[Bug 1651989] Re: domain admin token will be treated as cloud admin

Frode Nordahl frode.nordahl at gmail.com
Thu Feb 16 07:30:33 UTC 2017

For the record this was resolved in upstream release and
verified in corresponding Ubuntu package python-

** No longer affects: cloud-archive

You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.

  domain admin token will be treated as cloud admin

Status in OpenStack Identity (keystone):
  Fix Released
Status in keystone package in Juju Charms Collection:
  In Progress

Bug description:
  The new capability of is_admin_project is currently only supported for
  projects. However, the existing code for token models will return
  is_admin_project as True if the attribute has not been set. Hence
  admin domain tokens might get interpreted as cloud admin tokens. This
  is currently masked by a bug in our policy samples that do not
  correctly check for is_admin_project.

To manage notifications about this bug go to:

More information about the Ubuntu-openstack-bugs mailing list