On Tue, Sep 24, 2013 at 10:12 PM, Pendergrass, Eric <eric.pendergr...@hp.com > wrote:
> While debugging a token auth problem I noticed that the enforcer > searches the role list in a token for a role called ‘admin’ (any case). If > it’s present, the enforcer returns true and the acl does not set the > X-Project-Id header on the request.**** > > ** ** > > I was wondering what the reason for not setting project id is in this > case. I assume it is a mechanism for privilege scoping for a > highly-privileged user. > Can you provide a link to the code you're referring to? It sounds like a bug, but maybe I'm just missing context. > **** > > ** ** > > Also, the name ‘admin’ seems like a sensible choice to denote an admin > user. Is there any other meaning behind the role name than this? > No, it's just a broadly used convention (in docs, sample policy.json files, etc). > **** > > ** ** > > Many thanks,**** > > Eric**** > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- -Dolph
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
