yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1480480] [NEW] keystone v3 example policy file should allow domain admin to get it's current domain

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dan Nguyen <dan.nguyens.mail@xxxxxxxxx>
Date: Fri, 31 Jul 2015 22:45:01 -0000
Reply-to: Bug 1480480 <1480480@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The example keystone v3 policy file should allow domain admin to get
it's domain.

https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json#L32


-    "identity:get_domain": "rule:cloud_admin",
+    "identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id",


>From horizon this will give the Domain Admin a read only view of the Domain containing the following data.

Name    Description     Domain ID       Enabled

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1480480

Title:
  keystone v3 example policy file should allow domain admin to  get it's
  current domain

Status in Keystone:
  New

Bug description:
  The example keystone v3 policy file should allow domain admin to get
  it's domain.

  https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json#L32

  
  -    "identity:get_domain": "rule:cloud_admin",
  +    "identity:get_domain": "rule:cloud_admin or rule:admin_and_matching_domain_id",

  
  From horizon this will give the Domain Admin a read only view of the Domain containing the following data.

  Name    Description     Domain ID       Enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1480480/+subscriptions

Follow ups

[Bug 1480480] Re: keystone v3 example policy file should allow domain admin to get it's current domain
From: Doug Hellmann, 2015-09-03