Comment 17 for bug 1807697

Thanks for the answer, then I'm going to take actions at service side.

2019년 5월 17일 (금) 오전 2:21, Colleen Murphy <email address hidden>님이 작성:

> I could see possibly adding the project parent ID to the token body,
> however again you could just query keystone to get the project's parent.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1807697
>
> Title:
> RFE: Token returns Project's tag properties
>
> Status in OpenStack Identity (keystone):
> In Progress
>
> Bug description:
>
> From an operator perspective, there are many situations where you need
> to add an ACL for each project. Currently, keystore and openstack policies
> do not seem to have any fine-grained APIs for project-specific privilege
> control.
>
> For specific, if we want to restrict some network resources per
> projects we have to assign neutron's rbac_policy which enable to map
> specific project with network sources rather than using oslo.policy.
>
> I found that if we can handle project's extra properties in policy
> code, developer can check the custom properties for their own ACL
> logic which can be added by oslo.policy. There is already enough
> required code in keystone codebase for returning token with project
> extra property, IMHO it can be added without major changes.
>
> Thanks in advance.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/keystone/+bug/1807697/+subscriptions
>