Comment 2 for bug 1732502

Thanks for your investigation, Kristi.

My aim is to be able to get domain's (not default) projects list with a user who has admin role on that domain.
I have domain "domain-a" and 2 projects belonging to it domain-a, project-1 and project-2, and also a user domain-a-user with admin role on domain-a.

As I understood, in PIKE, using the domain-a-user, "openstack project list --domain domain-a" is working while the policy states:

"admin_required": "role:admin"
"admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s"
"identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id"

Is that true?

In my Newton RDO, it's not working.
So was it a bug in Newton which was fixed in Ocata or Pike?

Thank you