[Yahoo-eng-team] [Bug 1454531] Re: list_user_projects() can't get filtered by 'domain_id'.

2016-03-08 Thread OpenStack Infra 
Reviewed:  https://review.openstack.org/182569
Committed: 
https://git.openstack.org/cgit/openstack/keystone/commit/?id=3425c1fffe9cb40c759ccec516483e06225d65cd
Submitter: Jenkins
Branch:master

commit 3425c1fffe9cb40c759ccec516483e06225d65cd
Author: darren-wang 
Date:   Wed May 13 16:28:52 2015 +0800

Adding 'domain_id' filter to list_user_projects()

Closes-Bug: #1454531
Change-Id: I01af5376505f49c3c7c1906b7bc9511adb114632


** Changed in: keystone
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1454531

Title:
  list_user_projects() can't get filtered by 'domain_id'.

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Here is our use case, we want our tenant domain admin(e.g., Bob) to
  have this capability: Bob(domain-scoped) can list the projects that
  one user has roles on, and the projects Bob get should only belong to
  Bob's scoping domain.

  When we  read the rule in policy.v3cloudsample.json for 
"identity:list_user_projects", we are happy it's the same as what we want:
  {...
  "admin_and_matching_domain_id": "rule:admin_required and 
domain_id:%(domain_id)s",
  "identity:list_user_projects": "rule:owner or 
rule:admin_and_matching_domain_id",
  ...}

  I thought we could use this API with query string 'domain_id', thus
  Bob can and only can query projects in his scoping domain, but it
  doesn't work, since the  @controller.filterprotected('enabled',
  'name')  for list_user_projects() exclude the possibility of taking
  'domain_id' as a query string even it's useful to us and recorded in
  the policy file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1454531/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1454531] Re: list_user_projects() can't get filtered by 'domain_id'.

2016-03-03 Thread David Stanek 
** Changed in: keystone
   Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1454531

Title:
  list_user_projects() can't get filtered by 'domain_id'.

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  Here is our use case, we want our tenant domain admin(e.g., Bob) to
  have this capability: Bob(domain-scoped) can list the projects that
  one user has roles on, and the projects Bob get should only belong to
  Bob's scoping domain.

  When we  read the rule in policy.v3cloudsample.json for 
"identity:list_user_projects", we are happy it's the same as what we want:
  {...
  "admin_and_matching_domain_id": "rule:admin_required and 
domain_id:%(domain_id)s",
  "identity:list_user_projects": "rule:owner or 
rule:admin_and_matching_domain_id",
  ...}

  I thought we could use this API with query string 'domain_id', thus
  Bob can and only can query projects in his scoping domain, but it
  doesn't work, since the  @controller.filterprotected('enabled',
  'name')  for list_user_projects() exclude the possibility of taking
  'domain_id' as a query string even it's useful to us and recorded in
  the policy file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1454531/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1454531] Re: list_user_projects() can't get filtered by 'domain_id'.

2015-12-03 Thread Doug Hellmann 
** Changed in: keystone
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1454531

Title:
  list_user_projects() can't get filtered by 'domain_id'.

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Here is our use case, we want our tenant domain admin(e.g., Bob) to
  have this capability: Bob(domain-scoped) can list the projects that
  one user has roles on, and the projects Bob get should only belong to
  Bob's scoping domain.

  When we  read the rule in policy.v3cloudsample.json for 
"identity:list_user_projects", we are happy it's the same as what we want:
  {...
  "admin_and_matching_domain_id": "rule:admin_required and 
domain_id:%(domain_id)s",
  "identity:list_user_projects": "rule:owner or 
rule:admin_and_matching_domain_id",
  ...}

  I thought we could use this API with query string 'domain_id', thus
  Bob can and only can query projects in his scoping domain, but it
  doesn't work, since the  @controller.filterprotected('enabled',
  'name')  for list_user_projects() exclude the possibility of taking
  'domain_id' as a query string even it's useful to us and recorded in
  the policy file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1454531/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp