Description of problem:
The V2 API in keystone does not use the /etc/keystone/policy.json file to determine access to the get_endpoints method.
Version-Release number of selected component (if applicable):
This is true upstream as well.
Easy to reproduce.
Steps to Reproduce:
On a packstack allinone:
1. modify /etc/keystone/policy.json and add the following rule:
"member": [["role:_member_"], ["role:Member"]],
2. change the identity:get_endpoints rule to use this:
3. restart the keystone service
4. try to list the endpoints as a non-admin user
[root@01166114 ~(keystone_demo)]# keystone endpoint-list
You are not authorized to perform the requested action, admin_required. (HTTP 403)
List the endpoints.
Filed upstream bug with proposed patch with help from Adam Young.