Always add is_admin_project if admin project defined
By only setting is_admin_project in the token if it is true we are
unable to distinguish in policy enforcement if the admin project is not
defined in configuration or if the current scope is not the admin
project.
If the admin project is defined in config we should always set the
is_admin_project in the token either true or false so we can provide
backwards compatible policy files in projects.
Reviewed: https:/ /review. openstack. org/312323 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=ed634e8cdcd f385b749bbb9e95 1104989a020277
Committed: https:/
Submitter: Jenkins
Branch: master
commit ed634e8cdcdf385 b749bbb9e951104 989a020277
Author: Jamie Lennox <email address hidden>
Date: Wed May 4 14:30:56 2016 +1000
Always add is_admin_project if admin project defined
By only setting is_admin_project in the token if it is true we are
unable to distinguish in policy enforcement if the admin project is not
defined in configuration or if the current scope is not the admin
project.
If the admin project is defined in config we should always set the admin_project in the token either true or false so we can provide
is_
backwards compatible policy files in projects.
Change-Id: Icdfc4f4792422a f9d844004c2c929 93c9065134d
Closes-Bug: #1577996