375964f270
Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7
10 lines
500 B
YAML
10 lines
500 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds support for creating, reading, and deleting application credentials
|
|
via the ``appication credential`` command. With application credentials, a
|
|
user can grant their applications limited access to their cloud resources.
|
|
Once created, users can authenticate with an application credential by
|
|
using the ``v3applicationcredential`` auth type.
|
|
[`blueprint application-credentials <https://blueprints.launchpad.net/keystone/+spec/application-credentials>`_]
|