Hi, Looking at code from Keystone I found something that doesn't make sense to me. Looking at __validate_service_or_keystone_admin_token <https://github.com/openstack/keystone/blob/master/keystone/logic/service.py#L510>method Keystone-admin-role is valid only if it isn't associated to any tenant ( role_ref.tenant_id is None), so a user has Admin role for all tenants or none, is this the expected behavior? Is it possible to grant Admin role for specific tenant in any way? I think would be more flexible being able to grant role to specific tenant too, but I suppose there is a good reason for this, it isn't?
Bye
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
