cpe-deployments/resources/keystone.yaml

# default rules
# https://docs.openstack.org/keystone/ussuri/configuration/policy.html

context_is_tenantLead: role:tenantLead

identity:update_user: (role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s) or (rule:context_is_tenantLead and project_id:%(target.project.id)s)
Update deployment for granularity * Add nova policy override for mimic * fine tuning of keystone override * segregate lma and landscape applications/relations * Add workaround for altname for interfaces * Update focal overlay to update and mimic * Add hosts file for addtion to local host 2022-11-01 20:51:17 +00:00			`# default rules`
			`# https://docs.openstack.org/keystone/ussuri/configuration/policy.html`

more fine tuning * Add the other hosts * Update keystone policy override to mimic default plus addition * nova policy extra line 2022-11-03 07:56:38 +00:00			`context_is_tenantLead: role:tenantLead`

			`identity:update_user: (role:admin and system_scope:all) or (role:admin and token.domain.id:%(target.user.domain_id)s) or (rule:context_is_tenantLead and project_id:%(target.project.id)s)`