[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Corey Bryant
corey.bryant at canonical.com
Fri Dec 21 21:38:20 UTC 2018
I did a little more digging and I'm still not sure what the problem is.
I can create/delete users, groups, projects, domains, but not roles as
there are no buttons.
For OPENSTACK_KEYSTONE_BACKEND in local_settings.py we have:
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
The keystone v3 policy looks fine and I'm using a cloud admin (not a
domain admin, so this is not the same as bug 1775227):
"admin_required": "role:Admin",
"cloud_admin": "rule:admin_required and rule:domain_id:7b67d5a059154b45a5f4cb6f80310493",
...
"identity:get_role": "rule:admin_required",
"identity:list_roles": "rule:admin_required",
"identity:create_role": "rule:cloud_admin",
"identity:update_role": "rule:cloud_admin",
"identity:delete_role": "rule:cloud_admin",
# openstack commands to compare vs cloud_admin policy - truncated for
launchpad formatting
$ os domain list
+----------------------------------+----------------+
| ID | Name |
+----------------------------------+----------------+
| 7b67d5a059154b45a5f4cb6f80310493 | admin_domain |
+----------------------------------+----------------+
$ os user show admin
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 7b67d5a059154b45a5f4cb6f80310493 |
| email | juju at localhost |
| enabled | True |
| id | 70ffd1578204492b954792af2607bffd |
| name | admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ os role list
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 8a01a3463f584c34a5c56282a90b53a7 | Admin |
+----------------------------------+---------------+
$ os role assignment list -f json
...
{
"Role": "8a01a3463f584c34a5c56282a90b53a7",
"User": "70ffd1578204492b954792af2607bffd",
"Group": "",
"Project": "",
"Domain": "7b67d5a059154b45a5f4cb6f80310493",
"System": "",
"Inherited": false
},
...
Static assets are collected and compressed and apache2/memcached
restarted.
I've been testing with the Ubuntu package so I'll have to test this with
upstream and see what is different.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1792783
Title:
Cannot update Identity Roles in Rocky
Status in Ubuntu Cloud Archive:
Triaged
Status in Ubuntu Cloud Archive rocky series:
Triaged
Status in OpenStack Dashboard (Horizon):
Incomplete
Status in horizon package in Ubuntu:
Triaged
Status in horizon source package in Cosmic:
Triaged
Bug description:
In Rocky, there's no way to create, edit, delete Identity Roles.
Please see attached screenshots comparing Queens and Rocky.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list