openstack/keystone
Code Issues Proposed changes
e21ea06613
keystone/releasenotes/notes/deprecated-as-of-rocky-60b2fa05d07d3a28.yaml
Kristi Nikolla b874977455 Deprecate [token] infer_roles=False 
The option `[token] infer_roles=False` is being deprecated in
favor of always expanding role implications during token
validation.

Default roles depend on a chain of implied role assignments.
Ex: an admin user will also have the reader and member role.
By ensuring that all these roles will always appear on the
token validation response, we can improve the simplicity and
readability of policy files.

blueprint deprecated-as-of-rocky

Change-Id: Id36c5b8f6a92f5f3e42e4bcedc3e2dd64eaeb130
2018-07-25 15:01:49 -04:00

12 lines
572 B
YAML
Raw Blame History

---
deprecations:
- >
The option ``[token] infer_roles=False`` is being deprecated in favor of
always expanding role implications during token validation.
`Default roles <https://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/define-default-roles.html>`_
depend on a chain of implied role assignments, ex: an admin user will also
have the reader and member role. Therefore by ensuring that all these roles will
always appear on the token validation response, we can improve the
simplicity and readability of policy files.
View Git Blame Copy Permalink