[openstack-dev] [all] Policy rules for APIs based on "domain_id"

Valeriy Ponomaryov vponomaryov at mirantis.com
Tue Jun 20 09:15:24 UTC 2017

Hello OpenStackers,

Wanted to pay some attention to one of restrictions in OpenStack.
It came out, that it is impossible to define policy rules for API services
based on "domain_id".
As far as I know, only Keystone supports it.

So, it is unclear whether it is intended or it is just technical debt that
each OpenStack project should

For the moment, I filed bug [1].

Use case is following: usage of Keystone API v3 all over the cloud and
level of trust is domain, not project.

And if it is technical debt how much different teams are interested in
having such possibility?

[1] https://bugs.launchpad.net/nova/+bug/1699060

Kind Regards
Valeriy Ponomaryov
vponomaryov at mirantis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170620/882e4149/attachment.html>

More information about the OpenStack-dev mailing list