[openstack-dev] [all] Policy rules for APIs based on "domain_id"
aheczko at mirantis.com
Tue Jun 20 10:07:46 UTC 2017
agree, that would be very useful. I think that this deserves attention and
cross project discussion.
Maybe a community goal process  is a valid path forward in this regard.
On Tue, Jun 20, 2017 at 11:15 AM, Valeriy Ponomaryov <
vponomaryov at mirantis.com> wrote:
> Hello OpenStackers,
> Wanted to pay some attention to one of restrictions in OpenStack.
> It came out, that it is impossible to define policy rules for API services
> based on "domain_id".
> As far as I know, only Keystone supports it.
> So, it is unclear whether it is intended or it is just technical debt that
> each OpenStack project should
> For the moment, I filed bug .
> Use case is following: usage of Keystone API v3 all over the cloud and
> level of trust is domain, not project.
> And if it is technical debt how much different teams are interested in
> having such possibility?
>  https://bugs.launchpad.net/nova/+bug/1699060
> Kind Regards
> Valeriy Ponomaryov
> vponomaryov at mirantis.com
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
Security Engineer @ Mirantis Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev