commit ef48072d94f780ebaacee8c3ddf02a68193fa74d
Author: Steve Martinelli <email address hidden>
Date: Thu Dec 15 17:48:16 2016 -0800
Fix cloud_admin rule and ensure only project tokens can be cloud admin
The current rule fails to load with oslo.policy, the correct
value used to determine the admin project for the cloud_admin should
simply be: `is_admin_project:True`, since that is what is stored
in oslo.context.
This problem was masking a more serious issue that domain admin tokens
could be misinterpreted as cloud admin tokens.
Reviewed: https:/ /review. openstack. org/411563 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=ef48072d94f 780ebaacee8c3dd f02a68193fa74d
Committed: https:/
Submitter: Jenkins
Branch: master
commit ef48072d94f780e baacee8c3ddf02a 68193fa74d
Author: Steve Martinelli <email address hidden>
Date: Thu Dec 15 17:48:16 2016 -0800
Fix cloud_admin rule and ensure only project tokens can be cloud admin
The current rule fails to load with oslo.policy, the correct project: True`, since that is what is stored
value used to determine the admin project for the cloud_admin should
simply be: `is_admin_
in oslo.context.
This problem was masking a more serious issue that domain admin tokens
could be misinterpreted as cloud admin tokens.
Change-Id: I3ea562c01e06e6 c519fdaec3ab6e1 dac204ced71
Closes-Bug: 1547684
Closes-Bug: 1651989