[Bug 1651989] Re: domain admin token will be treated as cloud admin
Frode Nordahl
frode.nordahl at gmail.com
Fri Feb 3 15:20:29 UTC 2017
Running functional tests for charm-keystone with the above fix applied
with packages deployed from upstream master solves this bug for Ocata.
Running functional tests for charm-keystone with the above fix applied
with UCA Ocata packages on Xenial still has this bug.
So this bug still affects Zesty and UCA xenial-ocata.
** Also affects: cloud-archive
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1651989
Title:
domain admin token will be treated as cloud admin
Status in Ubuntu Cloud Archive:
New
Status in OpenStack Identity (keystone):
Fix Released
Status in keystone package in Juju Charms Collection:
In Progress
Bug description:
The new capability of is_admin_project is currently only supported for
projects. However, the existing code for token models will return
is_admin_project as True if the attribute has not been set. Hence
admin domain tokens might get interpreted as cloud admin tokens. This
is currently masked by a bug in our policy samples that do not
correctly check for is_admin_project.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1651989/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list