My aim is to be able to get domain's (not default) projects list with a user who has admin role on that domain.
I have domain "domain-a" and 2 projects belonging to it domain-a, project-1 and project-2, and also a user domain-a-user with admin role on domain-a.
As I understood, in PIKE, using the domain-a-user, "openstack project list --domain domain-a" is working while the policy states:
"admin_required": "role:admin"
"admin_and_matching_domain_id": "rule:admin_required and domain_id:%(domain_id)s"
"identity:list_projects": "rule:cloud_admin or rule:admin_and_matching_domain_id"
Is that true?
In my Newton RDO, it's not working.
So was it a bug in Newton which was fixed in Ocata or Pike?
Thanks for your investigation, Kristi.
My aim is to be able to get domain's (not default) projects list with a user who has admin role on that domain.
I have domain "domain-a" and 2 projects belonging to it domain-a, project-1 and project-2, and also a user domain-a-user with admin role on domain-a.
As I understood, in PIKE, using the domain-a-user, "openstack project list --domain domain-a" is working while the policy states:
"admin_required": "role:admin" and_matching_ domain_ id": "rule:admin_ required and domain_ id:%(domain_ id)s" list_projects" : "rule:cloud_admin or rule:admin_ and_matching_ domain_ id"
"admin_
"identity:
Is that true?
In my Newton RDO, it's not working.
So was it a bug in Newton which was fixed in Ocata or Pike?
Thank you