a2e307ed4d
With the removal of KeystoneToken from the token model, we longer have the ability to use the token data syntax in the policy rules. This change broke backward compatibility for those is deploying customized Keystone policies. Unfortunately, we can't go back to KeystoneToken model as the change was tightly coupled with the other refactored authorization functionalities. Since the scope information is now available in the credential dictionary, we can just make use of it instead. Those who have custom policies must update their policy files accordingly. Change-Id: I83eae5c390d720da05e91264519ae01e8ca32159 closes-bug: 1810983
To generate the sample keystone.conf and keystone.policy.yaml files, run the
following commands from the top level of the keystone directory:
tox -egenconfig
tox -egenpolicy
For a pre-generated example of the latest files, see:
https://docs.openstack.org/keystone/latest/configuration/samples/index.html