Hello OpenStackers, Wanted to pay some attention to one of restrictions in OpenStack. It came out, that it is impossible to define policy rules for API services based on "domain_id". As far as I know, only Keystone supports it. So, it is unclear whether it is intended or it is just technical debt that each OpenStack project should eliminate? For the moment, I filed bug [1]. Use case is following: usage of Keystone API v3 all over the cloud and level of trust is domain, not project. And if it is technical debt how much different teams are interested in having such possibility? [1] https://bugs.launchpad.net/nova/+bug/1699060 -- Kind Regards Valeriy Ponomaryov www.mirantis.com vponomaryov at mirantis.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170620/882e4149/attachment.html>