/c/404022/>`_ removed
policy from the self-service password API. Since a user is required to
authenticate to change their password, protection via policy didn't
necessarily make sense. This change removes the default policy from code,
since it is no longer required or used by the service. Note that
administrative password resets for users are still protected via policy
through a separate endpoint.