Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 30d48ff88782347e5deb31369aa228f7345cfc6f
commit30d48ff88782347e5deb31369aa228f7345cfc6f[log] [tgz]
authorLance Bragstad <lbragstad@gmail.com>Wed Dec 12 19:41:36 2018 +0000
committerLance Bragstad <lbragstad@gmail.com>Wed Feb 27 19:53:58 2019 +0000
tree062ae19a6ee20579bdac9a6edc66c8884fc5be1d
parent72f632222f6d90d3545b5d7ca48297da4218e2ea [diff]
Remove admin_domain_scope tempest setting

Keystone is currently working through a bunch of changes to add proper
system, domain, and project scope support for its API. This includes
implementing ``admin``, ``member``, and ``reader`` roles for system,
domain, and project assignments. More informaiton on those specific
changes can be found here:

  https://review.openstack.org/#/q/(status:open+OR+status:closed)+project:openstack/keystone+branch:master+topic:implement-default-roles

One thing that was uncovered in implementing that support for the
project API was that setting tempest
``CONF.identity.admin_domain_scope = True`` meant domain admins of one
domain would be able to list projects in other domains, highlighted in
the following patch:

  https://review.openstack.org/#/c/624218/2

This commit doesn't set this option and assumes the proper
domain-scoping behavior being built into keystone natively.

Change-Id: I12a57cc43de0b17eababa19b7b94de5277689f82
Related-Bug: 1750660
1 file changed
tree: 062ae19a6ee20579bdac9a6edc66c8884fc5be1d
  1. .gitignore
  2. .gitreview
  3. .mailmap
  4. .zuul.yaml
  5. FUTURE.rst
  6. HACKING.rst
  7. LICENSE
  8. MAINTAINERS.rst
  9. Makefile
  10. README.rst
  11. clean.sh
  12. data/
  13. doc/
  14. extras.d/
  15. files/
  16. functions
  17. functions-common
  18. gate/
  19. inc/
  20. lib/
  21. openrc
  22. pkg/
  23. playbooks/
  24. roles/
  25. run_tests.sh
  26. samples/
  27. setup.cfg
  28. setup.py
  29. stack.sh
  30. stackrc
  31. tests/
  32. tools/
  33. tox.ini
  34. unstack.sh