summaryrefslogtreecommitdiffstats
path: root/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
blob: a0c2b3bb7afa61b75fc02dc05cd6d7495efb63ce (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
---
features:
  - >
    [`bug 96869 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
    A pair of configuration options have been added to the ``[resource]``
    section to specify a special ``admin`` project:
    ``admin_project_domain_name`` and ``admin_project_name``.  If these are
    defined, any scoped token issued for that project will have an additional
    identifier ``is_admin_project`` added to the token. This identifier can then
    be checked by the policy rules in the policy files of the services when
    evaluating access control policy for an API. Keystone does not yet
    support the ability for a project acting as a domain to be the
    admin project.  That will be added once the rest of the code for
    projects acting as domains is merged.