Thanks. After I sent the mail, we had a good conversation with Rabi and understood the whole background. Horizon will try to support better keystone v3 support in Ocata cycle.
2016-09-21 22:47 GMT+09:00 Zane Bitter <zbit...@redhat.com>: > On 21/09/16 03:30, Akihiro Motoki wrote: > >> Hi, >> >> The default policy.json provided by heat limits 'service-list' API to >> 'admin' project like below. >> Is there any reason 'admin' role user in non-'admin' project cannot >> see service-list? >> > > https://bugs.launchpad.net/keystone/+bug/968696 > > "service:index": "rule:context_is_admin", >> "context_is_admin": "role:admin and is_admin_project:True", >> >> I noticed this when investigating a horizon bug >> https://bugs.launchpad.net/horizon/+bug/1624834. >> horizon currently has a bit different policy engine and it does not >> support is_admin_project:True. >> We would like to know the background of this default configuration. >> >> Thanks, >> Akihiro >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
