Hello Valeriy, agree, that would be very useful. I think that this deserves attention and cross project discussion. Maybe a community goal process [2] is a valid path forward in this regard.
[2] https://governance.openstack.org/tc/goals/ On Tue, Jun 20, 2017 at 11:15 AM, Valeriy Ponomaryov < vponomar...@mirantis.com> wrote: > Hello OpenStackers, > > Wanted to pay some attention to one of restrictions in OpenStack. > It came out, that it is impossible to define policy rules for API services > based on "domain_id". > As far as I know, only Keystone supports it. > > So, it is unclear whether it is intended or it is just technical debt that > each OpenStack project should > eliminate? > > For the moment, I filed bug [1]. > > Use case is following: usage of Keystone API v3 all over the cloud and > level of trust is domain, not project. > > And if it is technical debt how much different teams are interested in > having such possibility? > > [1] https://bugs.launchpad.net/nova/+bug/1699060 > > -- > Kind Regards > Valeriy Ponomaryov > www.mirantis.com > vponomar...@mirantis.com > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Adam Heczko Security Engineer @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev