[Openstack-security] [openstack/keystone] SecurityImpact review request change Ic9cf9862739381a30130b4be87075f726736ff88
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Dec 1 15:33:55 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/240719
Log:
commit e7023697a884759716d0a01605825a3af90d4db6
Author: Adam Young <ayoung at redhat.com>
Date: Sun Oct 11 23:15:52 2015 -0400
set `is_admin` on tokens for admin project
Adds two new configuration value:
admin_project_name
admin_project_domain_name
If both values are set, and tokens requested for
projects (only, not domains) that match both will have an
additional value in them; `is_admin_project=true`
DocImpact
-- Configuration changes need documentation
APIImpact
-- Adds optional return values in token validation calls
SecurityImpact
-- Should be helpful in making access control decisions
Implements: blueprint is-admin-project
Partial-Bug: #968696
Change-Id: Ic9cf9862739381a30130b4be87075f726736ff88
More information about the Openstack-security
mailing list