Update git submodules
* Update keystone from branch 'master' to 7dc175a41f92e3f01cf26912431d0f2c98a03b32 - Normalize policy checks for domain-scoped tokens This patch fixes an inconsistency in the policies for role_assignment where the target object used for policy enforcement was being created with different properties depending on the request query string. This required policies to be written in two differnt ways to validate domain IDs for domain-scoped requests. e.g. checking for domain reader was using both: role:reader and domain_id:%(target.domain_id)s and role:reader and domain_id:%(target.project.domain_id)s With the former only being populated for GET /v3/role_assignments and the latter only being populated for GET /v3/role_assignments?scope.project.id=SOME_ID This patch fixes the target object so that only target.domain_id needs to be checked for domain-scoped tokens. Change-Id: Iffbe11c57c61bbd1b045a6567a9249c12dff403c
This commit is contained in:
parent
18e8e80aaf
commit
3c5d1bf663
2
keystone
2
keystone
|
@ -1 +1 @@
|
|||
Subproject commit db0ff104763b6da4d661bf0c5cc9814ea3f18fc8
|
||||
Subproject commit 7dc175a41f92e3f01cf26912431d0f2c98a03b32
|
Loading…
Reference in New Issue