So the plan was to maybe add a new rule to oslo.policy like just is_admin_project or something - however as part of the oslo.context refactoring and making that common between projects we now have {'is_admin_project': True/False} as part of most context dicts. This means that you can enforce policy just as is_admin_project:True in your policy files.
I guess it would be slightly neater to have this as a policy rule because it's unlikely you'd ever check for False but it hasn't been a priority.
Lance:
So the plan was to maybe add a new rule to oslo.policy like just is_admin_project or something - however as part of the oslo.context refactoring and making that common between projects we now have {'is_admin_ project' : True/False} as part of most context dicts. This means that you can enforce policy just as is_admin_ project: True in your policy files.
I guess it would be slightly neater to have this as a policy rule because it's unlikely you'd ever check for False but it hasn't been a priority.
Do you think it worth chasing?