For the record this was resolved in upstream release 11.0.0.0b3 and verified in corresponding Ubuntu package python- keystone_11.0.0~b3-0ubuntu1_all.deb
** No longer affects: cloud-archive -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1651989 Title: domain admin token will be treated as cloud admin Status in OpenStack Identity (keystone): Fix Released Status in keystone package in Juju Charms Collection: In Progress Bug description: The new capability of is_admin_project is currently only supported for projects. However, the existing code for token models will return is_admin_project as True if the attribute has not been set. Hence admin domain tokens might get interpreted as cloud admin tokens. This is currently masked by a bug in our policy samples that do not correctly check for is_admin_project. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1651989/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
