239bed09a9
This change adds tests cases for the default roles keystone supports at install time. It also modifies the policies for the credentials API to be more self-service by properly checking for various scopes. Closes-Bug: 1788415 Partial-Bug: 968696 Change-Id: Ifedb7798c96930b6cc0f91159a14a21ac4b02f9f
26 lines
1.3 KiB
YAML
26 lines
1.3 KiB
YAML
---
|
|
upgrade:
|
|
- |
|
|
[`bug 1788415 <https://bugs.launchpad.net/keystone/+bug/1788415>`_]
|
|
[`bug 968696 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
|
|
Policies protecting the ``/v3/credentials`` API have changed defaults in
|
|
order to make the credentials API more accessible for all users and not
|
|
just operators or system administrator. Please consider these updates when
|
|
using this version of keystone since it could affect API behavior in your
|
|
deployment, especially if you're using a customized policy file.
|
|
security:
|
|
- |
|
|
[`bug 1788415 <https://bugs.launchpad.net/keystone/+bug/1788415>`_]
|
|
[`bug 968696 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
|
|
More granular policy checks have been applied to the credential API in
|
|
order to make it more self-service for users. By default, end users will
|
|
now have the ability to manage their credentials.
|
|
fixes:
|
|
- |
|
|
[`bug 1788415 <https://bugs.launchpad.net/keystone/+bug/1788415>`_]
|
|
[`bug 968696 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
|
|
Improved self-service support has been implemented in the credential API.
|
|
This means that end users have the ability to manage their own credentials
|
|
as opposed to filing tickets to have deployment administrators manage
|
|
credentials for users.
|