[Bug 1651989] Re: domain admin token will be treated as cloud admin

Frode Nordahl frode.nordahl at gmail.com
Thu Feb 16 07:30:33 UTC 2017


For the record this was resolved in upstream release 11.0.0.0b3 and
verified in corresponding Ubuntu package python-
keystone_11.0.0~b3-0ubuntu1_all.deb

** No longer affects: cloud-archive

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1651989

Title:
  domain admin token will be treated as cloud admin

Status in OpenStack Identity (keystone):
  Fix Released
Status in keystone package in Juju Charms Collection:
  In Progress

Bug description:
  The new capability of is_admin_project is currently only supported for
  projects. However, the existing code for token models will return
  is_admin_project as True if the attribute has not been set. Hence
  admin domain tokens might get interpreted as cloud admin tokens. This
  is currently masked by a bug in our policy samples that do not
  correctly check for is_admin_project.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1651989/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list