diff options
Diffstat (limited to 'keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml')
-rw-r--r-- | keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml b/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml new file mode 100644 index 00000000..a0c2b3bb --- /dev/null +++ b/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml @@ -0,0 +1,14 @@ +--- +features: + - > + [`bug 96869 <https://bugs.launchpad.net/keystone/+bug/968696>`_] + A pair of configuration options have been added to the ``[resource]`` + section to specify a special ``admin`` project: + ``admin_project_domain_name`` and ``admin_project_name``. If these are + defined, any scoped token issued for that project will have an additional + identifier ``is_admin_project`` added to the token. This identifier can then + be checked by the policy rules in the policy files of the services when + evaluating access control policy for an API. Keystone does not yet + support the ability for a project acting as a domain to be the + admin project. That will be added once the rest of the code for + projects acting as domains is merged. |