[openstack-dev] [Common] context-is-admin causes project_id to not be passed to API layer
Dolph Mathews
dolph.mathews at gmail.com
Wed Sep 25 16:29:36 UTC 2013
On Tue, Sep 24, 2013 at 10:12 PM, Pendergrass, Eric <eric.pendergrass at hp.com
> wrote:
> While debugging a token auth problem I noticed that the enforcer
> searches the role list in a token for a role called ‘admin’ (any case). If
> it’s present, the enforcer returns true and the acl does not set the
> X-Project-Id header on the request.****
>
> ** **
>
> I was wondering what the reason for not setting project id is in this
> case. I assume it is a mechanism for privilege scoping for a
> highly-privileged user.
>
Can you provide a link to the code you're referring to? It sounds like a
bug, but maybe I'm just missing context.
> ****
>
> ** **
>
> Also, the name ‘admin’ seems like a sensible choice to denote an admin
> user. Is there any other meaning behind the role name than this?
>
No, it's just a broadly used convention (in docs, sample policy.json files,
etc).
> ****
>
> ** **
>
> Many thanks,****
>
> Eric****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130925/634c24c9/attachment.html>
More information about the OpenStack-dev
mailing list