Admin panel does not work in Horizon for custom role
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Committed
|
High
|
Paul Karikh | ||
5.0.x |
Won't Fix
|
High
|
Unassigned | ||
5.1.x |
Fix Committed
|
High
|
Paul Karikh | ||
6.0.x |
Fix Committed
|
High
|
Paul Karikh |
Bug Description
I'm making customizations of MOS 5.1 for a certain client, and one of their requests was to use Active Directory as Keystone's backend. The AD is read only.
They don't use default 'admin' role. They define their own name for the admin role (lets say 'customadmin').
After the modification of policy.json for all the services, CLI works fine. However, Horizon does not recognize 'customadmin' as admin.
Once user with role 'customadmin' authenticates, admin tab is missing. This issue is caused by hardcoded "openstack.
grep -Irl "openstack.
(See https:/
Once this command is executed, admin panel appears, though the user can't access any of it's entries (volumes, instances and so on). Horizon displays error message that says: "You do not have permission to access the resource".
Other cloud with all the same configuration except that it uses default 'admin' role name for the admin role, works like a charm.
Update: after a deep dive into horizon's code, I have a hack that allows to access these pages:
remove "admin=True" in the tenant_list() here:
https:/
But I'm sure, it can be solved a better way.
affects: | fuel → mos |
tags: | added: horizon |
Changed in mos: | |
assignee: | nobody → MOS Horizon (mos-horizon) |
Changed in mos: | |
assignee: | MOS Horizon (mos-horizon) → Paul Karikh (pkarikh) |
description: | updated |
Authorization issue is caused by hardcoded admin role name in django- openstack- auth: /github. com/openstack/ django_ openstack_ auth/blob/ master/ openstack_ auth/user. py#L262
https:/