Need enhancement over bug fix1186059
Bug #1233874 reported by
Arvind Tiwari
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Arvind Tiwari | ||
Bug Description
As a fix for bug 1186059 we have added user_id from "x-subject-token" to the API target and that is good to introduce a notion of token owner in policy.
https:/
Only user_id in the target is not sufficient to define a policy rule like
"role:admin and domain_
We need to introduce domain_id in policy_dict so that above mentioned rule can be defined.
| Changed in keystone: | |
| assignee: | nobody → Arvind Tiwari (arvind-tiwari) |
| Changed in keystone: | |
| importance: | Undecided → Wishlist |
| Changed in keystone: | |
| status: | New → In Progress |
| description: | updated |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #1 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| milestone: | none → icehouse-2 |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 19620076f587f92
Author: Arvind Tiwari <email address hidden>
Date: Tue Oct 8 15:16:11 2013 -0600
Policy based domain isolation can't be defined.
Policy based domain isolation is not possible on token
APIs due to lack of domain_id in policy_dict for API target
Closes-Bug: 1233874
Closes-Bug: 1251048
Change-Id: I855ec8ff4899ba