OpenStack Identity (keystone)

  1. Bug #1588190
  2. Comment #6

Comment 6 for bug 1588190

Revision history for this message
Steve Martinelli (stevemar) wrote :

Looking at the two default policy files, i'm not sure what is causing the regression:

for liberty, the "admin_required" rule evaluates to: "admin_required": "role:admin"

liberty: "cloud_admin": "rule:admin_required and domain_id:admin_domain_id",
mitaka: "cloud_admin": "role:admin and (token.is_admin_project:True or domain_id:admin_domain_id)",

And since the extra stuff related to "token.is_admin_project:True" is in an OR, that change should be backwards compatible.