yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #91775
[Bug 2017695] Re: User assigned admin role gets 403 when querying various object types.
Re-assigning to the keystone identity package.
** Also affects: keystone
Importance: Undecided
Status: New
** Changed in: keystone (Juju Charms Collection)
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2017695
Title:
User assigned admin role gets 403 when querying various object types.
Status in OpenStack Identity (keystone):
Incomplete
Status in keystone package in Juju Charms Collection:
Invalid
Bug description:
Our users, having been assigned admin role on domain and projects in
that domain we're unable to query certain things via the openstack
CLI. Ex:
$ openstack user list
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-0c479c91-636d-4b74-b4d1-d18bd1ca4761)
$ openstack group list
You are not authorized to perform the requested action: identity:list_groups. (HTTP 403) (Request-ID: req-c10c217b-a730-4b8c-90f2-daad2d9dc4cb)
$ openstack domain list
You are not authorized to perform the requested action: identity:list_domains. (HTTP 403) (Request-ID: req-5b1d5007-f9dd-4149-bc1c-182f7a0c88b2)
$ openstack role assignment list
You are not authorized to perform the requested action: identity:list_role_assignments. (HTTP 403) (Request-ID: req-a10ff2cb-cb24-4447-b962-6e8b6bd8afd9)
I can view projects however... which is interesting. Our users are
granted admin on the domain and projects via group membership.
We're running keystone 17.0.1 in Ussuri.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2017695/+subscriptions