keystone/releasenotes/notes/bug-1547684-911aed68a0d3df17.yaml
Steve Martinelli 5e2cc88ce7 clean up release notes for ocata
Change-Id: I9f4d47518f1a1ab184d6cefb2b251aaad38e113a
2017-01-27 14:36:54 +00:00

30 lines
1.2 KiB
YAML

---
fixes:
- |
[`bug 1651989 <https://bugs.launchpad.net/keystone/+bug/1651989>`_]
Due to ``bug 1547684``, when using the ``policy.v3cloudsample.json``
sample file, a domain admin token was being treated as a cloud admin.
Since the ``is_admin_project`` functionality only supports
project-scoped tokens, we automatically set any domain scoped token to have
the property ``is_admin_project`` to ``False``.
[`bug 1547684 <https://bugs.launchpad.net/keystone/+bug/1547684>`_]
A typo in the ``policy.v3cloudsample.json`` sample file was causing
`oslo.policy` to not load the file. See the ``upgrades`` section for
more details.
upgrade:
- |
[`bug 1547684 <https://bugs.launchpad.net/keystone/+bug/1547684>`_]
A minor change to the ``policy.v3cloudsample.json`` sample file was
performed so the sample file loads correctly. The ``cloud_admin``
rule has changed from::
"role:admin and (token.is_admin_project:True or domain_id:admin_domain_id)"
To the properly written::
"role:admin and (is_admin_project:True or domain_id:admin_domain_id)"
Adjust configuration tools as necessary, see the ``fixes`` section for more
details on this change.