yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1233874] Re: Need enhancement over bug fix1186059

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 22 Jan 2014 15:47:12 -0000
Reply-to: Bug 1233874 <1233874@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1233874

Title:
  Need enhancement over bug fix1186059

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  As a fix for bug 1186059 we have added user_id from "x-subject-token" to the API target and that is good to introduce a notion of token owner in policy.
  https://review.openstack.org/#/c/46123/21/keystone/common/controller.py

  Only user_id in the target is not sufficient to define a policy rule
  like

  "role:admin and domain_id:%(target.entity.domain_id)s" (admin role
  from token owner's domain)

  We need to introduce domain_id in policy_dict so that above mentioned
  rule can be defined.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1233874/+subscriptions