Public bug reported:
In a deployment of Openstack Yoga, I have the following policy.json
configured in Keystone: https://paste.ubuntu.com/p/F2PMP857mG/.
When I create a new domain, a project inside that domain, a user with
the role:Admin, and I set the context for that user/project/domain for
the CLI, I can perform actions like list and delete instances, images,
networks and routers created in the cloud_admin domain
domain_id:703118433996472d82713a3100b07432 and cloud_admin project
project_id:16264684b58747cba04a98c128f5044f.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2004031
Title:
User with admin_required in a non cloud_admin domain/project can
manage other domains with admin_required permissions
Status in OpenStack Identity (keystone):
New
Bug description:
In a deployment of Openstack Yoga, I have the following policy.json
configured in Keystone: https://paste.ubuntu.com/p/F2PMP857mG/.
When I create a new domain, a project inside that domain, a user with
the role:Admin, and I set the context for that user/project/domain for
the CLI, I can perform actions like list and delete instances, images,
networks and routers created in the cloud_admin domain
domain_id:703118433996472d82713a3100b07432 and cloud_admin project
project_id:16264684b58747cba04a98c128f5044f.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2004031/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
