Disabling projects can lock the user out of the system
Bug #1046538 reported by
fuscata
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Tihomir Trifonov | ||
OpenStack Identity (keystone) |
Invalid
|
Medium
|
Unassigned |
Bug Description
If you disable all the projects to which the currently logged in user has access, this user will be locked out of the system.
If you're the only admin, the only remedy is to edit the datbase by hand e.g.:
update keystone.tenant set extra = '{"enabled": true, "description": "-"}' where name = 'admin';
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in horizon: | |
assignee: | Nebula (nebula) → Tihomir Trifonov (ttrifonov) |
status: | Confirmed → In Progress |
Changed in horizon: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | grizzly-1 → 2013.1 |
To post a comment you must log in.
Totally true. I've actually walked someone through fixing this problem before, because they did exactly that. It's one of those "the user should know better, but we can stop them from shooting themselves in the foot" scenarios.
It's worth noting that there's still nothing preventing the user from doing this to themselves via the command line or API. Perhaps Keystone might want to look at this issue as well.