← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #53612

[Bug 1600366] [NEW] Federated users cannot use heat

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Federated users cannot create heat stacks.

To reproduce:
Enable heat,
Sign into horizon using federation
Create a heat stack (errors out here)

My guess:
This is caused because federated users cannot perform trust delegation because they do not have any real roles associated with them (Although in other cases they somehow get the same roles as the group in the mapping and also the local user created after log in is not part of the group).

Work around:
1. list the users and find the federated user uuid that was created locally on the service provider after signing in
2. assign the heat_stack_owner role to the federated user uuid
3. should work now.

It would be nice if it worked out of the box without having to do the
work around.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1600366

Title:
  Federated users cannot use heat

Status in OpenStack Identity (keystone):
  New

Bug description:
  Federated users cannot create heat stacks.

  To reproduce:
  Enable heat,
  Sign into horizon using federation
  Create a heat stack (errors out here)

  My guess:
  This is caused because federated users cannot perform trust delegation because they do not have any real roles associated with them (Although in other cases they somehow get the same roles as the group in the mapping and also the local user created after log in is not part of the group).

  Work around:
  1. list the users and find the federated user uuid that was created locally on the service provider after signing in
  2. assign the heat_stack_owner role to the federated user uuid
  3. should work now.

  It would be nice if it worked out of the box without having to do the
  work around.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1600366/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next