Need enhancement over bug fix1186059
Bug #1233874 reported by
Arvind Tiwari
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Arvind Tiwari |
Bug Description
As a fix for bug 1186059 we have added user_id from "x-subject-token" to the API target and that is good to introduce a notion of token owner in policy.
https:/
Only user_id in the target is not sufficient to define a policy rule like
"role:admin and domain_
We need to introduce domain_id in policy_dict so that above mentioned rule can be defined.
Changed in keystone: | |
assignee: | nobody → Arvind Tiwari (arvind-tiwari) |
Changed in keystone: | |
importance: | Undecided → Wishlist |
Changed in keystone: | |
status: | New → In Progress |
description: | updated |
Changed in keystone: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/50488 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=19620076f58 7f925c5d2fa5978 0c1a80dde15db2
Committed: https:/
Submitter: Jenkins
Branch: master
commit 19620076f587f92 5c5d2fa59780c1a 80dde15db2
Author: Arvind Tiwari <email address hidden>
Date: Tue Oct 8 15:16:11 2013 -0600
Policy based domain isolation can't be defined.
Policy based domain isolation is not possible on token
APIs due to lack of domain_id in policy_dict for API target
Closes-Bug: 1233874
Closes-Bug: 1251048
Change-Id: I855ec8ff4899ba 3797a2e2bb23945 ab4b23d2bea