yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1208641] Re: Admin roles should not use project scoped tokens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: justinsb <1208641@xxxxxxxxxxxxxxxxxx>
Date: Tue, 06 Aug 2013 18:00:32 -0000
Reply-to: Bug 1208641 <1208641@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks David.  I raised bug #1208940 so that the Keystone folk can
confirm that you can use a domain token as a project token; hopefully we
can get the docs clarified so others won't get as confused as I did.

(I do have some concerns about the idea of using a project token as a
domain token, but we can re-open this bug if Keystone tokens are going
to be "strictly scoped")

** Changed in: horizon
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1208641

Title:
  Admin roles should not use project scoped tokens

Status in OpenStack Dashboard (Horizon):
  Invalid

Bug description:
  I may be wrong here, but I think Horizon is using project-scoped
  tokens to make admin calls (e.g. list hypervisors).

  Based on my readings of the Identity V3 API, that will have to change
  to be domain-scoped tokens.    I have proposed that we treat unscoped
  tokens as == domain tokens for V2 Identity clients, but in any case I
  think Horizon should use either domain-scoped V3 tokens or unscoped V2
  tokens.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1208641/+subscriptions