horizon: enable multidomain support (#1845)

berendt · web-flow · commit 7286bd1b27f1 · 2023-11-20T16:19:34.000+01:00
Signed-off-by: Christian Berendt &lt;berendt@osism.tech&gt;
diff --git a/environments/kolla/configuration.yml b/environments/kolla/configuration.yml
@@ -80,6 +80,9 @@ octavia_network_type: tenant
 # designate
 designate_ns_record: openstack.testbed.osism.xyz
 
+# horizon
+horizon_keystone_multidomain: true
+
 # manila
 enable_manila_backend_cephfs_native: "yes"
 
diff --git a/environments/kolla/files/overlays/keystone/policy.yaml b/environments/kolla/files/overlays/keystone/policy.yaml
@@ -1,3 +1,4 @@
+---
 # classify domain managers with a special role
 "is_domain_manager": "role:domain-manager"
 
@@ -37,7 +38,7 @@
 "identity:create_project": "(rule:is_domain_manager and token.domain.id:%(target.project.domain_id)s) or rule:admin_required"
 "identity:update_project": "(rule:is_domain_manager and token.domain.id:%(target.project.domain_id)s) or rule:admin_required"
 "identity:delete_project": "(rule:is_domain_manager and token.domain.id:%(target.project.domain_id)s) or rule:admin_required"
-"identity:list_user_projects": "(rule:is_domain_manager and token.domain.id:%(target.user.domain_id)s) or rule:admin_required"
+"identity:list_user_projects": "(rule:is_domain_manager and token.domain.id:%(target.user.domain_id)s) or user_id:%(user_id)s or rule:admin_required"
 
 # allow domain managers to manage role assignments within their domain
 # (restricted to specific roles by the 'is_domain_managed_role' rule)
diff --git a/releasenotes/notes/horizon-multidomain-c840c1f09865c34c.yaml b/releasenotes/notes/horizon-multidomain-c840c1f09865c34c.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Horizon now has multi domain support enabled.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +features:
 +  - |
 +    Horizon now has multi domain support enabled.