← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #96016

[Bug 2067075] Re: Horizon Identity Domain Panel is broken in Caracal+

  Thread PreviousDate PreviousThread Next 
** Also affects: cloud-archive
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/2067075

Title:
  Horizon Identity Domain Panel is broken in Caracal+

Status in Ubuntu Cloud Archive:
  New
Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in horizon package in Ubuntu:
  Fix Released
Status in horizon source package in Jammy:
  Won't Fix
Status in horizon source package in Noble:
  New
Status in horizon source package in Oracular:
  New
Status in horizon source package in Plucky:
  Fix Released
Status in horizon source package in Questing:
  Fix Released

Bug description:
  Starting with Caracal release, Identity Domains Panel is broken, as it
  only ever lists that domain that the user belongs to.

  Devstack/Master, logged as admin (devstack-admin creds in
  /etc/openstack/clouds.yaml).

  With default Horizon settings, I only ever see Default domain, even if
  I manually create some more. And I do not have an option to create
  domains from UI as well. This is because AFAIU the ability to create
  domains is tied to OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT (False by
  default), which is waaay legacy IMO. This option is quite overloaded
  in Horizon code, but that's a different question.

  When I enable the OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT in my
  local_settings.py, I can create domains from UI, but I still can not
  see any other domain other than the domain of the user.

  I tracked it to this piece of code that replaces the scope to the domain one for admins
  https://opendev.org/openstack/horizon/src/branch/stable/2024.1/openstack_dashboard/api/keystone.py#L153-L163 ,
  plus a recent change in Keystone https://review.opendev.org/c/openstack/keystone/+/900028 that started forcing domain tokens to only be able to list their own domains.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2067075/+subscriptions

References

  Thread PreviousDate PreviousThread Next