Comment 4 for bug 1651989

Reviewed: https://review.openstack.org/411563
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ef48072d94f780ebaacee8c3ddf02a68193fa74d
Submitter: Jenkins
Branch: master

commit ef48072d94f780ebaacee8c3ddf02a68193fa74d
Author: Steve Martinelli <email address hidden>
Date: Thu Dec 15 17:48:16 2016 -0800

    Fix cloud_admin rule and ensure only project tokens can be cloud admin

    The current rule fails to load with oslo.policy, the correct
    value used to determine the admin project for the cloud_admin should
    simply be: `is_admin_project:True`, since that is what is stored
    in oslo.context.

    This problem was masking a more serious issue that domain admin tokens
    could be misinterpreted as cloud admin tokens.

    Change-Id: I3ea562c01e06e6c519fdaec3ab6e1dac204ced71
    Closes-Bug: 1547684
    Closes-Bug: 1651989