Public bug reported:
The new capability of is_admin_project is currently only supported for
projects. However, the existing code for token models will return
is_admin_project as True if the attribute has not been set. Hence admin
domain tokens might get interpreted as cloud admin tokens. This is
currently masked by a bug in our policy samples that do not correctly
check for is_admin_project.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1651989
Title:
domain admin token will be treated as cloud admin
Status in OpenStack Identity (keystone):
New
Bug description:
The new capability of is_admin_project is currently only supported for
projects. However, the existing code for token models will return
is_admin_project as True if the attribute has not been set. Hence
admin domain tokens might get interpreted as cloud admin tokens. This
is currently masked by a bug in our policy samples that do not
correctly check for is_admin_project.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1651989/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
