2b846515f3
This patch supports using domain scoped tokens against keystone v3. Use Cases: Cloud Admin - view and manage identity resources across domains Domain Admin - view and manage identity resources in the domain logged in User - view identity project in the domain logged in Regression: Supports keystone v2 through local_settings.py configuration Supports keystone v3 with multidomain = False Supports keystone v3 with mulitdomain = True Relates to https://review.openstack.org/#/c/141153/ Background on how to test is here https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow Co-Authored-By: Brad Pokorny <Brad_Pokorny@symantec.com> Co-Authored-By: Brian Tully <brian.tully@hp.com> Co-Authored-By: Michael Hagedorn <mike.hagedorn@hp.com> Co-Authored-By: woomatt <matt.wood@hp.com> Partially Implements: blueprint domain-scoped-tokens Closes-Bug: #1413851 Change-Id: Iaa19bfef9b0c70304ff81d083c62b218b2d02479
23 lines
937 B
YAML
23 lines
937 B
YAML
---
|
|
features:
|
|
- Added support for managing domains and projects when using Keystone v3.
|
|
Horizon now maintains a domain scoped token for users who have a role on a
|
|
domain, a project scoped token for users who have a role on a project, or
|
|
both a domain scoped token and project scoped token for users who have
|
|
roles on both.
|
|
- |
|
|
Domain management supports the following use cases:
|
|
|
|
* Cloud Admin - View and manage identity resources across domains
|
|
* Domain Admin - View and manage identity resources in the domain logged in
|
|
* User - View identity project in the domain logged in
|
|
|
|
other:
|
|
- |
|
|
Current limitations on managing identity resources with Keystone v3:
|
|
|
|
* Does not support role assignments across domains, such as giving a user
|
|
in domain1 access to domain2.
|
|
* Does not support project admins managing Keystone projects.
|
|
* Does not support hierarchical project management.
|