On 21/09/16 03:30, Akihiro Motoki wrote: > Hi, > > The default policy.json provided by heat limits 'service-list' API to > 'admin' project like below. > Is there any reason 'admin' role user in non-'admin' project cannot > see service-list? https://bugs.launchpad.net/keystone/+bug/968696 > "service:index": "rule:context_is_admin", > "context_is_admin": "role:admin and is_admin_project:True", > > I noticed this when investigating a horizon bug > https://bugs.launchpad.net/horizon/+bug/1624834. > horizon currently has a bit different policy engine and it does not > support is_admin_project:True. > We would like to know the background of this default configuration. > > Thanks, > Akihiro > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >