Public bug reported: The new capability of is_admin_project is currently only supported for projects. However, the existing code for token models will return is_admin_project as True if the attribute has not been set. Hence admin domain tokens might get interpreted as cloud admin tokens. This is currently masked by a bug in our policy samples that do not correctly check for is_admin_project.
** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1651989 Title: domain admin token will be treated as cloud admin Status in OpenStack Identity (keystone): New Bug description: The new capability of is_admin_project is currently only supported for projects. However, the existing code for token models will return is_admin_project as True if the attribute has not been set. Hence admin domain tokens might get interpreted as cloud admin tokens. This is currently masked by a bug in our policy samples that do not correctly check for is_admin_project. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1651989/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp