<div dir="ltr">Thanks. After I sent the mail, we had a good conversation with Rabi and understood the whole background.<div>Horizon will try to support better keystone v3 support in Ocata cycle.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-21 22:47 GMT+09:00 Zane Bitter <span dir="ltr"><<a href="mailto:zbitter@redhat.com" target="_blank">zbitter@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 21/09/16 03:30, Akihiro Motoki wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
The default policy.json provided by heat limits 'service-list' API to<br>
'admin' project like below.<br>
Is there any reason 'admin' role user in non-'admin' project cannot<br>
see service-list?<br>
</blockquote>
<br>
</span><a href="https://bugs.launchpad.net/keystone/+bug/968696" rel="noreferrer" target="_blank">https://bugs.launchpad.net/key<wbr>stone/+bug/968696</a><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
   "service:index": "rule:context_is_admin",<br>
    "context_is_admin": "role:admin and is_admin_project:True",<br>
<br>
I noticed this when investigating a horizon bug<br>
<a href="https://bugs.launchpad.net/horizon/+bug/1624834" rel="noreferrer" target="_blank">https://bugs.launchpad.net/hor<wbr>izon/+bug/1624834</a>.<br>
horizon currently has a bit different policy engine and it does not<br>
support is_admin_project:True.<br>
We would like to know the background of this default configuration.<br>
<br>
Thanks,<br>
Akihiro<br>
<br></span>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br>
</blockquote>
<br>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
</blockquote></div><br></div>