OpenStack Identity (keystone)

  1. Bug #1810983
  2. Comment #4

Comment 4 for bug 1810983

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/rocky)

Reviewed: https://review.openstack.org/629692
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a2e307ed4d526e21cddf7551f160b587b89360e4
Submitter: Zuul
Branch: stable/rocky

commit a2e307ed4d526e21cddf7551f160b587b89360e4
Author: Guang Yee <email address hidden>
Date: Wed Jan 9 16:07:36 2019 -0800

    correct the admin_or_target_domain rule

    With the removal of KeystoneToken from the token model, we longer
    have the ability to use the token data syntax in the policy rules.
    This change broke backward compatibility for those is deploying
    customized Keystone policies. Unfortunately, we can't go back
    to KeystoneToken model as the change was tightly coupled with
    the other refactored authorization functionalities.

    Since the scope information is now available in the credential
    dictionary, we can just make use of it instead. Those who have
    custom policies must update their policy files accordingly.

    Change-Id: I83eae5c390d720da05e91264519ae01e8ca32159
    closes-bug: 1810983