We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain.
We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place.
We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain.
We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place.
[0] https:/ /github. com/openstack/ keystone/ blob/45c19fcd8c 4cc382a7471432c d9f72b809e1d5b1 /keystone/ resource/ core.py# L526-L532