Update Keystone core to Mitaka.

Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db
author: DUVAL Thomas <thomas.duval@orange.com> 2016-06-09 09:11:50 +0200
committer: DUVAL Thomas <thomas.duval@orange.com> 2016-06-09 09:11:50 +0200
commit: 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (patch)
tree: 8b8d94001ebe6cc34106cf813b538911a8d66d9a /keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
parent: a33bdcb627102a01244630a54cb4b5066b385a6a (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml b/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
new file mode 100644
index 00000000..a0c2b3bb
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
@@ -0,0 +1,14 @@
+---
+features:
+  - >
+    [`bug 96869 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
+    A pair of configuration options have been added to the ``[resource]``
+    section to specify a special ``admin`` project:
+    ``admin_project_domain_name`` and ``admin_project_name``.  If these are
+    defined, any scoped token issued for that project will have an additional
+    identifier ``is_admin_project`` added to the token. This identifier can then
+    be checked by the policy rules in the policy files of the services when
+    evaluating access control policy for an API. Keystone does not yet
+    support the ability for a project acting as a domain to be the
+    admin project.  That will be added once the rest of the code for
+    projects acting as domains is merged.
author	DUVAL Thomas <thomas.duval@orange.com>	2016-06-09 09:11:50 +0200
committer	DUVAL Thomas <thomas.duval@orange.com>	2016-06-09 09:11:50 +0200
commit	2e7b4f2027a1147ca28301e4f88adf8274b39a1f (patch)
tree	8b8d94001ebe6cc34106cf813b538911a8d66d9a /keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
parent	a33bdcb627102a01244630a54cb4b5066b385a6a (diff)