OpenStack Dashboard (Horizon)

admin role must be called "admin"

Bug #1161144 reported by Jay Buffington on 2013-03-27

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	Wishlist	Paul Karikh

Bug Description

The admin panel hardcodes the name of admin role as "admin". A line like this exists in dashboards/admin/dashboard.py, dashboards/admin/instances/panel.py and dashboards/admin/overview/panel.py

permissions = ('openstack.roles.admin',)

I'm unable to call the name of the role admin since my keystone is integrating with a corporate LDAP that I don't completely control.

Can the name of the admin role be configurable?

There is a related bug in django_openstack_auth:
https://github.com/gabrielhurley/django_openstack_auth/issues/28

See original description

Tags:

Jay Buffington (jaybuff) on 2013-03-27

description:

updated

Gabriel Hurley (gabriel-hurley) on 2013-04-02

Changed in horizon:
importance:	Undecided → Wishlist
milestone:	none → havana-1
status:	New → Confirmed

Lin Hua Cheng (lin-hua-cheng) on 2013-04-19

Changed in horizon:
assignee:	nobody → Lin Hua Cheng (lin-hua-cheng)

Lin Hua Cheng (lin-hua-cheng) on 2013-04-24

Changed in horizon:
assignee:	Lin Hua Cheng (lin-hua-cheng) → nobody

Revision history for this message

termie (termie) wrote on 2013-04-24:

My proposal for this would be to have the has_perm call actually backend onto to the openstack policy stuff

https://github.com/gabrielhurley/django_openstack_auth/blob/master/openstack_auth/user.py#L180

Could basically use the policy brain to answer the question instead of hardcoded bits

Gabriel Hurley (gabriel-hurley) on 2013-05-21

Changed in horizon:
milestone:	havana-1 → havana-2

Gabriel Hurley (gabriel-hurley) on 2013-07-09

Changed in horizon:
milestone:	havana-2 → havana-3

Revision history for this message

Gabriel Hurley (gabriel-hurley) wrote on 2013-08-27:

We're getting closer on this with the work going into Havana for the common policy engine, but this isn't gonna be 100% fixed in H.

Changed in horizon:
milestone:	havana-3 → none

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-24: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/123741

Changed in horizon:
status:	Confirmed → In Progress

Paul Karikh (pkarikh) on 2014-09-25

Changed in horizon:
assignee:	nobody → Paul Karikh (pkarikh)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-27: Change abandoned on horizon (master)

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/123741
Reason: This review is > 4 weeks without comment and currently blocked by a core reviewer with a -2. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and contacting the reviewer with the -2 on this review to ensure you address their concerns.

Revision history for this message

Masco (masco) wrote on 2015-11-24:

removed the assignee since not active for long time.

Changed in horizon:
assignee:	Paul Karikh (pkarikh) → nobody
status:	In Progress → Confirmed

Revision history for this message

Paul Karikh (pkarikh) wrote on 2015-11-24:

@Masco my last patchset for this bug was uploaded on 13 Nov, my last comment in gerrit discussion of this patch was on Nov 19, so I'm not sure about "not active for long time". :)

OpenStack Infra (hudson-openstack) on 2016-01-26

Changed in horizon:
assignee:	nobody → Paul Karikh (pkarikh)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-18:

Change abandoned by David Lyle (<email address hidden>) on branch: master
Review: https://review.openstack.org/123741
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-01: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/123741
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=ce5fb26bf5f431f0cdaa6860a732338db868a8fb
Submitter: Jenkins
Branch: master

commit ce5fb26bf5f431f0cdaa6860a732338db868a8fb
Author: Paul Karikh <email address hidden>
Date: Tue Sep 30 14:53:21 2014 +0400

Remove admin role name 'admin' hardcode

    Because of hardcoding name as the 'admin' was impossible to
    use administrative panel with a custom administrative role name.
    This fix replaces hardcoding the name of the administrative role
    with RBAC policy check.

    DocImpact
    Related commit: https://review.openstack.org/#/c/123745/
    Change-Id: I05c8fc750c56f6f6bb49a435662e821eb0d6ba30
    Closes-Bug: #1161144

Changed in horizon:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-01: Fix proposed to horizon (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/323953

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-06-02: Fix included in openstack/horizon 10.0.0.0b1

#10

This issue was fixed in the openstack/horizon 10.0.0.0b1 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-20: Fix merged to horizon (stable/mitaka)

#11

Reviewed: https://review.openstack.org/323953
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=0a8b2062dbde7f1a69a5f6cff52fb4f6a6effe61
Submitter: Jenkins
Branch: stable/mitaka

commit 0a8b2062dbde7f1a69a5f6cff52fb4f6a6effe61
Author: Paul Karikh <email address hidden>
Date: Tue Sep 30 14:53:21 2014 +0400

Remove admin role name 'admin' hardcode

    DocImpact
    Related commit: https://review.openstack.org/#/c/123745/
    Change-Id: I05c8fc750c56f6f6bb49a435662e821eb0d6ba30
    Closes-Bug: #1161144
    (cherry picked from commit ce5fb26bf5f431f0cdaa6860a732338db868a8fb)