Comment 10 for bug 1750673

Reviewed: https://review.openstack.org/638587
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=425d48ec0aa44b46c628d8c238bcf97f315d0f05
Submitter: Zuul
Branch: master

commit 425d48ec0aa44b46c628d8c238bcf97f315d0f05
Author: Vishakha Agarwal <email address hidden>
Date: Fri Feb 22 00:51:40 2019 +0530

    Implement domain reader for role_assignments

    This change adds tests cases for the default roles
    keystone supports at install time. It also modifies
    the policies for the role_assignments API to be more
    self-service by properly checking for scopes if accessed
    with a domain-scoped tokens. This gives domain users the
    power to query role assignments within the domain they
    have authorization on without exposing other assignment
    information in the deployment, domains, or projects.

    Subsequent patches will:

      - add functionality for domain members
      - add functionality for domain admins
      - add functionality for project readers
      - add functionality for project members
      - add functionality for project admins
      - remove the obsolete policies from policy.v3cloudsample.json

    Co-Authored-By: Lance Bragstad <email address hidden>

    Partial-Bug: 1750673
    Change-Id: I0c6d202a315d4683e2589f0d9121e93c97fb13e4