keystone/releasenotes/notes/bug-1804483-1d9ccfcb24f25f5...

32 lines
1.5 KiB
YAML

---
features:
- |
[`bug 1804483 <https://bugs.launchpad.net/keystone/+bug/1804483>`_]
The endpoint API now supports the ``admin``, ``member``, and
``reader`` default roles.
upgrade:
- |
[`bug 1804483 <https://bugs.launchpad.net/keystone/+bug/1804483>`_]
The endpoint API uses new default policies that make it more
accessible to end users and administrators in a secure way. Please
consider these new defaults if your deployment overrides
endpoint policies.
deprecations:
- |
[`bug 1804483 <https://bugs.launchpad.net/keystone/+bug/1804483>`_]
The endpoint policies have been deprecated. The ``identity:list_endpoints``
and ``identity:get_endpoint`` policies now use ``role:reader and system_scope:all``
instead of ``rule:admin_required``. The ``identity:create_endpoint``,
``identity:update_endpoint``, and ``identity:delete_endpoint`` policies
now use ``role:admin and system_scope:all`` instead of ``rule:admin_required``.
These new defaults automatically account
for system-scope and support a read-only role, making it easier
for system administrators to delegate subsets of responsibility
without compromising security. Please consider these new defaults
if your deployment overrides the endpoint policies.
security:
- |
[`bug 1804483 <https://bugs.launchpad.net/keystone/+bug/1804483>`_]
The endpoint API now uses system-scope and default roles to
provide better accessibility to users in a secure way.