yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #17484
[Bug 1346778] [NEW] neutron policy can't match neutron keystone user
Public bug reported:
The policy.json keywords have no way to match the username of the
neutron keystone credentials. This is relevant because neutron is
overprivileged when it has an admin account. To solve this, a deployer
can give it an account with the service role instead of the admin role.
However, for this to work the deployer has to then modify the is_admin
rule in policy.json to hardcode in the user_name or user_id used by
neutron so it can promote that account to admin-level operations inside
of neutron.
** Affects: neutron
Importance: Undecided
Assignee: Kevin Benton (kevinbenton)
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1346778
Title:
neutron policy can't match neutron keystone user
Status in OpenStack Neutron (virtual network service):
In Progress
Bug description:
The policy.json keywords have no way to match the username of the
neutron keystone credentials. This is relevant because neutron is
overprivileged when it has an admin account. To solve this, a deployer
can give it an account with the service role instead of the admin
role. However, for this to work the deployer has to then modify the
is_admin rule in policy.json to hardcode in the user_name or user_id
used by neutron so it can promote that account to admin-level
operations inside of neutron.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1346778/+subscriptions
Follow ups
References